Roadmap

Current release 12_02

The figure below shows the high level goals we have for the 13-14 releases. Think we should be more ambitious? We welcome your comments. If you register we'll notify you when new patterns are published

We aim for a major release on a yearly basis to allow time for new patterns to be developed and stabilize. The constant focus will be on extending pattern coverage as we believe this is the core value OSA provides. However we hope to find time to put together a decent threat catalogue, extend the control catalog with tests and mappings to common standards, and develop a solid frameworks so you can easily use in your environment.

Please find details for the specific releases we have planned in the list below. The naming convention is Year_Month.

Release 08_02_Alpha

  • Basic pattern modules completed and loaded to site.
  • Definitions for common terms.
  • Explanation for OSA.
  • Site infrastructure and content management system in place.
  • 2-5 common patterns completed for representative industries (patterns should include implementation guidance for that industry).

Release 08_02 Beta 1

  • Embedded hyperlinks in SVG patterns back to controls catalogue.
  • Discussion forum
  • OSA user personas described including the benefits that they perceive.
  • Confirm roles for actors- base upon standard e.g. ITIL.
  • Tutorial on how to write a pattern
  • Improved site based on feedback.

Release 08_02

  • Initial threat catalog. (considered but rescheduled to 09)
  • Initial patterns refined and quality assured.
  • Tests added to catalog. (considered but rescheduled to 09)

Release 09

  • Control catalog mapped against other standards e.g. ISO 17799, ISF SOGP, COBIT
  • Initial threat catalog (rescheduled pending demand for this artefact)
  • Increased number of patterns covering financial, manufacturing, pharmaceutical, IT verticals.
  • Comment module installed and tested (rejected)
  • Confirm life cycle to set context for OSA, e.g. SDLC, ITIL, COBIT.

Release 10/11

  • Consider addition of jurisdiction mappings e.g. FSA, SB1386, Privacy laws etc...
  • Increased number of patterns covering financial, manufacturing, pharmaceutical, IT verticals.
  • Additional foundation articles on security basics such as authentication, authorisation, encryption, monitoring, coding, testing...
  • How to use guide plus templates for standard security architecture artifacts (so you can quickly use OSA in your work).
  • Risk based checklists for common scenarios
  • Collaborative working infrastructure for community defined and possibly implemented.