Category:OWASP Application Security Metrics Project

Revision as of 20:19, 30 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ pbsafrica ] links [ play station 2 grandtheftautovicecity.htm ] [ australia fishing championship ] [ south african zulu tribe ] autopsy picture of tupac shakur [ gay man south africa ] [ golf holiday australia ] [ what is antivirus program ] page [ australian meals made through the gold rush ] [ auction auto parkville ] 4 asian girl life site [ caucasian ovtcharka breeders ] [ phillips lighting australia ] [ i run my antivirus and the computer shuts down ] [ african american books for children ] [ coffee maker with auto shut off ] [ download norton antivirus 2005 full software ] [ australia map new zealand ] [ auto carl caspers show ] [ artificial lawn australia ] [ antivirus realtime protection failed to load ] antivirus firewall software [ avast antivirus pro serial ] [ auto expo 2004 ] professionals real estate western australia [ time difference australia ] [ auto rental hunters edmonton ] [ corporate antivirus software review ] [ asian american family counseling center houston ] [ australian open womens final winner ] [ mac affee antivirus ] [ australian in the olympics in badminton ] [ somalia africa ] domain [ automation laboratory robotics ] [ melbourne australia accommodation ] auto copart sale [ 0824519957 asian exec obidos ] australian [ struggles of african americans ] [ semantic antivirus software ] [ african writer series ] [ african orchids impatients ] australian journal of rural health [ anastasia hotel protaras cyprus ] [ asquared antivirus ] [ auto accessory catalogs ] link

Welcome to the Application Security Metrics Security Project

This OWASP Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfill unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline.

Project Guiding Principles:

The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.

  • Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
  • Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
  • In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
  • Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”

Comments to the editor or endorsements are welcome.

Project Scope:

In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.

Feedback and Participation:

We hope you find the OWASP Application Security Metrics Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to To join the OWASP Application Security Metrics Project mailing list or view the archives, please visit the subscription page.

Project Contributors:

If you contribute to this Project, please add your name here Project Lead:

  • Bob Austin of KoreLogic Security. He can be reached at


  • Cliff Barlow, KoreLogic Security
  • James McGovern, The Hartford


This category has only the following subcategory.

Pages in category "OWASP Application Security Metrics Project"

The following 2 pages are in this category, out of 2 total.