[Esapi-user] [Esapi-dev] NSA to perform ESAPI review

Chris Schmidt chrisisbeef at gmail.com
Mon Jun 14 16:02:23 EDT 2010


I am sure the Illuminati would run far more efficiently and securely if they
used ESAPI... just sayin... :D



On Mon, Jun 14, 2010 at 1:51 PM, Rui Nascimento <mataleao.z at gmail.com>wrote:

> Congratulations Jeff,
>
> Really great news for you and for who use ESAPI.
>
> May be the next step is ESAPI to be part of a Dan brown´s book  : D
> * *
>
>
> On Mon, Jun 14, 2010 at 3:03 PM, Chris Schmidt <chrisisbeef at gmail.com>wrote:
>
>> This is awesome news! Great job, Jeff, Jim, and Kevin on getting this
>> going - I look forward on hearing all the details as they get into the code
>> review.
>>
>> Not everyday that someone can say that their code has been reviewed by the
>> National Security Agency. :)
>>
>> On Mon, Jun 14, 2010 at 12:03 PM, Jeff Williams <jeff.williams at owasp.org>wrote:
>>
>>>  All,
>>>
>>>
>>>
>>> The NSA has offered to perform an in-depth security review of ESAPI and
>>> make the results available. For those who don’t have much experience with
>>> the NSA, a major part of their mission is defense.  In the past, they
>>> supported the National Computer Security Conference, created the Rainbow
>>> Series, and sponsored the SSE-CMM.  More recently they’ve been involved in
>>> SCAP and SE-Linux.
>>>
>>>
>>>
>>> They have a team that is very experienced in cryptography and application
>>> reviews lined up already and they will be starting their work very soon.
>>> They are going to focus on the Java ESAPI version first, and may support
>>> other language versions when they’re ready – meaning their crypto is at
>>> least up to the Java 2.0 level.  Their initial estimate is that the review
>>> will take several months to complete.
>>>
>>>
>>>
>>> I’m extremely excited about this development, and I’ll keep you posted on
>>> their progress.
>>>
>>>
>>>
>>> --Jeff
>>>
>>>
>>>
>>> Jeff Williams, Chair
>>>
>>> The OWASP Foundation
>>>
>>>
>>>
>>> _______________________________________________
>>> Esapi-dev mailing list
>>> Esapi-dev at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/esapi-dev
>>>
>>>
>>
>>
>> --
>> Chris Schmidt
>>
>> OWASP ESAPI Developer
>> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>>
>> Check out OWASP ESAPI for Java
>> http://code.google.com/p/owasp-esapi-java/
>>
>> OWASP ESAPI for JavaScript
>> http://code.google.com/p/owasp-esapi-js/
>>
>> Yet Another Developers Blog
>> http://yet-another-dev.blogspot.com
>>
>> Bio and Resume
>> http://www.digital-ritual.net/resume.html
>>
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>>
>


-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100614/55180cbc/attachment.html 


More information about the Esapi-user mailing list