[Owasp-leaders] Reaching developers = cooperative hackathons

Venkatesh Jagannathan venki at owasp.org
Thu Sep 9 05:01:54 EDT 2010


James,
    This is a good idea since we can at least catch the vulnerabilities
earlier rather than wait for the developer to code. Making a Top Ten for
Architect though is going to be a llittle more difficult because the context
is not very apparent initially. And without the initial context, creating a
list makes little sense.

    A better option would be to evangelize Threat Modeling. This will create
the necessary awareness needed for the security architects and thereby
prevent at least potential vulnerabilities from being exploited during the
design stage itself.

    Therefore coming up with stringer threat modeling guide would be a
better option I feel.

Thanks & Regards,
~Venki


On Wed, Sep 8, 2010 at 6:10 PM, James McGovern <JMcGovern at virtusa.com>wrote:

>  Does anyone else think starting a project to create a Top Ten list for
> Software Architects has merit? Since my past project of starting a
> certification resulted in a fail, I am game to try again and see if we can
> create a win…
>
>
>
> *James McGovern
> *Insurance SBU
>
> *Virtusa **Corporation***
>
> 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
>
> *Phone:  *860 688 9900 *Ext:  *1037 | *Facsimile:  *860 688 2890
>
> [image: cid:image011.jpg at 01CB08A4.F95CFA30] <http://www.virtusa.com/> [image:
> cid:image012.gif at 01CB08A4.F95CFA30] <http://www.virtusa.com/blog/> [image:
> cid:image004.gif at 01CB08A4.F95CFA30] <https://twitter.com/VirtusaCorp> [image:
> cid:image005.gif at 01CB08A4.F95CFA30]<http://www.linkedin.com/companies/virtusa>
>  [image: cid:image006.gif at 01CB08A4.F95CFA30]<http://www.facebook.com/VirtusaCorp>
>
>
>
> *From:* antonio.fontes at gmail.com [mailto:antonio.fontes at gmail.com] *On
> Behalf Of *AF
> *Sent:* Tuesday, September 07, 2010 10:33 AM
> *To:* James McGovern
> *Subject:* Re: [Owasp-leaders] Reaching developers = cooperative
> hackathons
>
>
>
>
>
> On Tue, Sep 7, 2010 at 3:48 PM, James McGovern <JMcGovern at virtusa.com>
> wrote:
>
> We can also agree that many of the successful attacks aren’t really caused
> by coding mistakes of developers, but really can be attributed to suboptimal
> architecture decisions made by some architect who threw a design over the
> wall without understanding the ramifications of their choices. What if we
> collectively thought of a Top Ten list for Architects to consider when
> designing software…
>
>
>
>
>
> Definitely YES!
>
>
>
> Virtusa was recently ranked and featured in 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list, 2009 Deloitte Technology Fast 500 and 2009 Dataquest-IDC Best Employers Survey among others.
>
> ---------------------------------------------------------------------------------------------
>
> This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
>
> ---------------------------------------------------------------------------------------------
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100909/1f735e0b/attachment.html 


More information about the OWASP-Leaders mailing list