OWASP EU Summit 2008

SUMMIT CONCLUSIONS DOCUMENT
"ALGARVE, PORTUGAL, November 7, 2008 – The Open Web Application Security Project (OWASP) today announced results from the annual OWASP Summit. Over 80 application security experts from over 20 countries joined forces to identify, coordinate, and prioritize our 2009 efforts to create a more secure Internet.

OWASP is a free and open community that focuses on improving application security. There is overwhelming evidence that the vast majority of web applications contain security holes that are increasingly putting people and organizations at serious risk. Securing web applications is an extraordinarily difficult technical challenge that demands a concerted effort.

“OWASP came together for a week and produced a stunning amount of new ideas,” said OWASP Chair Jeff Williams. “Our community is growing and organizing into a powerful movement that will affect software development worldwide. This summit marks a major milestone our efforts to improve application security. (...)” See here the fully OWASP Board's signed document with OWASP Summit 2008's conclusions" and watch OWASP Board's videos - Jeff Williams and Dinis Cruz.

Key results from the OWASP Summit include:

UPDATED OWASP PRINCIPLES
•	Free & Open,

•	Governed by rough consensus & running code,

•	Abide by a code of ethics (see ethics),

•	Not-for-profit,

•	Not driven by commercial interests,

•	Risk based approach.

UPDATED CODE OF ETHICS
•	Support the implementation of and promote compliance with standards, procedures, controls for application security,

•	Have objectivity, due diligence and professional care in accordance with established standards,

•	Responsible disclosure.

NEW OUTREACH PROGRAMS
•	OWASP has expanded its outreach efforts by building relationships with technology vendors, framework providers, and standards bodies. In addition, we piloted a new program to provide free one-day seminars at universities and developer conferences worldwide.

NEW GLOBAL COMMITTEE STRUCTURE
•	OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees. Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.

How to Join a Global Committee - Applications being accepted until January 9th 2009 for a 24 month term.

NEW FREE TOOLS AND GUIDANCE
•	OWASP announced the release of Live CD 2008, many new testing tools, static analysis tools, the Enterprise Security API (ESAPI v1.4), AntiSamy, the Application Security Verification Standard (ASVS), guidance for Ruby on Rails and Classic ASP, international versions of our materials, and much more.

Find more OWASP Projects at the OWASP Projects Page.

OWASP BOARD MEETING
Board meeting was held at the OWASP Summit - RESULTS.

EVENT'S PHOTOS
More event's photos can be seen here. Summit's slide show.

ARCHIVED DATA
FORMER AGENDA: Click here to see.

SUMMIT BROCHURE: 6 page brochure or this 33 page brochure.

VENUE & TRAVEL ARRANGEMENTS: The OWASP European Summit 2008 was hosted at the 5 start Resort in Algarve Portugal (Grande Real Santa Eulália Resort & Hotel). Hotel booking and the travel arrangements were be handled via Diplomata Tours, the assigned travel agency. The venue location - Google Maps Link. Nearest Airport - Faro.

OTHER LINKS: Press Information, Open Letter to Browsers&Frameworks, OWASP Summit UALG 1 Day Conference, OwaspEU08Summit on Twitter!, OWASP EU Summit 2008 Internals.

SPONSORS: