[Owasp-leaders] OWASP Summit and the Basel Accords

Stephen de Vries stephen at twisteddelight.org
Fri Dec 10 09:22:24 EST 2010


Hi Lucas,

I don't think you'll find direct statements that link app security to the Basel II accord, or indeed any of the financial standards (like FSA in UK or SOX US [correct me if I'm wrong here] ).   Instead, you'll find vague requirements like: 

- Failure to maintain audit or review of work papers for at least five years is punishable by up to five years in prison, and/or a fine.
- Corruptly altering, destroying, or concealing records or documents in order to compromise the integrity of the record for use in an official proceeding is punishable by up to 20 years in prison, and/or an unspecified fine amount.
- etc.

So you'll have to join the dots between the requirement to provide data confidentiality and integrity and how that links up with the need to build and maintain secure applications.  Not a stretch at all, and I think most people in the finance/security world will easily see how insecure apps lead to insecure data which leads to non-compliance with Basell II etc.


Stephen "2c" de Vries


On Dec 10, 2010, at 3:02 PM, Lucas Ferreira wrote:

> Hello James,
> 
> Do you have any documents about this? My point is that if we can show that application security is part of the requirements of Basel II or similar accords, we could hook more easily the banks and their regulators in the discussion.
> 
> If I can put together such an argument, we could use it to bring these people to the summit. The main problem is that I am not very familiar with these frameworks (Basel, Solvency, etc) and the time is short. So, any pointer would be helpful.
> 
> Thanks,
> 
> Lucas
> 
> On Fri, Dec 10, 2010 at 11:56, James McGovern <JMcGovern at virtusa.com> wrote:
> Solvency II is the insurance version of Basel II and there are many parallel approaches used…
> 
>  
> James McGovern
> Insurance SBU
> 
> Virtusa Corporation
> 
> 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
> 
> Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  
> 
> <image001.jpg> <image002.gif> <image003.gif> <image004.gif> <image005.gif>
> 
>  
> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
> Sent: Friday, December 10, 2010 8:29 AM
> To: Lucas Ferreira; owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords
> 
>  
> Hey Leaders, as per Lucas question below, anybody here as experience with OWASP and the Basel Accords (i.e. http://en.wikipedia.org/wiki/Basel_Accords)
> Thanks
> 
> 
> Dinis Cruz
> 
> On 8 December 2010 16:45, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
> 
> Hello Jason and Dinis,
> 
> I am seeking arguments do convince the Brazilian Central Bank to
> participate in the Summit. One of the possible arguments is to link
> possible Summit results to the Basel Accords. Can you help me with
> this? Do we have any work relating appsec to Basel?
> 
> Thanks,
> 
> Lucas
> 
> --
> Homo sapiens non urinat in ventum.
> 
>  
> Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.
> 
> ---------------------------------------------------------------------------------------------
> 
> This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
> 
> ---------------------------------------------------------------------------------------------
> 
> 
> 
> 
> -- 
> Homo sapiens non urinat in ventum.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list