While I am a member, I did not attend OWASP‘s conference in Lisbon, Portugal last week. For those of us who did not attend, they have published a summary of the conference, and I found the following initiatives particularly encouraging:
- Mozilla, Google, and Microsoft are discussing common browser security issues.
- OWASP has partnered with the Apache Foundation to help get OWASP code into Apache Projects.
- OWASP projects are being mapped to all major approaches, including Microsoft’s SDLC, BSIMM, and of course the OpenSAMM.
There are more notes, but I feel these are likely to benefit the SaaS community most in the near-term. OWASP is quickly becoming the go-to organization for free and open security information and code libraries, in much the same way as Apache has for other libraries and tools for the last decade and a half.
These developments can only help make all our code more secure, which is good for everyone. I recommend that you take a little time to check out what they have to offer.