[Owasp-leaders] Very interesting 'How Secure are we' disclosure from LockBox

James Wickett wickett at gmail.com
Fri Oct 14 22:48:08 EDT 2011


Anyone know what they mean by  "Intelligent protection against geo-spatial
threats"

Is this like some kind of laser or something?

Sounds awesome...

------
J. H. Wickett, CISSP, GSEC
Twitter: @wickett




On Fri, Oct 14, 2011 at 9:06 AM, Erwin Geirnaert <
erwin.geirnaert at zionsecurity.com> wrote:

> What would be even more interesting is to compare peers in the same
> industry on a maturity level
> Security managers often need to defend their projects to a board of
> directors that just want to know what others are doing…
>
> Best regards,
>
> Erwin
>
> Van: Eoin <eoin.keary at owasp.org>
> Datum: Fri, 14 Oct 2011 07:00:27 -0700
> Aan: dan cornell <dan.cornell at owasp.org>
> CC: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> Onderwerp: Re: [Owasp-leaders] Very interesting 'How Secure are we'
> disclosure from LockBox
>
> I've done the same in EU with some Global Insurance companies.
> They have been very receptive of the output and valued it in terms of
> "where to go next" and also "how do I get there".
> I agree with dan as its kind of a SAS70 to demonstrate their diggigence to
> app security.
> It would be good to formulise it as a "APP70" framework?
> Eoin
>
> On 14 October 2011 11:41, dan cornell <dan.cornell at owasp.org> wrote:
>
>> We've had some success with clients using a combination of OpenSAMM to
>> describe the state of their security processes along with ASVS to
>> describe the security state of specific applications at a specific
>> point in time. This has been helpful for some financial service
>> providers who get lots of requests to "prove" the security of their
>> applications from credit unions, regional banks, etc.  It gives them
>> one set of documents to ship around rather than having every partner
>> on the planet run their own goofy application scan or "pen test" of
>> dubious quality.  Kind of like an application security SAS70.
>>
>> We've been pushing those folks to go more public with their approach;
>> this is a work in progress.
>>
>> Thanks,
>>
>> Dan
>>
>>
>> On Thu, Oct 13, 2011 at 4:41 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> > http://golockbox.com/about/LockBoxSftSecurity.aspx (see
>> > also http://golockbox.com/dataprotection/d3p.aspx)
>> > Anybody knows the members of their security team?
>> > I would like to invite them to help re-kickstarting
>> > the
>> https://www.owasp.org/index.php/Category:OWASP_Positive_Security_Project
>>  (maybe
>> > with a touch
>> > of
>> https://www.owasp.org/index.php/Don't_Judge_a_Website_by_its_Icon_-_Read_the_Label
>> !)
>> > Dinis Cruz
>> >
>> > Blog: http://diniscruz.blogspot.com
>> > Twitter: http://twitter.com/DinisCruz
>> > Web: http://www.owasp.org/index.php/O2
>> >
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> https://twitter.com/EoinKeary
> http://twitter.com/BCCRiskAdvisory
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111014/aa60f5b4/attachment.html 


More information about the OWASP-Leaders mailing list