[owasp-intrinsic-security] OWASP Open Review support for Intrinsic Security

Dan Cornell dan at denimgroup.com
Fri Sep 12 10:03:00 EDT 2008


A number of folks have been working to put together the OWASP Open Review Project <http://www.owasp.org/index.php/Category:OWASP_Open_Review_Project> to provide both automated and manual security review for open source projects.  As part of this, the Fortify folks have made their SCA technology available to perform automated reviews <http://owasp.fortify.com/>

I think there is an opportunity for what we are doing to support the Intrinsic Security project.  You all are working with a variety of both open and closed source vendors on security issues.  The Open Review Project could be used to provide reviews for the open source project you are working with - for example Mozilla, Spring, etc.  Hopefully your liaisons with those projects can help to make sure any identified issues get addressed.

We are still getting up and running and we will be shaking out some technical and process bugs as we go, but I am interested to know if you all think this would be valuable for what you all are trying to do.

I will be in NYC in a couple of weeks so perhaps we can catch up there.



Dan Cornell | Principal
3463 Magic Drive, Suite 315 
San Antonio, Texas 78229
office 210.572.4400
cellular 210.859.0921
DENIM GROUP | Build Integrate Secure

More information about the owasp-intrinsic-security mailing list