Quick update. It has been a long time since the core team provided any significant updates for OSA. We are still interested in developing the ideas in this project and have been discussing moving to a modern platform and workflow.
In the 10+ years since this site was created the world has changed. Open Source has become a standard part of the world, and runs the majority of the worlds critical systems. The way we build and operate systems has changed with a move to CI/CD workflows and cloud environments. Security threats have increased dramatically and we have moved as an industry to focusing on detection and response. The overall importance of information and cyber security has increased as we predicted here.
Some things have stayed the same. NIST 800-53 remains a strong framework for security control specification and design activity, and has been supplemented by the NIST cyber security framework which is becoming the pre-eminent framework to use in many industries. We still don't have a consistent industry framework for security architecture but there are very promising signs from a number of areas. We'll be back on this topic soon.