Starting an OWASP Project (That’s Not a List!) - Grant Ongers - ASW #272

We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/pscf https://prods.ec/...

We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org.

Segment Resources:

• https://owasp.org/www-project-product-security-capabilities-framework/
• https://github.com/OWASP/pscf
• https://prods.ec/
• https://owaspsamm.org
• https://iso25000.com/index.php/en/iso-25000-standards/iso-25010
• https://www.scmagazine.com/podcast-episode/application-security-weekly-242

Show Notes: https://securityweekly.com/asw-272