[Owasp-leaders] Please show Ian Spiro your support for his IBM AppScan research, ideas and energy

Dinis Cruz dinis.cruz at owasp.org
Sat Jan 26 15:40:09 UTC 2013

This is a weird request, but there has been some great developments around
O2 and IBM which could be great for our industry, and really push this area
of research to the next level.

*tl;dr: if you complain about the fact that SAST tools like AppScan Source
don't really 'work' in the real-world, and wish they could be more
customisable, please send your support, ideas, thoughts and requests to
ianspiro at us.ibm.com*

The long version of this request is at my blog Please show Ian Spiro your
support for his IBM AppScan research, ideas and
also contains tons of links to Ian's research)

I hope that you also will see that this is much bigger than Ian. Companies
like IBM react to their customers requests (both end users and security
professionals) and they need to hear from them how important it is to:

   - open up their technology,
   - document it,
   - allow inter-operability between tools (IBM and external),
   - expose the rules
   - allow customisation of rules
   - make it easy to integrate with CI environments,
   - basically... to make them in real-world apps/environments :)

IBM (and HP, Microsoft, etc...) spend tons of money and resources in
Application Security research. Unfortunately most is done in bubbles, the
collaboration with communities like OWASP is minimal and massive
opportunities are missed.

Yes Ian might not be the most famous web application security guy in the
world, but he works damn hard, and is the kind of 'inside' guy that is
really trying to make the technology work, and help it's customers to be
more secure.

One of the areas we could do much better at OWASP, is to connect the dots
between the people who care about a topic and the ones who can do something
about it.

So please take a look at Ian's
share your views on email, blog, twitter or pigeon post :)

Btw, if you are interested in this topic, you might also enjoy the post I
wrote on My focus, O2 as the Open Platform, why IBM needs open standards
and O2+AppScan research


Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130126/e054e215/attachment.html>

More information about the OWASP-Leaders mailing list