Why gov't security pros must attend OWASP AppSec DC
CSO - I go to many security conferences each year, but there's one I keep missing: OWASP AppSec DC. It's a shame, because I've gotten to know a lot of the folks involved with it and they have a lot to offer those trying to figure out the complicated art of application security.
A little history: The Open Web Application Security Project (OWASP) is an open community dedicated to "enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security." It advocates approaching application security as a people-process-technology problem because "the most effective improvements need to cover all of these areas."
Last year I was there for a brief couple of hours, and the proceedings hadn't really started yet. I was in town for another event and stopped by long enough to do a podcast about OWASP's drive for better app security.
I'm going to miss it again next month because of other commitments, but that's not going to stop me from getting some of you there. One of the big topics is Supply Chain Risk Management, according to Doug Wilson, principal consultant at Mandiant and a lead organizer of OWASP AppSec DC 2010, which takes place Nov. 8-11 at the Walter E. Washington Convention Center, 801 Mount Vernon Place, NW Washington:
"Software Assurance is a big, lacking area for SCRM," Wilson told me in an e-mail last week. "A lot of physical products have good supply chain risk management practices, but software really has crappy ones."
This year, the goal is for OWASP AppSec DC to blend the challenges of government and the private sector, Wilson said, adding that the private sector and organizations like OWASP are way ahead of where the government is at.
When I interviewed OWASP members last year, all agreed app security is half a decade behind where it should be, especially at the government level. For examples of why that is, read Web Application Security Today - Are We All Insane?
To help bring attention to the importance of such events, I'm repeating six useful tips OWASP member Matt Fisher shared with me last year regarding some of the key problems with app security today and how to turn things around:
1. Build a community. Large enterprises like the Federal government are particularly prone to the silo effect; a simple intranet site that's well managed can work wonders to leverage the expertise throughout an entire department.
2. Spread the expertise. Right now the majority of what application security knowledge exists within security groups. This is a good start but ultimately the programs build and fix the applications; staff them with experts, too.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Applications White Papers | Webcasts