Archive for April, 2009

SAMM helps with real software development

The Real Software blog by Jim Bird has a good post about how his software security assurance program has evolved over time, and now, SAMM is helping out. Give it a read here.

1 Comment

SEP-001 Extract content into editable format

Description: Several users and many organizations have requested the SAMM content in an editable format. This facilitates content editing and is a core requirement for translation of SAMM into other languages. The solution must also allow for easy integration of edits back into the layout/publish workflow.

Owner(s): Pravir Chandra

Estimated completion: 2009-05-11

Updates:

  • 2009-04-22 – Looked into using XML-based content. This can allow SAMM content to be separated from the graphic layout, thereby cleaning up the workflow a bit. More over, it will also simply translations into other languages as well. Perhaps the biggest win is that applications and tools could also programmatically include SAMM content. So far, this seems the best option.

No Comments

The SAMM enhancement process

Since release of the 1.0, I’ve received a huge amount of email from volunteers and supporters. It quickly became evident that we’d need to adopt a lightweight process for managing future community contributions. Today, we’ve put the straw-man process up. Like everything, its mechanics are up for discussion, so just hit the mailing list if you’ve got strong feelings.

The process is based around the concept of a SAMM Enhancement Proposal (SEP). Each should represent a logical change or addition to the SAMM material. And, each SEP is numbered so that we can sanely discuss and debate the pros/cons of the proposed change.

Overall, the master plan is to have volunteers send ideas to the mailing list first, and then after initial discussion, we’ll create a SEP for tracking and posterity. The website has been updated to reflect this process under the Roadmap tab.

,

No Comments

Hardcopies available on Lulu.com

lulu.comIn preparation for the upcoming OWASP conference in Poland, we were asked to help get the 1.0 release up on Lulu.com so that a copy can be printed for each attendee! So, we’ve put up the SAMM 1.0 release and it’s now available for purchase. That means you can purchase professional hardcopies, delivered right to your door, which is pretty handy. Even though I’m partial to the color version, there’s a more economical black & white version available too.

,

No Comments