[Esapi-user] [Esapi-dev] NSA to perform ESAPI review
chrisisbeef at gmail.com
Mon Jun 14 14:03:38 EDT 2010
This is awesome news! Great job, Jeff, Jim, and Kevin on getting this going
- I look forward on hearing all the details as they get into the code
Not everyday that someone can say that their code has been reviewed by the
National Security Agency. :)
On Mon, Jun 14, 2010 at 12:03 PM, Jeff Williams <jeff.williams at owasp.org>wrote:
> The NSA has offered to perform an in-depth security review of ESAPI and
> make the results available. For those who don’t have much experience with
> the NSA, a major part of their mission is defense. In the past, they
> supported the National Computer Security Conference, created the Rainbow
> Series, and sponsored the SSE-CMM. More recently they’ve been involved in
> SCAP and SE-Linux.
> They have a team that is very experienced in cryptography and application
> reviews lined up already and they will be starting their work very soon.
> They are going to focus on the Java ESAPI version first, and may support
> other language versions when they’re ready – meaning their crypto is at
> least up to the Java 2.0 level. Their initial estimate is that the review
> will take several months to complete.
> I’m extremely excited about this development, and I’ll keep you posted on
> their progress.
> Jeff Williams, Chair
> The OWASP Foundation
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
OWASP ESAPI Developer
Check out OWASP ESAPI for Java
Yet Another Developers Blog
Bio and Resume
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user