Creative Commons Blurb OpenSAMM for the Masses: A Case for Cooperation Justin John B. Supporting...
-
Upload
griselda-anthony -
Category
Documents
-
view
215 -
download
0
description
Transcript of Creative Commons Blurb OpenSAMM for the Masses: A Case for Cooperation Justin John B. Supporting...
Creative Commons Blurb
OpenSAMM for the Masses: A Case for Cooperation
Justin Clarke, @connectjunkieJohn B. Dickson, @johnbdickson
Supporting Cast:Dan Cornell & Brian Glas
Creative Commons Blurb
Top Things You Did Not Know about Texas
• The distance from El Paso to Beaumont is roughly the same distance as….
Creative Commons Blurb
Top Things You Did Not Know about Texas
• The distance from El Paso to Beaumont is roughly the same distance as Dublin to Stuttgart (740m)
Creative Commons Blurb
Bit further to New Zealand though…
Creative Commons Blurb
Top Things You Did Not Know about Texas
• the 1888 Texas Capitol surpasses the National Capitol in height, rising almost 15 feet above its Washington counterpart
Creative Commons Blurb
Top Things You Probably Did Not Know about Texas
• Texas is the only state to have been an independent country
Creative Commons Blurb
Top Things You Did Not Know about Texas
Cool Hat Cool Hat
Snake Guards Common Gardening Tools Machete
Guy who has a machete and who is actually good at “catching” snakes
© Copyright 2014 Denim Group - All Rights Reserved
Creative Commons Blurb
Meanwhile, in New Zealand
Creative Commons Blurb
Why?
• AppSec Suboptimality• No data – a deal killer• Closed Model…• Client vendor independence• The need for more industry impact• Executives want comparative data
Creative Commons Blurb
What?
• Solve Data Contribution Problem• New Data Scheme & DB• Anonymization & Trust Model• Who contributes and Roles
• Identify an Independent Data Host• Addressed the need for team-based
data• Help Drive Wider Industry
Acceptance
Creative Commons Blurb
How
• Small Working Group• 9 month effort
• Meetings in Cambridge, NYC• Weekly calls since Jan 1, 2015
• Contributions over questions• Outreach and engagement w/
contributing data source
Creative Commons Blurb
Who?
• Coalition of the Willing:• Aspect Security• AsTech Consulting• Denim Group• Gotham Digital Science• Security Innovation• Veracode
Creative Commons Blurb
Who?
• Brian Glas, John Pavone, Aspect Security• Greg Reber, Steve Wolf, AsTech
Consulting• Dan Cornell, John Dickson, Denim Group• Justin Clarke, Gotham Digital Science• Ed Adams, Zak Dehlawi, Danny Harris,
Security Innovation• Jasmine Noel, Veracode
Creative Commons Blurb
What?
Creative Commons Blurb
Data Model – High Level
• Public vs Private• Public data contributed, with random
identifiers for• Organization the data relates to• Team within that organization• Organization that performed the assessment
• Private data – not contributed• Maintained by assessor
Creative Commons Blurb
Data Model – High Level (cont)
• Granularity• Organization versus Team
• Organization / Team Metadata• Employee/Developer/DevSec count
(ranges) (team and org)• Sector (org)• Region (org)
Creative Commons Blurb
Data Model – High Level (cont)
• Differing depths of data supported• Crowd sourced versus centrally sourced• Inclusive, not exclusive• Quality of data
• Give you what you need to make your own decisions
Creative Commons Blurb
What Analysis?
• Ask comparative sector questions• “I’m a 1+ in this practice – what are
other organizations similar to me?”• Validate transformation plans,
support existing plans• “We’re looking to be leaders in this
practice. We will be ahead of the market”
• Find specific maturities within teams/orgs
Creative Commons Blurb
Next Steps?
• Short-term• Publish Press Release, FAQ, Principles After
Summit• Mid-term
• Finalize Initial Data Sets• Publish on Data at Independent Host• Sign up new Contributors (Expand the
“Coalition of the Willing”)• Long-term
• OpenSAMM 2.0?
Creative Commons Blurb
Questions and Answers
• Justin Clarke, @connectjunkie• John B. Dickson, @johnbdickson
• Dan Cornell, @danielcornell• Brian Glas, @infosecdad