1 / 17

OWASP Global Industry Committee

OWASP Global Industry Committee. Colin Watson Global Industry Committee Member colin.watson(at)owasp.org. 25 th June 2009. The World of OWASP. Projects Membership Education Conferences Industry Chapters. Local Chapter. Participants and Contributors. Members. Employees.

jonah-contreras
Télécharger la présentation

OWASP Global Industry Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASPGlobal Industry Committee Colin Watson Global Industry Committee Member colin.watson(at)owasp.org 25th June 2009

  2. The World of OWASP Projects Membership Education Conferences Industry Chapters Local Chapter Participants and Contributors Members Employees Chapter Leaders, Conference Organisers, Project Leaders and Reviewers Board Projects and Working Groups Global Committees

  3. O P C Industry Committee • Rex Booth • David Campbell • Georg Hess • Eoin Keary • Colin Watson • Tom Brennan • Outreach • Position paper / response • Collaborate with other organisations O P C

  4. O P C InfraGard • Collaboration between the US FBI and maintainers of critical national infrastructure • Presentation to Denver chapter of InfraGard • Completed December 2008

  5. O P C DPC BS 8878:2009 • Draft British Standard • First official response • "The goal of any web project should be to create web experiences that are accessible, usable and enjoyable for everyone.“ • Safe and secure? • Response submitted 31 January 2009

  6. O P C Digital Britain Interim Report • A vision for Britain’s digital economy • "Empowered and informed consumers and citizens fully equipped to take advantage of the opportunities convergence brings.“ • "Internet: looking at a range of issues affecting internet users, such as user security and safety and a workable approach to promoting content standards.“ • Response submitted 11 March 2009

  7. O P C Draft NIST SP 800-122 • Document to assist US Federal agencies in protecting the confidentiality of Personally Identifiable Information (PII) • Added information and corrections to online related examples • Response submitted 13 March 2009

  8. O P C Draft NIST SP 800-53 Revision 3 • Key information security document for US federal sector • Controls to comply with the Federal Information Security Management Act (FISMA) • First major update since 2005 • Response submitted 27 March 2009 • Final public draft published June 2009

  9. O P C DPC BS 10012 • Implementation of a Personal Information Management System (PIMS) • PI rather than information security (IS) • Response submitted 31 March 2009 • BS 10012:2009 published May 2009

  10. O P C Frontier Airlines • North American airline based in Denver, Colorado • Presentation covering fundamentals of AppSec and an introduction to OWASP • Completed May 2009

  11. O P C Draft NIST SP 800-118 • Draft Guide to Enterprise Password Management • Suggestions focussed on: • increasing information on application-related issues • providing additional detail and references • password complexity requirements must be related to risk and should be kept secret • Response submitted 29 May 2009

  12. O P C CFP Conference 2009 • Computers, Freedom and Privacy Conference • Tutorial on “The Web is a Dangerous Place” • Completed June 2009

  13. O P C Insurance Institute of London (IIL) • Insurance Aspects of E-Commerce • Book launch • Potential for future collaboration • Completed June 2009

  14. O P C C ENISA Who-Is-Who • European Network and Information Security Agency (ENISA) • EU AppSec EU09 in co-operation with ENISA • Who-is-Who Directory on Network and Information Security 2009 (v4.0) • No OWASP • European chapter leaders • 3 UK chapters • OWASP (international)

  15. O P C SAFEcode Secure Software Development • Software Assurance Forum for Excellence in Code • Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today • In progress • Response due 31 July 2009

  16. O P C Contribute • Participate in OWASP projects • Suggest organisations to engage with and documents/standards/drafts to comment on • Provide input to the response creation and review process • Join the Global Industry Committee’s mailing list http://www.owasp.org/index.php/Global_Industry_Committee

  17. End

More Related