This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Don't Judge a Website by its Icon - Read the Label!"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one other user not shown)
Line 4: Line 4:
 
<br>
 
<br>
 
== The presentation  ==
 
== The presentation  ==
 +
 +
See presentation at [http://www.slideshare.net/DinisCruz/2010-11-owaspsoftwarelabels SlideShare]
  
 
[[Image:Owasp_logo_normal.jpg|right]]The software market is broken - at least as far as security is concerned. When security is invisible, buyers can't make informed decisions, and vendors have no incentive to create secure applications. Forcing vendors with liability and regulatory regimes encourages vendors to bury details about security and will not fix the market. This is exactly why OWASP's mission is "to make application security visible, so that people and organizations can make informed decisions about true application security risks." We believe improved visibility will, over time, create a market for software that is not riddled with vulnerabilities. Even making simple facts visible can make a difference, such as whether the developers who built the software were trained in security, the security controls present in the software, the process used to build and test the software, etc... Currently, even the most basic facts are helpful, such as the languages used, the number of lines of code, libraries used, and connections made. This is not the time to let perfect be the enemy of good enough. We need software security labels now, so Jeff will release a free and open tool to help you create your own “Security Facts” labels at this talk!
 
[[Image:Owasp_logo_normal.jpg|right]]The software market is broken - at least as far as security is concerned. When security is invisible, buyers can't make informed decisions, and vendors have no incentive to create secure applications. Forcing vendors with liability and regulatory regimes encourages vendors to bury details about security and will not fix the market. This is exactly why OWASP's mission is "to make application security visible, so that people and organizations can make informed decisions about true application security risks." We believe improved visibility will, over time, create a market for software that is not riddled with vulnerabilities. Even making simple facts visible can make a difference, such as whether the developers who built the software were trained in security, the security controls present in the software, the process used to build and test the software, etc... Currently, even the most basic facts are helpful, such as the languages used, the number of lines of code, libraries used, and connections made. This is not the time to let perfect be the enemy of good enough. We need software security labels now, so Jeff will release a free and open tool to help you create your own “Security Facts” labels at this talk!
Line 11: Line 13:
 
'''Jeff Williams'''
 
'''Jeff Williams'''
  
Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
+
[[User:Jeff Williams|Jeff Williams]] is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 +
 +
== Related posts  ==
 +
 +
* [http://blog.diniscruz.com/2012/12/software-labels-jeffs-owasp-appsecdc.html Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)]

Latest revision as of 07:34, 9 December 2012

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

See presentation at SlideShare

Owasp logo normal.jpg
The software market is broken - at least as far as security is concerned. When security is invisible, buyers can't make informed decisions, and vendors have no incentive to create secure applications. Forcing vendors with liability and regulatory regimes encourages vendors to bury details about security and will not fix the market. This is exactly why OWASP's mission is "to make application security visible, so that people and organizations can make informed decisions about true application security risks." We believe improved visibility will, over time, create a market for software that is not riddled with vulnerabilities. Even making simple facts visible can make a difference, such as whether the developers who built the software were trained in security, the security controls present in the software, the process used to build and test the software, etc... Currently, even the most basic facts are helpful, such as the languages used, the number of lines of code, libraries used, and connections made. This is not the time to let perfect be the enemy of good enough. We need software security labels now, so Jeff will release a free and open tool to help you create your own “Security Facts” labels at this talk!

The speaker

Jeff Williams

Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.

Related posts