[Owasp-leaders] MUST READ: Establishing a Software Ecosystem that Produces Security

dinis cruz dinis.cruz at owasp.org
Mon Feb 21 21:56:41 EST 2011

I think most of you missed this VERY important paper (attached) from Jeff
that he originally included on on this 'Myth of the OWASP board / Not going
for re-election' email.

I just read this 7 page document today and I have to say that it is an
AMAZING presentation of the problems our industry historically has faced.
This document also presents a great solution which (from my point of view)
is spot on!

If we can create a software development culture that promotes and rewards
security, we will be able to finally change the way apps are created, sold
and consumed/used.

I think this presentation should be delivered at ALL OWASP chapters around
the world, and hopefully very soon we will have a recorded audio/video
version (with slides) of this presentation by Jeff (or others).

For reference here is the paper's abstract (note that it this will be
officially published on the next edition of Crosstalk, so please consider
this a soft release for OWASP leaders consumption):

   Abstract: What if the key to efficiently and reliably producing secure
code is not better tools or processes, but our software development culture?
In this paper, we examine the reasons why software ecosystems systematically
discourage security, and what organizations can do about them. We suggest
that the most important thing an organization can do is to influence their
software development ecosystems to ensure that security is visible,
collaborative, and measured. A healthy software ecosystem will enable
builders and breakers to iterate quickly, improving security and building
history. To give the ecosystem direction, we suggest creating selective
pressure for code with both strength and simplicity. Anyone interested in
exploring this idea is encouraged to join us at OWASP.

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110222/378c1ebf/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2010-10 Crosstalk Ecosystems.pdf
Type: application/pdf
Size: 520923 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110222/378c1ebf/attachment-0001.pdf 

More information about the OWASP-Leaders mailing list