[Owasp-leaders] Very interesting 'How Secure are we' disclosure from LockBox

dan cornell dan.cornell at owasp.org
Fri Oct 14 06:41:15 EDT 2011


We've had some success with clients using a combination of OpenSAMM to
describe the state of their security processes along with ASVS to
describe the security state of specific applications at a specific
point in time. This has been helpful for some financial service
providers who get lots of requests to "prove" the security of their
applications from credit unions, regional banks, etc.  It gives them
one set of documents to ship around rather than having every partner
on the planet run their own goofy application scan or "pen test" of
dubious quality.  Kind of like an application security SAS70.

We've been pushing those folks to go more public with their approach;
this is a work in progress.

Thanks,

Dan


On Thu, Oct 13, 2011 at 4:41 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> http://golockbox.com/about/LockBoxSftSecurity.aspx (see
> also http://golockbox.com/dataprotection/d3p.aspx)
> Anybody knows the members of their security team?
> I would like to invite them to help re-kickstarting
> the https://www.owasp.org/index.php/Category:OWASP_Positive_Security_Project (maybe
> with a touch
> of https://www.owasp.org/index.php/Don't_Judge_a_Website_by_its_Icon_-_Read_the_Label!)
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


More information about the OWASP-Leaders mailing list