[Owasp-leaders] developers, Developers, DEVELOPERS!

Jim Manico jim.manico at owasp.org
Thu Dec 9 14:56:31 EST 2010


I think the answer is, *we* go-to *them*, not the other way around. WE
change our methods so we develop with more formal SDLC process in our
projects. WE apply for and give talks at developer-centric conferences like
Java-One and so on.  Etc.

 

The secret is to infiltrate the developer world with our WebAppSec majesty.
J

 

- Jim

 

PS: Infiltrate!

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Thursday, December 09, 2010 9:51 AM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] developers, Developers, DEVELOPERS!

 

Definitely and the hard work is very appreciated by all in OWASP and the
many users of the tools.  But how do we get more developers at the chapter
meetings and the conferences.  Its one thing to talk about security with
security professionals, but another to be able to work directly with the
developers.

 

 


Michael Coates

OWASP

 

 

 

On Dec 9, 2010, at 10:23 AM, Jim Manico wrote:





There are plenty of active developers (primarily Java dev's) who volunteer
for OWASP building secure coding libraries! 

 

AntiSamy was authored by Jason Li and Arshan D. This is a fairly complex
piece of code for HTML policy validation.

 

CSRFGuard was written by Eric Sheridan, its a JavaScript tool, primarily for
injecting security tokens into HTML pages for CSRF defense.

 

ESAPI was started by Jeff Williams and is managed by myself, Chris Beef and
Kevin Wall. Its an epic secure coding library that covers a wide range of
secure coding needs. There are about a dozen active dev's in the Java
project alone.

 

And there are more.

 

The dev's at OWASP tend to be more on the introverted side, but they are
here and participate by .doing..

 

Do you how crazy tough it is to get smart dev's to participate in open
source projects? We are lucky that OWASP has so many under the hood donating
time for us...


-Jim Manico

http://manico.net <http://manico.net/> 


On Dec 9, 2010, at 4:44 AM, Grzegorz Bugaj <gregbugaj at yahoo.com> wrote:

Hello

I think this is very common trend that I see here In Oklahoma US, as a
developer I am trying to cater more towards developers instead security
professionals to get them involved. I think the problem here is that most
developers are not very security conscious people, also many of them is not
aware of the fact that there are organizations like OWASP that could help
them.

 

 

Regards
Greg Bugaj, SCJP

 

 


  _____  


From: psiinon <psiinon at gmail.com>
To: owasp-leaders at lists.owasp.org
Sent: Thu, December 9, 2010 4:06:33 AM
Subject: [Owasp-leaders] Developers Vs Security professionals

Hi folks,

I'll freely admit that I'm relatively new to the world of OWASP, but I
get the distinct impression that theres a significant involvement from
security professions and much less involvement from people from the
software development side.
I gave a talk last night at the OWASP Leeds / Northern UK meeting last
night in Manchester, and to test this theory I asked which of these 2
areas people worked in.
Only one person (out of ~25) worked in software development, and they
were an ex colleague of mine who came to see what I was up to!
Do you think this is common?
And if it is, should we be worried about it?
I'm sure we will all agree that if we cant get developers interested
in security then we'll just be firefighting all of the time.

Cheers,

Simon
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101209/e18cf565/attachment-0001.html 


More information about the OWASP-Leaders mailing list