[Owasp-leaders] Instead of OWASP libraries, why don't we ...
johanna curiel curiel
johanna.curiel at owasp.org
Sat Nov 21 15:56:14 UTC 2015
>In general, I'd like to see OWASP bring in more •technical• resources to
help with projects, wiki and infrastructure enhancement.
>Tims idea about helping common frameworks with security engineering is
spot on and I've love to see us invest in those efforts
Certainly and Tim Morgan is totally right in his presentation. New project
leaders must realise that creating an OWASP projects takes a lot of
dedication, even more a security library project
On Sat, Nov 21, 2015 at 11:47 AM, Jim Manico <jim.manico at owasp.org> wrote:
> I think that's a great idea, Johanna. It's wise of us to spend our funds
> on providing these key defensive projects with additional assurance.
> In general, I'd like to see OWASP bring in more •technical• resources to
> help with projects, wiki and infrastructure enhancement. I also thinks Tims
> idea about helping common frameworks with security engineering is spot on
> and I've love to see us invest in those efforts. I've submitted a few
> suggestions to the board and it's being discussed in the context of the
> 2016 budget.
> Jim Manico
> Global Board Member
> OWASP Foundation
> Join me in Rome for AppSecEU 2016!
> On Nov 21, 2015, at 9:39 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> >>Or offer bounties for specific platform security tasks.
> Why not as part of a Project review process to offer bounties for testing
> the project at security level?
> We have some key projects like CRSFGuard and Java HTML Sanitizer that are
> used as 'Protection Libraries' against certain attacks and many companies
> are depending on these projects to secure their sites. Even I know some
> using ESAPI still
> On Fri, Nov 20, 2015 at 11:00 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> > Does this resonate with anyone?
>> Spot on. It's hard work and takes a lot of selfless dedication.
>> I feel OWASP should consider spending some of it's funds to hire
>> developers to be dedicated to some of these tasks. Or offer bounties for
>> specific platform security tasks. I think that would accelerate this kind
>> of activity, significantly....
>> Auto-escaping templates, CSP integration, solid ABAC implementations,
>> default secure headers, solid integrated password storage, etc etc all by
>> default all integrated into common development platforms.
>> I think this would be an awesome way to serve the mission. Anyone agree?
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> Join me in Rome for AppSecEU 2016!
>> On Nov 20, 2015, at 4:10 PM, Tim Morgan <tim.morgan at owasp.org> wrote:
>> Does this resonate with anyone?
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders