This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions"
Sarah Baso (talk | contribs) |
Sarah Baso (talk | contribs) |
||
Line 6: | Line 6: | ||
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes. | Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes. | ||
<br> | <br> | ||
− | ==Track 1: Browser Security== | + | ==[[:Working Sessions Browser Working Group|Track 1: Browser Security]]== |
{{:Template:Summit_2011_Working_Sessions/Columns}} | {{:Template:Summit_2011_Working_Sessions/Columns}} | ||
{{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}} | ||
Line 19: | Line 19: | ||
|} | |} | ||
− | ==Track 2: Cross-Site Scripting Eradication== | + | ==[[:Working Sessions XSS Eradication|Track 2: Cross-Site Scripting Eradication]]== |
{{:Template:Summit_2011_Working_Sessions/Columns}} | {{:Template:Summit_2011_Working_Sessions/Columns}} | ||
{{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}} | ||
Line 30: | Line 30: | ||
|} | |} | ||
− | ==Track 3: University Outreach, Education, and Training== | + | ==[[:Working Sessions University Outreach|Track 3: University Outreach, Education, and Training]]== |
{{:Template:Summit_2011_Working_Sessions/Columns}} | {{:Template:Summit_2011_Working_Sessions/Columns}} | ||
{{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}} | ||
Line 40: | Line 40: | ||
|} | |} | ||
− | ==Track 4: No Fluff, Just Stuff== | + | ==[[:Working Sessions No Fluff Just Stuff|Track 4: No Fluff, Just Stuff]]== |
{{:Template:Summit_2011_Working_Sessions/Columns}} | {{:Template:Summit_2011_Working_Sessions/Columns}} | ||
{{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}} | ||
Line 57: | Line 57: | ||
{{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}} | ||
{{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}} | ||
− | |||
− | |||
|} | |} | ||
− | ==Track: OWASP== | + | ==[[:Working Sessions Global Committees|Track: OWASP]]== |
{{:Template:Summit_2011_Working_Sessions/Columns}} | {{:Template:Summit_2011_Working_Sessions/Columns}} | ||
{{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}} | ||
Line 71: | Line 69: | ||
{{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}} | ||
{{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}} | ||
+ | |} | ||
+ | |||
+ | |||
+ | ==Track: To Be Determined== | ||
{{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}} | ||
{{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}} | {{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}} |
Revision as of 23:14, 13 December 2010
Return to the Global Summit 2011 Home Page
Return to the Global Summit 2011 Schedule
Click on the working session name to see more details about that particular session. During the Summit these working session pages will be used to document discussions and outcomes.
Track 1: Browser Security
Name of Working Session | Objective(s) | Outcome(s) / Deliverable(s) | Owner/Leader | Members/Attendees | |
view edit |
DOM Sandboxing |
|
|
Jasvir Nagra Gareth Heyes @ |
Email John Wilander if you are unable to edit the Wiki and would like to sign up! @
Michael Coates Stefano Di Paola Isaac Dawson Chris Eng @ |
view edit |
HTML5 Security |
|
|
Mario Heiderich Gareth Heyes @ |
John Wilander @
Stefano Di Paola Isaac Dawson Chris Eng @ Nishi Kumar @ Elke Roth-Mandutz @ Nuno Loureiro @ |
view edit |
EcmaScript 5 Security |
|
|
Mario Heiderich TBC |
John Wilander @
Michael Coates @
Stefano Di Paola Isaac Dawson Abraham Kang Gareth Heyes |
view edit |
Enduser Warnings |
|
|
John Wilander @ |
John Wilander @
Michael Coates @
Vishal Garg @ |
view edit |
Site Security Policy |
|
John Wilander @ Michal Coates @ |
John Wilander @
Michael Coates @
Stefano Di Paola Tobias Gondrom @ | |
view edit |
Securing Plugins |
|
John Wilander @
Michael Coates @ | ||
view edit |
Blacklisting |
|
John Wilander @
Michael Coates @ | ||
view edit |
OS Integration |
|
John Wilander @
Michael Coates @ | ||
view edit |
Track 2: Cross-Site Scripting Eradication
Name of Working Session | Objective(s) | Outcome(s) / Deliverable(s) | Owner/Leader | Members/Attendees | |
view edit |
XSS and the Frameworks |
|
|
Justin Clarke @ |
Chris Eng @
Abraham Kang |
view edit |
XSS - Awareness, Resources, and Partnerships |
|
|
Justin Clarke @ |
Chris Eng @
Abraham Kang Sherif Koussa @ |
view edit |
WAF Mitigations for XSS |
|
|
Ryan Barnett @ |
Lucas C. Ferreira @
Justin Clarke @ Abraham Kang Mario Heiderich Gareth Heyes |
view edit |
|||||
view edit |
|
Track 3: University Outreach, Education, and Training
Name of Working Session | Objective(s) | Outcome(s) / Deliverable(s) | Owner/Leader | Members/Attendees | |
view edit |
University Outreach |
|
|
Martin Knobloch @ |
Nishi Kumar @
Cecil Su @ Elke Roth-Mandutz @ Heiko Richler @ Lucas C. Ferreira @ Jason Taylor @ Carlos Serrão @ Konstantinos Papapanagiotou @ Mateo Martinez @ |
view edit |
OWASP Academies |
|
|
Sandra Paiva @ |
Martin Knobloch @
Paulo Coimbra @ Dinis Cruz @ Nishi Kumar @ Cecil Su @ Heiko Richler @ Lucas C. Ferreira @ Jason Taylor @ Mateo Martinez @ Konstantinos Papapanagiotou @ Carlos Serrão @ Matteo Meucci @ Elke Roth-Mandutz @ |
view edit |
OWASP Training |
|
|
Sandra Paiva @ |
Martin Knobloch @
Nishi Kumar @ Cecil Su @ Heiko Richler @ Lucas C. Ferreira @ Jason Taylor @ Achim Hoffmann @ Mark Bristow @ Mateo Martinez @ Vishal Garg @ Matteo Meucci @ Jeremy Long @ Seba Deleersnyder @ Ralph Durkee @ |
view edit |
Developer's Security Training Package |
|
|
Brad Causey @ |
Martin Knobloch @
Nishi Kumar @ Jason Taylor @ Carlos Serrão @ Konstantinos Papapanagiotou @ Ralph Durkee @ Mikko Saario @ Mateo Martinez @ Sherif Koussa @
|
Track 4: No Fluff, Just Stuff
Name of Working Session | Objective(s) | Outcome(s) / Deliverable(s) | Owner/Leader | Members/Attendees | |
view edit |
Applying ESAPI Input Validation |
|
|
Chris Schmidt @ |
Nishi Kumar @
Justin Clarke @ John Steven @ |
view edit |
Defining AppSensor Detection Points |
|
|
Michael Coates @ |
Ryan Barnett @
Colin Watson Chris Schmidt @ |
view edit |
Contextual Output Encoding |
|
|
Chris Schmidt @ |
Justin Clarke @ Abraham Kang |
view edit |
Protecting Information Stored Client-Side |
|
|
John Steven @ |
Elke Roth-Mandutz @
Jim Manico @ Chris Schmidt @ Justin Clarke @ Fred Donovan @ Antonio Fontes @ |
view edit |
Protecting Against CSRF |
|
Chris Schmidt @
Ryan Barnett @ Mark Thomas @ Vishal Garg @ | ||
view edit |
Providing Access to Persisted Data |
|
|
Dan Cornell @ |
Chris Schmidt @ Justin Clarke @ Dan Cornell @ John Steven @ Ralph Durkee @ |
view edit |
The Future of the OWASP Secure Coding Workshop |
|
|
John Steven @ Chris Schmidt @ |
Justin Clarke @ Jeremy Long @Summit 2011 Working Sessions/Session032 |
view edit |
ESAPI for Ruby |
|
|
Paolo Perego @ |
|
view edit |
ESAPI-CORE |
|
|
Jim Manico @ |
Paolo Perego @
Jim Manico @ |
view edit |
Building the OWASP Brazilian Leaders Group |
|
|
Lucas C. Ferreira @ |
L. Gustavo C. Barbato @
Eduardo Jorge Feres Serrano Neves @ |
view edit |
Government Outreach |
|
|
Doug Wilson @ |
Lucas C. Ferreira @
Mateo Martinez @ Colin Watson |
view edit |
Global Conferences Committee Monthly Meeting |
|
Mark Bristow @ |
Mark Bristow @
Lucas C. Ferreira @ Neil Matatall @ Ralph Durkee @ | |
view edit |
|||||
view edit |
OWASP Certification |
|
|
Dinis Cruz @
Matthew Chalmers @ Mateo Martinez @ Jeremy Long @ Matteo Meucci @ Seba Deleersnyder @ Ralph Durkee @ Nuno Loureiro @ |
Track: OWASP
Name of Working Session | Objective(s) | Outcome(s) / Deliverable(s) | Owner/Leader | Members/Attendees | |
view edit |
OWASP Board/Committee Governance |
|
|
Mark Bristow @ Jason Li @ Tom Brennan @ |
Jim Manico @
Nishi Kumar @ Joe Bernik Matthew Chalmers @ Sarah Baso @ Kate Hartmann @ John Steven @ Seba Deleersnyder @ |
view edit |
OWASP Projects |
|
|
Brad Causey @ Jason Li @ |
Seba Deleersnyder @
Nishi Kumar @ |
view edit |
OWASP Industry Outreach |
|
Eoin Keary @ Colin Watson |
Lorna Alamri @
David Campbell Eoin Keary Matt Tesauro Joe Bernik Nishi Kumar @ Lucas C. Ferreira @ Tobias Gondrom @ Vehbi Tasar Colin Watson Jason Taylor @ Sarah Baso @ Mateo Martinez @ Konstantinos Papapanagiotou @ | |
view edit |
Membership |
|
|
Dan Cornell @ |
Michael Coates @
Mateo Martinez @ Dan Cornell @ Ofer Maor @ |
view edit |
Connections |
|
|
Jim Manico @ Justin Clarke @ |
Achim Hoffmann @
Doug Wilson @ |
view edit |
Chapters |
|
|
Seba @ |
Mandeep Khera
Matthew Chalmers @ Matteo Meucci @ Mateo Martinez @ Ferdinand Vroom @ Helen Gao @ Ofer Maor @ Antonio Fontes @ |
view edit |
Education |
|
|
Martin Knobloch @ |
Nishi Kumar @
Cecil Su @ Jason Taylor @ |
Track: To Be Determined
|- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Conferences - Improving Conference Planner Support
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Discuss the GCC's current 2011 Plan of action and new initiatives
- Review comments provided in the Conference Planner Survey
- Discuss mechanisms to improve Planner/Operational Support
- Discuss mechanisms to improve event marketing/sponsorships
- Discuss Global Conference Sponsorship Plan
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- The OWASP 2011 Conference Plan – describing the plan for continuing to make our conferences even better, specifically defining the various tiers of conferences, naming, partnering with other entities, and other challenges.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Mark Bristow @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Lorna Alamri @
Nishi Kumar @
Lucas C. Ferreira @
Ralph Durkee @
Matthew Chalmers @
Matteo Meucci @
Mateo Martinez @
Neil Matatall @
Seba Deleersnyder @
L. Gustavo C. Barbato @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Around the World
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Internationalization
- Global Job Board
- New OWASP chapters in parts of the world where we have not spread much yet
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A white paper with specific recommendations on how we can ensure the greatest amount of access and involvement with OWASP for all people everywhere.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Matthew Chalmers @
Mateo Martinez @
Cecil Su @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | What is an OWASP Leader?
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Define what it means to be an OWASP Leader
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Definition of critera for OWASP Leaders
- A standard defining exactly what characterizes an OWASP Leader, for use in providing benefits and prioritizing support.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Dinis Cruz @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Matthew Chalmers @
Chris Schmidt @
Mark Bristow @
Antonio Fontes @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Overhauling the OWASP Website
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Revisit goals from previous working session
- Identify available Google Apps (e.g. Code Review, Moderator, Short Links, Project Hosting, Groups, etc) that we can leverage to support OWASP Website Infrastructure.
- Review Website Overhaul Proposal for consideration
- Decide what elements should be outsourced/contracted to expedite implementation
- Resolve on schedule for achieving goals
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A project plan describing the future of web support for the OWASP ecosystem (think social) that covers all the various constituents, stakeholders, users, leaders, etc…. The plan will define all the steps necessary to get there and provide a rough estimate of the effort to get there. To the maximum extent possible, the plan will be designed to be parallelizable so that parts can be worked independently.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Jason Li @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Larry Casey
Michael Coates @
Colin Watson
Nishi Kumar @
Dinis Cruz @
Matthew Chalmers @
Justin Clarke @
Mark Bristow @
Seba Deleersnyder @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Computer Crime Laws
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Understand the current laws/frameworks in place in relation to computer crime and prevention
- Discuss ways these laws are currently failing consumers in protecting assets
- Discuss possible amendments to the laws/frameworks to better protect the public
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A study evaluating the existing computer crime laws and how they might be applied to the current set of application security attacks. Recommendations for a new legal framework.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Daniel Cuthbert @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Matthew Chalmers @
Abraham Kang |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Sandboxed Tabs/Domains/Browser
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Browser Security Report
- Browser Security Priority List
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | John Wilander @
Michael Coates @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Security Refactorings
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Goals and Scope of initial "Security Refactorings"
- High level Organization of Code Example Smells
- Format to present Security Refactorings
- Solutions and Segmenting of work.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- 1. Goals and Scope of initial "Security Refactorings"
- 2. High level Organization of Code Example Smells
- 3. Format to present Security Refactorings
- 4. Solutions and Segmenting of work.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Abraham Kang @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Abraham Kang @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Portuguese Language Project
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Kickstart the project
- Define leadership and roles
- Prioritize documents
- List all Portuguese materials available
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A prioritized action plan for getting OWASP materials created in Portuguese
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Lucas C. Ferreira @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Paulo Coimbra @
Sandra Paiva @
Alexandre Agustini @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" |
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Summit 2011 Working Sessions/Session050 Summit 2011 Working Sessions/Session051 |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Testing Guide
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Show the v3, and debating what we need to create an excellent v4
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- An updated outline for the testing guide that is tied into the OWASP common numbering scheme
- A short white paper with ideas for revisions to the Testing Guide for evaluation and discussion by the community at large.
- A committed project manager who can reach out to experts to get the document completed.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Matteo Meucci @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Nishi Kumar @
Cecil Su @
Lucas C. Ferreira @
Tom Neaves @
Vishal Garg @
Giorgio Fedon @
Stefano Di Paola @
Pavol Luptak @
Antonio Fontes @
Christian Martorella @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Java Project
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Restart the Java project
- Find new leadership
- Recruit volunteers
- Build a new Roadmap for the project
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Action plan for the project
- New project leader
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Lucas C. Ferreira @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Mateo Martinez @
Daniel Brzozowski @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Board Structure
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | John Steven @
Colin Watson
Mark Bristow @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Risk Metrics
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Quantify business criticality of a deployed application
- Translate technical risks into business risks (speak the language of management)
- Translate technical risk into approximate financial risk
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Paper describing definitions and formula for determining business criticality
- Paper translating technical language and risks into business language and monetary risk
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Chris Wysopal @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Tony UcedaVelez @
Mateo Martinez @
Mikko Saario @
Ofer Maor @
Nuno Loureiro @
Alexandre Miguel Aniceto @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Tools Interoperability (Data Instrumentation)
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Defining consuming and instrumental tools data
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A standard schema for describing application security risks of all types, with a place for all relevant information – whether derived statically, dynamically, manually, or architecturally.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Dinis Cruz @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Stefano Di Paola @
Jeremy Long @
Sherif Koussa @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Metrics and Labeling
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Discuss positive security properties that should be tracked
- Discuss options for consumer-friendly labeling
- Discuss ways to encourage participation in risk labeling
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- White paper sketching out a standard for a software security label and a plan to finalize the standard.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Chris Eng @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |
Vishal Garg @
Alexandre Miguel Aniceto @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Counting and scoring application security defects
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.
- Discuss advantages and disadvantages of a standardized approach.
- Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Chris Eng @
Chris Wysopal @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Jason Taylor @
Justin Clarke @
Sherif Koussa @
Vishal Garg @
Matteo Meucci @
Elke Roth-Mandutz @
Mateo Martinez @
Ofer Maor @
Alexandre Miguel Aniceto @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | Measuring SDLC process performance
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Determine which SDLC activities correlate with more secure software
- Determine how to measure the performance of these activities
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Paper describing the SDLC activities that matter and measurement techniques for their performance
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Chris Wysopal @
Chris Eng @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Eoin Keary @
Nishi Kumar @
Jason Taylor @
Matthew Chalmers @
Justin Clarke @
Seba Deleersnyder @
Sherif Koussa @
Vishal Garg @
Ofer Maor @
Nuno Loureiro @
Tobias Gondrom @ |- valign="bottom"
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | view
edit
| valign="middle" height="30" bgcolor="#EEEEEE" align="center" | OWASP Quotes
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- Open letter to governments
- Open letter to insurance companies
- Tools inoperability
- Tools customization by security consultants
- Wiki leaks & WebAppSec
| valign="middle" height="30" bgcolor="#EEEEEE" align="left"|
- A white paper on how OWASP can use “quotes” effectively to drive awareness and action. The paper will suggest specific strategies for obtaining, vetting, and promoting quotes to achieve our aims.
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" |Dinis Cruz @
| valign="middle" height="30" bgcolor="#EEEEEE" align="left" | Matthew Chalmers @ |}