-
-
The OWASP CycloneDX community has been working hard over the last three months to provide a way for the standard to represent:
- standards
- requirements
- attestations
- claims
- evidence
- ...…
-
Decide if the link intermediate layer 'Open Security Information Base' becomes an individual project
-
This issue will guide us trough the growing backlog, user requests and releases.
Note: [This is project](https://github.com/guidesmiths/cybersecurity-handbook/projects/1) that helps us to follow t…
-
We know that ASVS is for Web Apps, but how far do we go? Do we include DevOps principles? infrastructure management? Laptop security?
-
Additional external references are planned and include:
- attestation
- Human or machine readable attestation
- threat-model
- Current threat model, DFD, etc, including any human readable mo…
-
Every component and/or pedigree should support how the component was made, not only what the component is or its dna.
For high assurance use cases, it is important to document how software is crea…
-
The [diagram][1] showing an overview of the model on the [about page](https://owaspsamm.org/about/) ist using a completely different color scheme then the one established previously in the (Excel or G…
-
The "Learn More" link in the cookie consent banner on the OWASP SAMM website leads to a 404 page at the moment.
![image](https://user-images.githubusercontent.com/8909779/183405986-c6704baf-3c6e-4…
-