OWASP Integration Standards

Motivation

The needs and desires of application security engineers are blooming day by day. In response to their needs, plenty of projects are surfacing. Each of these projects fulfill a given need in the SDLC flow (e.g. threat modeling, security tests, etc.).

These projects have no standards to handle data from and to other projects, thus, leaving them as a project that fulfills a single functionality in the SDLC, and doesn’t provide any way to link it to other parts of the lifecycle.

This project’s vision is to set in place a way for integration to occur between OWASP projects and other projects in the SDLC.

Project roadmap

The below is a rough estimation as it is dependent on other projects’ time and availability.

  • End of Q4 2019: Design Phase deliverables for OWASP projects integration.
  • Start of Q1 2020: documents detailing how mature projects should start working to allow proper integration with other tools.
  • Start of Q2 2020: Review and have a retrospective session with the project leaders to identify how well the integration planning took into consideration their needs.
  • End of Q2 2020: Launch a new cycle for the project in order to tackle identified issues and to identify standards that could fit the projects on a wider scope, and not only for mature projects.

The roadmap will be adjusted as the project moves forward.

The end goal would be to create a set of rules for any project under a category of the SSDLC (e.g. Release, Build, etc.) to be able to communicate with other projects from other categories, no matter the company nor the product.