[Esapi-dev] NSA to perform ESAPI review

Jeff Williams jeff.williams at owasp.org
Mon Jun 14 14:03:17 EDT 2010



The NSA has offered to perform an in-depth security review of ESAPI and make
the results available. For those who don't have much experience with the
NSA, a major part of their mission is defense.  In the past, they supported
the National Computer Security Conference, created the Rainbow Series, and
sponsored the SSE-CMM.  More recently they've been involved in SCAP and


They have a team that is very experienced in cryptography and application
reviews lined up already and they will be starting their work very soon.
They are going to focus on the Java ESAPI version first, and may support
other language versions when they're ready - meaning their crypto is at
least up to the Java 2.0 level.  Their initial estimate is that the review
will take several months to complete.


I'm extremely excited about this development, and I'll keep you posted on
their progress.




Jeff Williams, Chair

The OWASP Foundation


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20100614/ba4df0e2/attachment.html 

More information about the Esapi-dev mailing list