Why gov't security pros must attend OWASP AppSec DC
CSO - I go to many security conferences each year, but there's one I keep missing: OWASP AppSec DC. It's a shame, because I've gotten to know a lot of the folks involved with it and they have a lot to offer those trying to figure out the complicated art of application security.
A little history: The Open Web Application Security Project (OWASP) is an open community dedicated to "enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security." It advocates approaching application security as a people-process-technology problem because "the most effective improvements need to cover all of these areas."
Last year I was there for a brief couple of hours, and the proceedings hadn't really started yet. I was in town for another event and stopped by long enough to do a podcast about OWASP's drive for better app security.
I'm going to miss it again next month because of other commitments, but that's not going to stop me from getting some of you there. One of the big topics is Supply Chain Risk Management, according to Doug Wilson, principal consultant at Mandiant and a lead organizer of OWASP AppSec DC 2010, which takes place Nov. 8-11 at the Walter E. Washington Convention Center, 801 Mount Vernon Place, NW Washington:
"Software Assurance is a big, lacking area for SCRM," Wilson told me in an e-mail last week. "A lot of physical products have good supply chain risk management practices, but software really has crappy ones."
This year, the goal is for OWASP AppSec DC to blend the challenges of government and the private sector, Wilson said, adding that the private sector and organizations like OWASP are way ahead of where the government is at.
When I interviewed OWASP members last year, all agreed app security is half a decade behind where it should be, especially at the government level. For examples of why that is, read Web Application Security Today - Are We All Insane?
To help bring attention to the importance of such events, I'm repeating six useful tips OWASP member Matt Fisher shared with me last year regarding some of the key problems with app security today and how to turn things around:
1. Build a community. Large enterprises like the Federal government are particularly prone to the silo effect; a simple intranet site that's well managed can work wonders to leverage the expertise throughout an entire department.
2. Spread the expertise. Right now the majority of what application security knowledge exists within security groups. This is a good start but ultimately the programs build and fix the applications; staff them with experts, too.
- How Four Citrix Customers Solved the Enterprise Mobility Challenge Managing mobile devices, data and all types of apps-Windows, datacenter, web and native mobile- through a single solution.
- 8 Steps to Fill the Mobile Enterprise Application Gap Traveling executives and Millennials alike expect to communicate, collaborate and access their important work applications and data from anywhere on whatever device they...
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Applications White Papers | Webcasts