[Owasp-leaders] Plan approach - help fix platforms devs use

Tim tim.morgan at owasp.org
Wed Nov 25 16:49:50 UTC 2015


Great Jim, I appreciate it.  That makes 3, I think.  Should we set up
a project officially then?


> I'm in. Years ago Arshan D. built a software framework security
> maturity model that we could leverage to help with portions of this
> project. No need to start from scratch. ASVS can help inform us here
> as well. The ESAPI interfaces can also help us in these efforts.

Yeah, I'm sure there's a lot we can draw inspiration from.


> I think a continuous effort over a year or more is necessary to
> effect change. So when I say "I'm in" I don't say it lightly, Tim.
> We're trying to change the world anyhow, right?

Agreed, it will be a never ending battle to convince platform
developers to make safer APIs.  I am optimistic that we can and will
change how current APIs work, but there are always new platforms
shooting up like weeds.

tim


More information about the OWASP-Leaders mailing list