This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Summit 2011 Working Sessions/Session068"
(Created page with "Aparently there was a collabotation link posted for the session? Can anyone put that here for reference? I'll put my $0.02 here in the mean time. We should make the easy stuff ...") |
|||
Line 1: | Line 1: | ||
− | Aparently there was a | + | Aparently there was a collaboration link posted for the session? Can anyone put that here for reference? |
I'll put my $0.02 here in the mean time. | I'll put my $0.02 here in the mean time. | ||
− | We should make the easy stuff go away,have the hard stuff well documented,and go to where devs are.They're too busy to come to us. | + | We should make the easy stuff go away, have the hard stuff well documented, and go to where devs are. They're too busy to come to us. |
− | What can be solved by a framework or CSP flag should be, and what can't should be documented in the framework or language docs | + | What can be solved by a framework or with a mechanism like a CSP flag should be, and what can't should be documented in the framework or language docs. |
− | OWASP needs to connect with publishers to further that goal. | + | Simply put, if you want to give devs security information, it needs to be in the places the devs go. That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well. |
+ | |||
+ | OWASP also needs to connect with publishers to further that goal. | ||
-- SPinkham | -- SPinkham |
Latest revision as of 18:38, 8 February 2011
Aparently there was a collaboration link posted for the session? Can anyone put that here for reference?
I'll put my $0.02 here in the mean time.
We should make the easy stuff go away, have the hard stuff well documented, and go to where devs are. They're too busy to come to us.
What can be solved by a framework or with a mechanism like a CSP flag should be, and what can't should be documented in the framework or language docs.
Simply put, if you want to give devs security information, it needs to be in the places the devs go. That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well.
OWASP also needs to connect with publishers to further that goal.
-- SPinkham