[Owasp-leaders] Very interesting 'How Secure are we' disclosure from LockBox
wickett at gmail.com
Fri Oct 14 22:48:08 EDT 2011
Anyone know what they mean by "Intelligent protection against geo-spatial
Is this like some kind of laser or something?
J. H. Wickett, CISSP, GSEC
On Fri, Oct 14, 2011 at 9:06 AM, Erwin Geirnaert <
erwin.geirnaert at zionsecurity.com> wrote:
> What would be even more interesting is to compare peers in the same
> industry on a maturity level
> Security managers often need to defend their projects to a board of
> directors that just want to know what others are doing…
> Best regards,
> Van: Eoin <eoin.keary at owasp.org>
> Datum: Fri, 14 Oct 2011 07:00:27 -0700
> Aan: dan cornell <dan.cornell at owasp.org>
> CC: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> Onderwerp: Re: [Owasp-leaders] Very interesting 'How Secure are we'
> disclosure from LockBox
> I've done the same in EU with some Global Insurance companies.
> They have been very receptive of the output and valued it in terms of
> "where to go next" and also "how do I get there".
> I agree with dan as its kind of a SAS70 to demonstrate their diggigence to
> app security.
> It would be good to formulise it as a "APP70" framework?
> On 14 October 2011 11:41, dan cornell <dan.cornell at owasp.org> wrote:
>> We've had some success with clients using a combination of OpenSAMM to
>> describe the state of their security processes along with ASVS to
>> describe the security state of specific applications at a specific
>> point in time. This has been helpful for some financial service
>> providers who get lots of requests to "prove" the security of their
>> applications from credit unions, regional banks, etc. It gives them
>> one set of documents to ship around rather than having every partner
>> on the planet run their own goofy application scan or "pen test" of
>> dubious quality. Kind of like an application security SAS70.
>> We've been pushing those folks to go more public with their approach;
>> this is a work in progress.
>> On Thu, Oct 13, 2011 at 4:41 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> > http://golockbox.com/about/LockBoxSftSecurity.aspx (see
>> > also http://golockbox.com/dataprotection/d3p.aspx)
>> > Anybody knows the members of their security team?
>> > I would like to invite them to help re-kickstarting
>> > the
>> > with a touch
>> > of
>> > Dinis Cruz
>> > Blog: http://diniscruz.blogspot.com
>> > Twitter: http://twitter.com/DinisCruz
>> > Web: http://www.owasp.org/index.php/O2
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders