This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Summit 2011 Working Sessions/Session068"

From OWASP
Jump to: navigation, search
(Created page with "Aparently there was a collabotation link posted for the session? Can anyone put that here for reference? I'll put my $0.02 here in the mean time. We should make the easy stuff ...")
 
 
Line 1: Line 1:
Aparently there was a collabotation link posted for the session? Can anyone put that here for reference?
+
Aparently there was a collaboration link posted for the session? Can anyone put that here for reference?
  
 
I'll put my $0.02 here in the mean time.
 
I'll put my $0.02 here in the mean time.
  
We should make the easy stuff go away,have the hard stuff well documented,and go to where devs are.They're too busy to come to us.
+
We should make the easy stuff go away, have the hard stuff well documented, and go to where devs are. They're too busy to come to us.
  
What can be solved by a framework or CSP flag should be, and what can't should be documented in the framework or language docs. Simply put, if you want to give devs security information, it needs to be in the places the devs go.  That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well.  
+
What can be solved by a framework or with a mechanism like a CSP flag should be, and what can't should be documented in the framework or language docs.
  
OWASP needs to connect with publishers to further that goal.
+
Simply put, if you want to give devs security information, it needs to be in the places the devs go.  That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well.
 +
 
 +
OWASP also needs to connect with publishers to further that goal.
  
 
-- SPinkham
 
-- SPinkham

Latest revision as of 18:38, 8 February 2011

Aparently there was a collaboration link posted for the session? Can anyone put that here for reference?

I'll put my $0.02 here in the mean time.

We should make the easy stuff go away, have the hard stuff well documented, and go to where devs are. They're too busy to come to us.

What can be solved by a framework or with a mechanism like a CSP flag should be, and what can't should be documented in the framework or language docs.

Simply put, if you want to give devs security information, it needs to be in the places the devs go. That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well.

OWASP also needs to connect with publishers to further that goal.

-- SPinkham

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Summit_2011_Working_Sessions/Session068&oldid=104526"