[Owasp-defenders] Welcome to the Defenders Community

Michael Coates michael.coates at owasp.org
Tue Mar 1 11:47:19 EST 2011


All,

I'm excited to get the OWASP Defenders Community moving.  The goal of the
community concept within OWASP is to create a group of people with similar
expertise to advance an area of application security. The three current
communities include builders, breakers, and defenders.

As the Defender community, our goal is to create high quality OWASP tools,
projects, processes etc that can be immediately used by organizations to
bolster the defensive capabilities of their applications.  This is different
from the builders community in the sense that, as defenders, we are working
with an application that has already been through a secure development
process and testing. The goal is to now defend this application as it is
publicly deployed and subjected to the constant stream of generic and
targeted attacks.

*What types of projects fit into the Defenders Community?*
AppSensor
ModSecurity
Log Analysis Tools for attack detection
Secure deployment guidelines for WebServers
Secure configuration guides for SSL


*What's next?*
A secondary goal of the community concept is to eliminate the "fluff" within
the OWASP website. By this, I mean that each community will need to vouch
for the quality and accuracy of projects that are "official" community
projects.  So, our first step as the Defenders community is to review the
available OWASP projects and determine which projects fall into our domain.


*ACTION ITEM (all)* Please look at the release and beta project pages and
respond with the names of any projects you feel are related to the defenders
community. After we have this list we will analyze the quality of those
projects and determine what steps should be taken next.

http://www.owasp.org/index.php/Category:OWASP_Project

*The Community*
The last thing I want to mention is that another goal of the community
concept is to bring credibility to OWASP projects.  Many corporations are
hesitant to adopt OWASP projects since they don't know if the project is a
random idea or a fully developed project with support.  By building the
community contact page we are adding a level of quality and commitment to
our effort. It doesn't address the entire issue, but its a step in the right
direction.

http://www.owasp.org/index.php/Defenders#tab=The_Community

*ACTION ITEM (all) *Please email me your photo and info if you are not up
there or your info is not complete.



Michael Coates

http://DefendTheApp.com <http://defendtheapp.com/>
http://michael-coates.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-defenders/attachments/20110301/61df1a87/attachment.html 


More information about the Owasp-defenders mailing list