« Free Atlas of Cyberspace
NSA Posts Secrets to Writing Secure Code – Write at 38 LOC Per Day »

OWASP CISO Panel

I didn’t go to OWASP NYC (put off by the vulnerability circus to be brutally honest) but I just watched the CISO panel and it’s just fantastic to see a panel of CISO’s discussing really important application security topics.

Jim Routh

  • ‘…..view application security as a supply chain management problem’. Very wise!
  • ‘Static analysis tools are most effective when developers feel they own them on their desktop…… like a spell checker.’
  • ‘developers don’t care about vulnerabilities but do care about software defects, sell them on software defects’

Phil Venables

  • ‘….you have to draw the line first and sell the benefits after’
  • ‘ …..business start to see improved reliability and performance…. improved time to market’.

Well worth the time to watch!

 

I vote for a 3 track conference next year;

 

1. Building Secure Systems

2. Managing Secure Software Development

3. Hacks and Parlor Tricks

 

Explore posts in the same categories: Information Security Economics, OWASP, Security Industry, Web Security, information security, open source

This entry was posted on October 20, 2008 at 12:43 pm and is filed under Information Security Economics, OWASP, Security Industry, Web Security, information security, open source. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

5 Comments on “OWASP CISO Panel”

  1. Daniel Says:

    October 20, 2008 at 2:37 pm

    You really have it out for anyone who does assessments these days :)

    Reply
  2. mcurphey Says:

    October 20, 2008 at 3:35 pm

    Not at all sir. Watched your video today as well, very good. It’s just the circus that surrounds the latest parlor tricks is so useless in the grand scheme of things IMHO of course ;-)

    Reply
  3. Daniel Says:

    October 20, 2008 at 4:23 pm

    Oh on that point I agree, this whole click jack shite is a joke. It’s funny how today’s consultant has to have a degree in marketing, just in order to hype the bug.

    I do agree that this years talks were more on the breaking side, having said that, i often feel not many people are doing the building stuff well enough to talk about it, and those who are, well work for companies that don’t like to release them.

    Reply
  4. Eoin Says:

    October 21, 2008 at 4:43 pm

    love the “degree in marketing”, dan. I’ve had enough of the circus also to be honest. At the end of the day that shite sells.

    Building secure applications or code review just aint that sexy as opposed to the armageddon of click jacking, surfjacking or granny plugging out my server to hoover the server room…..

    “lets get the sex out of sexurity” :)

    Reply
  5. mcurphey Says:

    October 21, 2008 at 5:41 pm

    …..granny plugging out my server to hoover the server room…..

    “lets get the sex out of sexurity

    ROFL – Thats so wrong, yet so right ;-)

    Reply

Comment: