OWASP Calling It Like It Is « Mark Curphey

OWASP Calling It Like It Is

I just picked up on this sound bite (below) from ages ago about OWASP going to call it like it is in their new Top 10. This should be interesting to follow and a great opportunity for them to “call it like it is” with the PCI requirements. It’s an opportunity not to be squandered to use its muscle for the good of everyone. The OWASP Top 10 has become pretty powerful and this circumstance was exactly what the project was initially set up for afterall! Cut through the BS and politics and provide good honest, neutral information without “angles”.

I am particularly interested in hearing from people in the

PCI DSS arena

Vendors in the WAF, automated code review, and other automated tool arena (yes, we finally discuss if these automated controls are likely to work, but as we don’t know about every product, the more advice we can get the better)

OWASP is such a great community; I really hope the ISM-Community has the same level of affect. It’s has exactly the same growing pains in the first month (lack of time, more volunteers that volunteer helpers and the site not really ready for action) as we had at OWASP so it’s tracking nicely!

Explore posts in the same categories: Security Industry

This entry was posted on March 13, 2007 at 11:15 pm and is filed under Security Industry. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

Mark Curphey - SecurityBuddha.com

OWASP Calling It Like It Is

Comment: