From yvanboily at gmail.com Tue Aug 20 18:38:14 2013 From: yvanboily at gmail.com (Yvan Boily) Date: Tue, 20 Aug 2013 11:38:14 -0700 Subject: [Owasp-std] OWASP Security for Developers Message-ID: Hi All, For quite some time now I have been working with several organizations here in Vancouver, and with my team and team members to improve our security program and the tools for our developers there. When Mark Curphey stepped down from OWASP I took up the OWASP Security Tools for Developers project, but there was a lack of response and engagement on that project. For a couple of reasons I would like to end the OWASP STD project (not the least of which is the unfortunate name!). I would like to reboot the project as OWASP Security for Developers, with the following objectives: * work with tool developers to provide concise documentation on how to immediately start using tools and getting results * produce documentation on how to manage source code (repos, access, auditing, etc) * interact with development teams across the spectrum of experience levels and work out how to best support developers with tactical and strategic guidance * provide an assessment of many of the security in the development lifecycle programs, and illustrate the strengths and weaknesses of each based on the size of team and nature of the development organization What I don't want to do is: * reinvent the tooling wheel (there are a ton of tools and projects, and less about how to run a program using them) * design Yet Another Do Security Like This standard or document I will be at AppSecEU, and would love to get feedback from people before I draft the appropriate documentation to pitch the project. Will trade drinks for feedback! Cheers, Yvan Boily -------------- next part -------------- An HTML attachment was scrubbed... URL: