[Owasp-portuguese] Fwd: [Owasp-leaders] OWASP released Statement on the Security of the Internet - share the news with your chapters and in your countries
carlos.serrao at owasp.org
Wed Jan 29 12:22:04 UTC 2014
Para vosso conhecimento...
Begin forwarded message:
> From: Tobias <tobias.gondrom at owasp.org>
> Subject: [Owasp-leaders] OWASP released Statement on the Security of the Internet - share the news with your chapters and in your countries
> Date: 29 Jan 2014 12:10:49 GMT
> To: owasp-leaders at lists.owasp.org
> Hi dear fellow chapter and project leaders,
> as you might already know, we finally released it. After receiving your feedback over the last few weeks with more than 90% in favour of that OWASP should make a statement and the last reviews here on the list, it finally has been released to the media. Please feel free to share with your chapters, peers, on twitter, linkedin, etc. and with the media in your countries.
> OWASP Statement on the Security of the Internet
> The OWASP (Open Web Application Security Project, www.owasp.org) community cares deeply about how much people can trust commonly used Internet services and the applications that provide and use these services. The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming.
> Of course, it is hard to know for sure from current reports which attack techniques may be in use and which secret agreements may be in place. As such, it is not so easy to comment on the specifics from an OWASP perspective. OWASP has long-standing general principles that we can talk about, and address some of the actions we are taking.
> Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks.
> We strongly believe trustworthy secure software and applications are an important cornerstone of human society and interactions of all people around the world.
> We strongly believe that people, companies and governments must protect software security and must not intentionally weaken software security, security standards, or undermine the security of cryptographic algorithms.
> We strongly believe that people, companies and governments must not intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications.
> We think it is also important to point out that if vulnerabilities are introduced by people, governments or corporations to enable monitoring, this will not only have adverse effects on freedom and trust within human society, but sooner or later these vulnerabilities and weaknesses will also be found and exploited by malicious actors and criminals. Furthermore, the general population and companies will then be left without protection against these actors, undermining the very foundations of many software applications that support our daily lives, and with potentially world-wide catastrophic consequences.
> The OWASP community wants to help build secure and deployable systems for all Internet users. Addressing security and new vulnerabilities has been the key strength of the OWASP community for more than a decade and technology alone is not the only factor. Education, operational practices, laws, and other similar factors also matter. We see the recent news and developments as a challenge, inspiring us to stand by our principles and work harder and do more to make the web and applications more secure. Eoin Keary, OWASP board member, pointed out: "OWASP cannot stand by and let the erosion of security occur; it is against our mission." We are confident that the OWASP community can do its part and we believe that OWASP security recommendations and tools, if used more widely, can help.
> We should seize this opportunity to take a look at what we can do better going forward; not only think about all this just in light of the recent revelations. The security and privacy of the Internet in general is still a major challenge, even ignoring recent intelligence activities. Lessons can be drawn from the above that will be generally useful in many ways for years to come. And Tobias Gondrom, OWASP board member, voiced the hope, that “perhaps this year’s discussions can be the inspiring spark to motivate the world to become more security aware, address open issues and move from “insecure by default” to “secure by default”.”
> Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security features to security experts, companies and governments ensuring that their users, products, services and applications are secure. OWASP is an open community and we invite everyone interested in working on this area to rise to this challenge and contribute to the analysis and develop ideas in this area together for our common future.
> All the best and thanks a lot for your initiative and all the great work, Tobias
> Tobias Gondrom
> OWASP Global Board Member
> email: tobias.gondrom at owasp.org
> mobile: +852 56002975
> mobile: +44 7521003005
> skype: tgondrom
> twitter: @tgondrom
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
Chapter Leader @ OWASP at PT
Skype: pontocom73 | google | linkedin | twitter | facebook
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2332 bytes
Desc: not available
More information about the Owasp-portuguese