[Owasp-leaders] OWASP Security for Developers

Yvan Boily yvanboily at gmail.com
Tue Aug 20 18:38:14 UTC 2013


Hi All,

For quite some time now I have been working with several organizations here
in Vancouver, and with my team and team members to improve our security
program and the tools for our developers there.

When Mark Curphey stepped down from OWASP I took up the OWASP Security
Tools for Developers project, but there was a lack of response and
engagement on that project.

For a couple of reasons I would like to end the OWASP STD project (not the
least of which is the unfortunate name!).

I would like to reboot the project as OWASP Security for Developers, with
the following objectives:
* work with tool developers to provide concise documentation on how to
immediately start using tools and getting results

* produce documentation on how to manage source code (repos, access,
auditing, etc)

* interact with development teams across the spectrum of experience levels
and work out how to best support developers with tactical and strategic
guidance

* provide an assessment of many of the security in the development
lifecycle programs, and illustrate the strengths and weaknesses of each
based on the size of team and nature of the development organization

What I don't want to do is:
* reinvent the tooling wheel (there are a ton of tools and projects, and
less about how to run a program using them)
* design Yet Another Do Security Like This standard or document

I will be at AppSecEU, and would love to get feedback from people before I
draft the appropriate documentation to pitch the project.

Will trade drinks for feedback!

Cheers,
Yvan Boily
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130820/b282269b/attachment.html>


More information about the OWASP-Leaders mailing list