Outcomes/Deliverables
The outcomes of our SAMM working sessions are:
- Processed feedback on Alpha version of SAMMv2 Core Model outline (tracked with GitHub Issues)
- Got feedback/integrated from the DevSecOps maturity model folks
- Had input from Jeff Williams on an DevOps version of SAMM
- Got review/input from DevSecOps SME (Timo) for the implementation business function
- Defined a draft source markdown structure of the model
- Create a beta (improved) SAMMv2 Core Model outline (without activity details)
- First publication to a Hugo based website of the model
- Plan for six two-week writing sprints detailing the Core Model activities (five activity streams per sprint)
- Planned a SAMM Summit in the US mid-October
- More contributors joined the project team (John Dileo, Chris Cooper)
- Extracted a markdown version of SAMMv1.5 (from the PDF) - Becky
- Got a publication workflow from markdown to PDF / ePub - Sherif
Synopsis and Takeaways
Key takeaways:
- Face to face summits are great to discuss and solve core model questions
References
- SAMM Session pages
- Updated model: https://github.com/OWASP/samm/tree/master/v2.0/beta
- New owaspsamm.org website with model: https://owaspsamm.org
- Trello board with sprints: https://trello.com/b/bpB99ULp/samm
- Markdown version of SAMMv1.5: https://github.com/OWASP/samm/blob/master/v1.5/MarkDown/SAMM-1.5.md
- Workflow to create book versions: https://github.com/OWASP/samm/blob/master/v1.5/MarkDown/Owasp-Books.md
Additional/External References
- SAMM on OWASP Wiki: https://www.owasp.org/index.php/OWASP_SAMM_Project
- SAMM on GitHub Pages: https://github.com/OWASP/samm