[OWASP-LEADERS] Re-introductions and a few things......

Jeff Williams @ Aspect jeff.williams at aspectsecurity.com
Tue Jan 14 20:52:39 EST 2003


I'm Jeff Williams. I've been writing code for 23 years and focused on
security for 14. I spent most of my career at Arca Systems, a small
security consulting firm focused on very high assurance projects, mostly
for government. There, I did security R&D, MLS work, wrote the SSE-CMM,
taught infomation security at the NSA cryptologic school, and published
a number of papers about risk and assurance. Along the way, I picked up
a masters in Human Factors Engineering and a law degree from Georgetown.

Exodus acquired Arca, and I started the Application Security Group. We
provided web application security services to Exodus' 4000 customers
during the dotcom boom. And nobody other than Exodus' internal customers
ever heard of us. Exodus, of course, went bankrupt real badly. I truly
believe that web application security represents a huge unrecognized
risk to all organizations. So, I started Aspect to focus on that space
and my entire team from Exodus decided to join us. We're all technical
and we've been working together for years.

I'd been following OWASP for over a year when I saw Mark's request for
help on the WebGoat project. I realized that the program we developed
for our course would be perfect, and decided to donate it. Then after
getting "SANSed" at countless government agencies, I realized that OWASP
would be a perfect place to manage a "top ten."

I'm absolutely committed to doing things in an open collaborative
manner. I think of the current top ten as a "strawman" that we
contributed to the team, and can now be developed fully by the members
of OWASP. I fully expect a lot of debate about what the "real" top ten
problems are and I can't wait.

I think what Mark and Dave have built in OWASP is amazing, and is (or
will soon become) the world's foremost authority on web application


Jeff Williams, CEO
Aspect Security, Inc.

----- Original Message -----
From: Mark Curphey
To: owasp-leaders at lists.sourceforge.net
Sent: Tuesday, January 14, 2003 6:11 PM
Subject: [OWASP-LEADERS] Re-introductions and a few things......

Hi Guys

I spent some time on the phone today with a few of you and I think there
are generally a few things I (we) can probably do a little better.

Alex and I are going to take a first stab at a strawman of a few
guidelines that will make all of our lives easier, which we will
circulate for discussion in a week or so.

In the meantime I wonder if everyone on this list can re-introduce
themselves. There are some new people on the list, others don't know
each other as well as I know you all and quite frankly I haven't done a
good job of introducing people. Perhaps a paragraph about your
background, what you do for a living and some details of the OWASP
projects you are working on or have worked on. Maybe some words about
your ideas of what we could do better as well might be good for

I will send mine when I get back home later today.



This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test-drive a Thawte SSL
certificate - our easy online guide will show you how. Click here to get
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net

More information about the OWASP-Leaders mailing list