[Owasp-board] Spring Of Code application

Eoin eoin.keary at owasp.org
Mon Mar 5 10:37:20 UTC 2007


hi,
I would like to be considered for the Spring of Code. I am proposing that I
complete the OWASP Code review guide during this period.
The code review guide was started by me in 2005 and has much information on
reviewing code for common vulnerabilities. It is frequently accessed
(looking at the stats on the OWASP site) and therefore is useful to
practitioners.

I used to head up the code review team as part of the application security
group in fidelity investments and have 5+ years of the secure code review
process.
I also was the lead of the Testing guide until V2 was published via the
Autumn of Code.

I believe the code review guide is an integral part of the OWASP BOK (Body
of Knowledge). Ensuring secure development is key to secure applications and
code review is of paramount importance in this domain.

There are many sections still to be added and more to be readjusted and
rewritten to reflect the current state of the security world.
Much needs to be written on Web 2.0 technologies and distributed B2B
technologies such as Webservices.

The Code review process and procedure needs also to be covered. A guide to
establishing a mature code review process also needs to be done.
Code review methodologies also need to be discussed.

I have been involved in OWASP projects for 2/3 years now and have always
been an active contributor.

Looking forward to hearing from you.

Eoin




-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070305/70c7506a/attachment-0002.html>


More information about the Owasp-board mailing list