[Owasp-leaders] proposed summit working session: how can owasp reach/talk/engage with auditors

Matthew Chalmers matthew.chalmers at owasp.org
Fri Jan 14 14:31:30 EST 2011

There has been some discussion on the owasp-leaders list about how audit
relates to appsec and vice versa--see for example threads "developers,
Developers, DEVELOPERS!" (Dec 2010), "Creating OWASP 4.0!" (Dec 2010),
"ISACA and OWASP" (May 2010), and "Question on ISACA" (November 2009) in the
archives. I have a feeling there isn't more discussion because developers
and/or security folks are convinced that audit cannot or will not help. I
think it might benefit Summit attendees to hear about audit and control
perspectives, air their grievances, and discuss how OWASP can help testers,
developers, and security folks work together with auditors for their

Therefore I've created a proposed Summit working session (
http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082). If
you're interested in this topic, please put your name down as a potential
attendee and note what points interest you most. If you'd like to make a
presentation or facilitate a discussion related to this topic, please let me
know so we can work together on ideas. If you have any suggestions for
points you'd like to see covered in related presentations or discussions,
please let me know or post them to the working sessions mailing list (

Thanks for your time.


P.S. I've cross-posted this to owasp-leaders and owasp-summit-2011 for
visibility. If you're not on the summit-2011-working-sessions list and wish
to reply, please join that list and reply there to minimize clutter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110114/ad253560/attachment.html 

More information about the OWASP-Leaders mailing list