[Owasp-leaders] Instead of OWASP libraries, why don't we ...

Jim Manico jim.manico at owasp.org
Sat Nov 21 15:47:37 UTC 2015


I think that's a great idea, Johanna. It's wise of us to spend our funds on providing these key defensive projects with additional assurance. 

In general, I'd like to see OWASP bring in more •technical• resources to help with projects, wiki and infrastructure enhancement. I also thinks Tims idea about helping common frameworks with security engineering is spot on and I've love to see us invest in those efforts. I've submitted a few suggestions to the board and it's being discussed in the context of the 2016 budget.

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me in Rome for AppSecEU 2016!

> On Nov 21, 2015, at 9:39 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> >>Or offer bounties for specific platform security tasks. 
> 
> Why not as part of a Project review process to offer bounties for testing the project at security level?
> We have some key projects like CRSFGuard and Java HTML Sanitizer that are used as 'Protection Libraries' against certain attacks and many companies are depending on these projects to secure their sites. Even I know some using ESAPI still
> 
> 
> 
>> On Fri, Nov 20, 2015 at 11:00 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> > Does this resonate with anyone?
>> 
>> Spot on. It's hard work and takes a lot of selfless dedication.
>> 
>> I feel OWASP should consider spending some of it's funds to hire developers to be dedicated to some of these tasks. Or offer bounties for specific platform security tasks. I think that would accelerate this kind of activity, significantly....
>> 
>> Auto-escaping templates, CSP integration, solid ABAC implementations, default secure headers, solid integrated password storage, etc etc all by default all integrated into common development platforms.
>> 
>> I think this would be an awesome way to serve the mission. Anyone agree?
>> 
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>> Join me in Rome for AppSecEU 2016!
>> 
>>> On Nov 20, 2015, at 4:10 PM, Tim Morgan <tim.morgan at owasp.org> wrote:
>>> 
>>> Does this resonate with anyone?
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151121/45e16233/attachment.html>


More information about the OWASP-Leaders mailing list