[Owasp-germany] WG: [Owasp-leaders] OWASP released Statement on the Security of the Internet - share the news with your chapters and in your countries

Tobias Glemser tobias.glemser at owasp.org
Wed Jan 29 12:39:58 UTC 2014


Hallo Liste,

anbei die Nachricht zum "Statement on the Security of the Internet":
http://owasp.blogspot.com/2014/01/owasp-statement-on-security-of-internet.ht
ml

Beste Grüße

Tobias Glemser
OWASP German Chapter Lead 


> -----Ursprüngliche Nachricht-----
> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
> bounces at lists.owasp.org] Im Auftrag von Tobias
> Gesendet: Mittwoch, 29. Januar 2014 13:11
> An: owasp-leaders at lists.owasp.org
> Betreff: [Owasp-leaders] OWASP released Statement on the Security of the
> Internet - share the news with your chapters and in your countries [ Z1
> UNGESICHERT ]
> Wichtigkeit: Hoch
> 
> Hi dear fellow chapter and project leaders,
> 
> as you might already know, we finally released it. After receiving your
feedback
> over the last few weeks with more than 90% in favour of that OWASP should
> make a statement and the last reviews here on the list, it finally has
been
> released to the media. Please feel free to share with your chapters,
peers, on
> twitter, linkedin, etc. and with the media in your countries.
> 
> http://owasp.blogspot.com/2014/01/owasp-statement-on-security-of-
> internet.html
> 
> 
> 
> OWASP Statement on the Security of the Internet
> 
> The OWASP (Open Web Application Security Project, www.owasp.org)
> community cares deeply about how much people can trust commonly used
> Internet services and the applications that provide and use these
services. The
> reports about large-scale intelligence activities targeting Internet
> communication and applications and possible attempts to undermine
> cryptographic algorithms leave us deeply concerned. We knew about the
> interception of targeted individuals and other monitoring activities,
however,
> the scale of recently reported activities and the possibility of active
> undermining of the security of deployed applications are alarming.
> 
> Of course, it is hard to know for sure from current reports which attack
> techniques may be in use and which secret agreements may be in place. As
> such, it is not so easy to comment on the specifics from an OWASP
perspective.
> OWASP has long-standing general principles that we can talk about, and
> address some of the actions we are taking.
> 
> Our mission is to make application security visible so that people and
> organizations can make informed decisions about application security
risks.
> 
> 
> 
> *	We strongly believe trustworthy secure software and applications are
> an important cornerstone of human society and interactions of all people
> around the world.
> 
> *	We strongly believe that people, companies and governments must
> protect software security and must not intentionally weaken software
security,
> security standards, or undermine the security of cryptographic algorithms.
> 
> *	We strongly believe that people, companies and governments must not
> intentionally introduce defects or vulnerabilities (or secret back-doors)
> compromising the security, trust and integrity of software and
applications.
> 
> 
> We think it is also important to point out that if vulnerabilities are
introduced
> by people, governments or corporations to enable monitoring, this will not
only
> have adverse effects on freedom and trust within human society, but sooner
or
> later these vulnerabilities and weaknesses will also be found and
exploited by
> malicious actors and criminals. Furthermore, the general population and
> companies will then be left without protection against these actors,
> undermining the very foundations of many software applications that
support
> our daily lives, and with potentially world-wide catastrophic
consequences.
> 
> The OWASP community wants to help build secure and deployable systems for
> all Internet users. Addressing security and new vulnerabilities has been
the key
> strength of the OWASP community for more than a decade and technology
> alone is not the only factor. Education, operational practices, laws, and
other
> similar factors also matter. We see the recent news and developments as a
> challenge, inspiring us to stand by our principles and work harder and do
more
> to make the web and applications more secure. Eoin Keary, OWASP board
> member, pointed out: "OWASP cannot stand by and let the erosion of
security
> occur; it is against our mission." We are confident that the OWASP
community
> can do its part and we believe that OWASP security recommendations and
> tools, if used more widely, can help.
> 
> We should seize this opportunity to take a look at what we can do better
going
> forward; not only think about all this just in light of the recent
revelations. The
> security and privacy of the Internet in general is still a major
challenge, even
> ignoring recent intelligence activities. Lessons can be drawn from the
above
> that will be generally useful in many ways for years to come. And Tobias
> Gondrom, OWASP board member, voiced the hope, that “perhaps this year’s
> discussions can be the inspiring spark to motivate the world to become
more
> security aware, address open issues and move from “insecure by default” to
> “secure by default”.”
> 
> Publicity and motivation are important, too. There is plenty to do for all
of us,
> from users enabling additional security features to security experts,
companies
> and governments ensuring that their users, products, services and
applications
> are secure. OWASP is an open community and we invite everyone interested
in
> working on this area to rise to this challenge and contribute to the
analysis and
> develop ideas in this area together for our common future.
> 
> 
> All the best and thanks a lot for your initiative and all the great work,
Tobias
> 
> 
> 
> Tobias Gondrom
> OWASP Global Board Member
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
> 




More information about the Owasp-germany mailing list