This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
SpoC 007 - OWASP Corporate Application Security Rating Guide
AoC Candidate: Erwin Geirnaert
Project coordinator: Mandeep Khera
Project Progress: 20% Complete, Progress Page
Erwin Geirnaert - OWASP Corporate Application Security Rating Guide
Executive Summary
This is a very interesting opportunity to study the software development market and their commitment to application security. I hope that the results will show to business people that they need to think about security when selecting a product and also vendors should implement a SDL like Microsoft.
The main challenge here is to contact the right people at the organizations that are selected and be able to get the right information. People like CISOs must be able to give input or at least consider the lack of application security.
Objectives and Deliverables
Milestone 1: end of August 2007: selection of the corporations that will be included in the rating guide
Milestone 2: end of September 2007: first draft of the review, limited in review to a few people at the sponsor
Milestone 3: release for review by the OWASP Community at end of October 2007
Milestone 4: published end of November 2007 with the necessary noise by the OWASP PR team and sponsor
Why I should be sponsored for the project
I have more then 10 years experience in Java and J2EE and the last 6 years I have tested and broke a lot of web applications. I gave also some very successful J2EE security courses and web security courses. I spoke at different conferences about application security in Europe. And I am responsible for the security track at Javapolis, one of the biggest Jave conferences in Europe. I am the co-founder of ZION SECURITY where we do security testing, code review, design reviews, training,... I'm also member of the OWASP Belgium board that started in March 2007.
