https://owasp.slack.com/archives/C0VF1EJGH/p1553270328032500
Consider using the word "review" instead of the word "audit" in certain practices/guidance areas as audit has a very specific meaning to many in security. Audits typically refer to official inspections performed by independent bodies, and in many cases, I believe the "audits" referenced in SAMM would occur but not be conducted by an external auditor.
https://owasp.slack.com/archives/C0VF1EJGH/p1553270328032500 Consider using the word "review" instead of the word "audit" in certain practices/guidance areas as audit has a very specific meaning to many in security. Audits typically refer to official inspections performed by independent bodies, and in many cases, I believe the "audits" referenced in SAMM would occur but not be conducted by an external auditor.