[Owasp-leaders] "OWASP Challenges World Governments to Improve Application Security"

dinis cruz dinis.cruz at owasp.org
Tue Dec 22 07:38:07 EST 2009

Hi, I just blogged about the outcomes of the "Web Application Security: What
should Governments do in 2010?" panel we had at the last OWASP conference in

would like to see happening next is for us (the OWASP Community) to
discuss these 5 items amongst us and come up with the official OWASP
recommendations for governments in 2010 which we should promote
as much as possible and track its usage (casing point the example of
the Catalonia
government to include OWASP requirements in their RFPs)

So, here is the question: what do you guys think of these 5 recommendations:

   1. We challenge governments to work with OWASP to increase the
   transparency of web application security, particularly with respect to
   financial, health and all other systems where data privacy and
   confidentiality requirements are fundamental;
   2. OWASP will seek participation with governments around the globe to
   develop recommendations for the incorporation of specific
application security
   requirements and the development of suitable certification frameworks within
   the government software acquisition processes;
   3. We offer our assistance to clarify and modernize computer security
   laws, allowing the Government, citizens and organizations to make informed
   decisions about security;
   4. We ask governments to encourage companies to adopt application
   security standards that, where followed, will help protect us all from
   security breaches, which might expose confidential information, enable
   fraudulent transactions and incur legal liability;
   5. We offer to work with local and national governments to establish
   application security dashboards providing visibility into spending and
   support for application security.

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091222/7ba6227f/attachment.html 

More information about the OWASP-Leaders mailing list