[Owasp-rochester-announce] Report from OWASP Summit 2008

Andrea Cogliati andrea.cogliati at owasp.org
Fri Nov 7 13:43:05 EST 2008

This week I had the privilege to attend one of the most exciting  
OWASP events ever, the OWASP Summit 2008, held in Albufeira,  
Portugal. 80+ application security experts, OWASP leaders and key  
industry players from 20+ countries joined forces to present new  
tools, documentations, and ideas. During the summit we collectively  
identified, coordinated and prioritized our 2009 efforts to create a  
more secure Internet. The official press release will soon be  
published on the OWASP web site; here are few highlights:

- New Free Tools and Guidance: thanks to the Summer of Code 2008 and  
the hard work of several project leaders, contributors and reviewers,  
OWASP released Live CD 2008, many new testing tools, static analysis  
tools, the Enterprise Security API (ESAPI 1.4), AntiSamy, the  
Application Security Verification Standard (ASVS), and many more. The  
all new 380+ page-long Testing Guide, publicly praised by John  
Steven, Senior Director with Cigital, is a significant example of  
what the OWASP community can deliver.

- New Outreach Program: OWASP has expanded its outreach effort by  
building relationships with technology vendors, framework providers,  
and standards bodies. In addition, a new program to provide free one- 
day seminars at universities and developer conferences worldwide has  
been piloted.

- New Global Committee Structure: OWASP established six new  
committees that will constitute the "middle-management" of our  
growing organization and will focus on key function or geographic  
region, such as projects, conferences, local chapters, and industry  

The full results of the summit will be captured and released in the  
next few weeks.

Among the future projects, the Top Ten 2009, arguably OWASP's  
flagship project, is probably the one that will require the biggest  
collective effort. OWASP wants to collect the largest possible amount  
of data to capture the most important vulnerabilities currently  
plaguing real world web applications. While everything in OWASP is  
free and open, OWASP recognizes the need of privacy and  
confidentiality of its members and contributors, both individual and  
corporate. OWASP is ready to discuss organizations' sensitive data  
with the strictest confidentiality or under NDA, if necessary. If you  
or your employers or customers have statistics on application  
vulnerabilities, please consider sharing them with OWASP for the  
purpose of this project.

I hope to see you at the next OWASP meeting in Rochester, scheduled  
for November 17th, so I can brief you on the Summit in more detail.


More information about the Owasp-rochester-announce mailing list