[Owasp-board] OWASP ISWG - Status Report for 11/08

Dave Wichers dave.wichers at owasp.org
Wed Dec 17 14:44:37 UTC 2008


All,

 

Below is Arshan's status report for the ISWG for Nov. All the status reports
are now on the wiki (see below).

 

-Dave

 

From: Arshan Dabirsiaghi 
Sent: Tuesday, December 16, 2008 7:39 PM
To: Dave Wichers
Cc: Noelle Hardy; Jeff Williams
Subject: RE: OWASP ISWG - Status Report for 11/08

 

Done.

 

https://www.owasp.org/index.php/Category:Intrinsic_Security_Working_Group#20
08

 

  _____  

From: Dave Wichers
Sent: Tue 12/16/2008 1:47 PM
To: Arshan Dabirsiaghi
Subject: RE: OWASP ISWG - Status Report for 11/08

Do you think it would be appropriate to put all these status reports on the
wiki? Rather than simply an e-mail chain?

 

-Dave

  

From: Arshan Dabirsiaghi 
Sent: Tuesday, December 16, 2008 11:21 AM
To: Jeff Williams; Dave Wichers; Noelle Hardy
Subject: OWASP ISWG - Status Report for 11/08

 

The goals for November included publishing the working documents initially
produced during the OWASP EU Summit working group sessions. Unfortunately, I
was too busy this quarter to find the time to make those materials ready for
public consumption. This is a priority goal for the December/January time
period.

 

Another goal of the month of November was to clear up the group charter.
After some thought, I think the charter of the group should be to:

1.	Contribute our security knowledge towards standards organizations

2.	Act as a consumer awareness group for web application frameworks
security mechanisms and browser security features 

3.	Serve as a platform for OWASP members who want to affect change at
any of the building blocks in today's or tomorrow's web applications 

It's simple and limited, and I think that's all that we can really expect.
Realistically, the browsers all have strong security teams dealing with
today's problems, and I think there's a niche for OWASP to fill in looking
at the future for them and the community.

Also, in November a discussion on the board between members led to the
creation of a Google group aiming to create an HTTPOnly standard for browser
makers to follow. We are now as a group making a first cut at a standard
after some deliberation, and have been in discussion with some browser
vendors for feedback. This is an extremely positive and global effect.

 

Finally, in November I participated in the ESAPI as a representative of the
ISWG.

 

The goals of December/January include:

*	Formalizing the documents from the EU Summit and publish them 

*	Follow up with HTTPOnly work 

 

Thanks,
Arshan 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081217/2eda8931/attachment-0002.html>


More information about the Owasp-board mailing list