[Owasp-leaders] OWASP Appsec Standard

McGovern, James james.mcgovern at hp.com
Wed Mar 25 20:47:01 UTC 2015


We would need to “certify” the auditors (QSAs). I tried leading a people oriented certification program several years back but was challenged due to the conflict of certification vs open…

From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mohamed Alfateh
Sent: Wednesday, March 25, 2015 4:24 PM
To: Jim Manico
Cc: OWASP Leaders
Subject: Re: [Owasp-leaders] OWASP Appsec Standard

The idea is to give certificate upon compliance to standard requirement,
I don't think we need that extensive infrastructure, we may need to prepare details for the auditing criteria,
For PCI, the council is responsible for releasing the standard and give the certificate of compliance, the auditing itself is done through other qualified entities,


On Wed, Mar 25, 2015 at 8:28 PM, Jim Manico <jim.manico at owasp.org<mailto:jim.manico at owasp.org>> wrote:
Certification? That requires extensive infrastructure and setup.

Standard? Check out the OWASP ASVS Standard....

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Mar 25, 2015, at 12:18 PM, Mohamed Alfateh <mohamed.alfateh at owasp.org<mailto:mohamed.alfateh at owasp.org>> wrote:
>
> Dear all,
>
> I had conversation with one of our chapter members regarding the application security standards,
> He asked me: why don't we have OWASP Appsec standard and certification similar to PA/DSS,
> I think OWASP is more trusted when it comes to application security. OWASP already have many projects include information better than PA/DSS. Also, this could be good revenue source for OWASP,
>
> What do you think about this ?  ,
>
> --
> Fateh
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150325/6f296168/attachment.html>


More information about the OWASP-Leaders mailing list