This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Industry:e-Consumer Protection Consultation
Return to Global Industry Committee
ACTIVITY IDENTIFICATION | |||
---|---|---|---|
Activity Name | OFT e-Consumer Protection Consultation | ||
Short Description | Provide response to " e-Consumer Protection Consultation" | ||
Related Projects | None | ||
Email Contacts & Roles | Primary Colin Watson |
Secondary TBC |
Mailing list Please use the Industry Committee list |
ACTIVITY SPECIFICS | |||
---|---|---|---|
Objectives |
| ||
Deadlines |
| ||
Status |
| ||
Resources | Consultation notice and documents
|
Submission Response
Latest first
Final version
Grouped into single response, each with its own "About OWASP
'Promoting Business Compliance'
BC1. Why do businesses not use guidance more often, and what can we do to encourage them to?
Much guidance is not easy to find and often it has to be paid for. The OFT should promote access to high-quality free standards, guidance and procedures.
This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.
OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:
- Leeds/North http://www.owasp.org/index.php/Leeds_UK
- London http://www.owasp.org/index.php/London
- Scotland http://www.owasp.org/index.php/Scotland
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:
- The Open Web Application Security Project http://www.owasp.org/
- About The Open Web Application Security Project http://www.owasp.org/index.php/About_OWASP
- OWASP Global Industry Committee http://www.owasp.org/index.php/Global_Industry_Committee
- Legislation, standards, guidelines, etc referencing OWASP http://www.owasp.org/index.php/Industry:Citations
BC2. How can we make guidance on existing and future consumer protection
regulation more accessible and user friendly (for example, are there exemplars
we could follow and is there a specific location where guidance should be held
such as Directgov, the OFT website, etc)?
OWASP produces a range of comprehensive, expert-reviewed, standards, guidance documents, code libraries and tools for organisations designing, developing and operating websites and web applications. Some key ones are:
- Top Ten - The Ten Most Critical Web Application Security Risks http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- Development Guide http://www.owasp.org/index.php/OWASP_Guide_Project
- Code Review Guide http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents
- Testing Guide http://www.owasp.org/index.php/OWASP_Testing_Project
- Application Security Verification Standard http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- Software Assurance Maturity Model http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
All the output is available free-of-charge to anyone without registration, and printed copies can be bought at cost. The materials are so well regarded, they are referenced by many other national and international standards such as PCI DSS:
- Legislation, standards, guidelines, etc referencing OWASP http://www.owasp.org/index.php/Industry:Citations
Much of the documentation is aimed at development and verification staff, but SAMM is much more aligned with the governance of such matters, and the Top Ten specifically discusses issues for website owners.
This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.
OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:
- Leeds/North http://www.owasp.org/index.php/Leeds_UK
- London http://www.owasp.org/index.php/London
- Scotland http://www.owasp.org/index.php/Scotland
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:
- The Open Web Application Security Project http://www.owasp.org/
- About The Open Web Application Security Project http://www.owasp.org/index.php/About_OWASP
- OWASP Global Industry Committee http://www.owasp.org/index.php/Global_Industry_Committee
- Legislation, standards, guidelines, etc referencing OWASP http://www.owasp.org/index.php/Industry:Citations
Draft Text
Introduction
This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.
Response
'Promoting Business Compliance'
BC1. Why do businesses not use guidance more often, and what can we do to encourage them to?
Much guidance is not easy to find and often it has to be paid for. The OFT should promote access to high-quality free standards, guidance and procedures.
BC2. How can we make guidance on existing and future consumer protection regulation more accessible and user friendly (for example, are there exemplars we could follow and is there a specific location where guidance should be held such as Directgov, the OFT website, etc)?
OWASP produces a range of comprehensive, expert-reviewed, standards, guidance documents, code libraries and tools for organisations designing, developing and operating websites and web applications. Some key ones are:
- Top Ten - The Ten Most Critical Web Application Security Risks http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- Development Guide http://www.owasp.org/index.php/OWASP_Guide_Project
- Code Review Guide http://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents
- Testing Guide http://www.owasp.org/index.php/OWASP_Testing_Project
- Application Security Verification Standard http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- Software Assurance Maturity Model http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
All the output is available free-of-charge to anyone without registration, and printed copies can be bought at cost. The materials are so well regarded, they are referenced by many other national and international standards such as PCI DSS:
- Legislation, standards, guidelines, etc referencing OWASP http://www.owasp.org/index.php/Industry:Citations
Much of the documentation is aimed at development and verification staff, but SAMM is much more aligned with the governance of such matters, and the Top Ten specifically discusses issues for website owners.
About OWASP
OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:
- Leeds/North http://www.owasp.org/index.php/Leeds_UK
- London http://www.owasp.org/index.php/London
- Scotland http://www.owasp.org/index.php/Scotland
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:
- The Open Web Application Security Project http://www.owasp.org/
- About The Open Web Application Security Project http://www.owasp.org/index.php/About_OWASP
- OWASP Global Industry Committee http://www.owasp.org/index.php/Global_Industry_Committee
- Legislation, standards, guidelines, etc referencing OWASP http://www.owasp.org/index.php/Industry:Citations
Return to Global Industry Committee