[Owasp-leaders] OWASP Summit and the Basel Accords

Matthew Chalmers matthew.chalmers at owasp.org
Sat Jan 8 15:09:04 EST 2011


Depends on how you define "great" I guess... :)

Matt


On Fri, Dec 10, 2010 at 8:25 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> this looks like a great Summit Session: "Mapping 'Web Application Security'
> to Basel II Accord"
>
> Dinis Cruz
>
>
> On 10 December 2010 14:22, Stephen de Vries <stephen at twisteddelight.org>wrote:
>
>>
>> Hi Lucas,
>>
>> I don't think you'll find direct statements that link app security to the
>> Basel II accord, or indeed any of the financial standards (like FSA in UK or
>> SOX US [correct me if I'm wrong here] ).   Instead, you'll find vague
>> requirements like:
>>
>> - Failure to maintain audit or review of work papers for at least five
>> years is punishable by up to five years in prison, and/or a fine.
>> - Corruptly altering, destroying, or concealing records or documents in
>> order to compromise the integrity of the record for use in an official
>> proceeding is punishable by up to 20 years in prison, and/or an unspecified
>> fine amount.
>> - etc.
>>
>> So you'll have to join the dots between the requirement to provide data
>> confidentiality and integrity and how that links up with the need to build
>> and maintain secure applications.  Not a stretch at all, and I think most
>> people in the finance/security world will easily see how insecure apps lead
>> to insecure data which leads to non-compliance with Basell II etc.
>>
>>
>> Stephen "2c" de Vries
>>
>>
>> On Dec 10, 2010, at 3:02 PM, Lucas Ferreira wrote:
>>
>> > Hello James,
>> >
>> > Do you have any documents about this? My point is that if we can show
>> that application security is part of the requirements of Basel II or similar
>> accords, we could hook more easily the banks and their regulators in the
>> discussion.
>> >
>> > If I can put together such an argument, we could use it to bring these
>> people to the summit. The main problem is that I am not very familiar with
>> these frameworks (Basel, Solvency, etc) and the time is short. So, any
>> pointer would be helpful.
>> >
>> > Thanks,
>> >
>> > Lucas
>> >
>> > On Fri, Dec 10, 2010 at 11:56, James McGovern <JMcGovern at virtusa.com>
>> wrote:
>> > Solvency II is the insurance version of Basel II and there are many
>> parallel approaches used…
>> >
>> >
>> > James McGovern
>> > Insurance SBU
>> >
>> > Virtusa Corporation
>> >
>> > 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
>> >
>> > Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890
>> >
>> > <image001.jpg> <image002.gif> <image003.gif> <image004.gif>
>> <image005.gif>
>> >
>> >
>> > From: owasp-leaders-bounces at lists.owasp.org [mailto:
>> owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
>> > Sent: Friday, December 10, 2010 8:29 AM
>> > To: Lucas Ferreira; owasp-leaders at lists.owasp.org
>> > Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords
>> >
>> >
>> > Hey Leaders, as per Lucas question below, anybody here as experience
>> with OWASP and the Basel Accords (i.e.
>> http://en.wikipedia.org/wiki/Basel_Accords)
>> > Thanks
>> >
>> >
>> > Dinis Cruz
>> >
>> > On 8 December 2010 16:45, Lucas Ferreira <lucas.ferreira at owasp.org>
>> wrote:
>> >
>> > Hello Jason and Dinis,
>> >
>> > I am seeking arguments do convince the Brazilian Central Bank to
>> > participate in the Summit. One of the possible arguments is to link
>> > possible Summit results to the Basel Accords. Can you help me with
>> > this? Do we have any work relating appsec to Basel?
>> >
>> > Thanks,
>> >
>> > Lucas
>> >
>> > --
>> > Homo sapiens non urinat in ventum.
>> >
>> >
>> > Virtusa was recently ranked and featured in 2010 Deloitte Technology
>> Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100
>> sub-list and 2010 FinTech 100 among others.
>> >
>> >
>> ---------------------------------------------------------------------------------------------
>> >
>> > This message, including any attachments, contains confidential
>> information intended for a specific individual and purpose, and is intended
>> for the addressee only. Any unauthorized disclosure, use, dissemination,
>> copying, or distribution of this message or any of its attachments or the
>> information contained in this e-mail, or the taking of any action based on
>> it, is strictly prohibited. If you are not the intended recipient, please
>> notify the sender immediately by return e-mail and delete this message.
>> >
>> >
>> ---------------------------------------------------------------------------------------------
>> >
>> >
>> >
>> >
>> > --
>> > Homo sapiens non urinat in ventum.
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110108/d4e3a297/attachment-0001.html 


More information about the OWASP-Leaders mailing list