[Owasp-leaders] OWASP Summit and the Basel Accords

James McGovern JMcGovern at virtusa.com
Fri Dec 10 12:06:05 EST 2010


Solvency and Basel don't talk much to confidentiality, but do talk about integrity if you change the semantics a little bit. Can we agree that activities that influence financial markets such as the trader in Europe several months back who did a "typo" can be classified as lack of input validation? Independent of bad input data being used for exploit purposes, we are the crowd in the know that best knows how to validate data within web-based enterprise applications and that is the point of the conversation.

James McGovern
Insurance SBU 
Virtusa Corporation
100 Northfield Drive, Suite 305 | Windsor, CT | 06095
Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  
    


-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Stephen de Vries
Sent: Friday, December 10, 2010 9:22 AM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords


Hi Lucas,

I don't think you'll find direct statements that link app security to the Basel II accord, or indeed any of the financial standards (like FSA in UK or SOX US [correct me if I'm wrong here] ).   Instead, you'll find vague requirements like: 

- Failure to maintain audit or review of work papers for at least five years is punishable by up to five years in prison, and/or a fine.
- Corruptly altering, destroying, or concealing records or documents in order to compromise the integrity of the record for use in an official proceeding is punishable by up to 20 years in prison, and/or an unspecified fine amount.
- etc.

So you'll have to join the dots between the requirement to provide data confidentiality and integrity and how that links up with the need to build and maintain secure applications.  Not a stretch at all, and I think most people in the finance/security world will easily see how insecure apps lead to insecure data which leads to non-compliance with Basell II etc.


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------


More information about the OWASP-Leaders mailing list