[Global_industry_committee] [GPC] OWASP inquiry

Jason Li jason.li at owasp.org
Tue Nov 1 23:50:16 EDT 2011


Kate,

With respect to the first question about language and frameworks, I believe
this question is more appropriately addressed by members of our community
at large.

It's an extremely broad question with no definitive answer, and certainly
not an "official OWASP" answer. In fact, I would encourage us as an
organization to work on a platform (as per the draft of the Board's
strategic vision) to enable people to ask the OWASP community at large
(e.g. StackOverflow, forums, etc). I don't believe these types of questions
are suited for a "definitive" answer "on behalf" of OWASP, nor do I think
we should be in the habit of answering support questions like these from an
"official" OWASP capacity.

Speaking personally, a framework like the OWASP ESAPI project is a
potential building block for an application that can serve as a reference
model for what "should" be provided by *security* frameworks. There are a
host of documentation projects that talk about application security
principles that might be relevant (e.g OWASP Development Guide, OWASP
Secure Coding Practices - Quick Reference Guide, OWASP Application Security
Desk Reference, OWASP Application Security Verification Standard, etc).

As to the second question about prevalence in industry, I believe that
question may be better addressed by the Industry Committee?

-Jason

On Mon, Oct 31, 2011 at 1:46 PM, Kate Hartmann <kate.hartmann at owasp.org>wrote:

> Committee, we received the following inquiry through the portal.  Is there
> any particular direction you would point Mr. Scannnell?****
>
> ** **
>
> What attributes should we look for in a language or a framework to develop
> secure applications?  For example I'd have thought that a compiled
> application is more secure than a scripted one, the ability to do logging
> out of the box.... Do you have any stats on what languages & frameworks are
> prevalent in the industries where security is prevalent ( Government,
> Finance, health etc...) or indeed by the application type ( personal data,
> blogs....etc)****
>
> ** **
>
> Thank you.****
>
> ** **
>
> Kate Hartmann****
>
> Operations Director****
>
> 301-275-9403****
>
> www.owasp.org ****
>
> Skype:  Kate.hartmann1****
>
> ** **
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20111101/05936f1b/attachment.html 


More information about the Global_industry_committee mailing list