[Owasp-leaders] Instead of OWASP libraries, why don't we ...

johanna curiel curiel johanna.curiel at owasp.org
Sat Nov 21 15:39:32 UTC 2015


>>Or offer bounties for specific platform security tasks.

Why not as part of a Project review process to offer bounties for testing
the project at security level?
We have some key projects like CRSFGuard and Java HTML Sanitizer that are
used as 'Protection Libraries' against certain attacks and many companies
are depending on these projects to secure their sites. Even I know some
using ESAPI still



On Fri, Nov 20, 2015 at 11:00 PM, Jim Manico <jim.manico at owasp.org> wrote:

> > Does this resonate with anyone?
>
> Spot on. It's hard work and takes a lot of selfless dedication.
>
> I feel OWASP should consider spending some of it's funds to hire
> developers to be dedicated to some of these tasks. Or offer bounties for
> specific platform security tasks. I think that would accelerate this kind
> of activity, significantly....
>
> Auto-escaping templates, CSP integration, solid ABAC implementations,
> default secure headers, solid integrated password storage, etc etc all by
> default all integrated into common development platforms.
>
> I think this would be an awesome way to serve the mission. Anyone agree?
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me in Rome for AppSecEU 2016!
>
> On Nov 20, 2015, at 4:10 PM, Tim Morgan <tim.morgan at owasp.org> wrote:
>
> Does this resonate with anyone?
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151121/61d071b4/attachment.html>


More information about the OWASP-Leaders mailing list