OWASP SoC 2008 ASDR Reviewers

Frederick Donovan
He is an application security researcher and analyst who programmed his first application over 20 years ago with punched cards. For the past seven years he has been a technical and application security SME for corporate and govt. entities. Recently, he presented an application security session at the Gartner IT Security Summit.

Kenneth R. van Wyk
Kenneth R. van Wyk is an internationally recognized information security expert and author of the O’Reilly and Associates books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, (http://www.KRvW.com), he currently holds numerous positions: Founder and moderator of the “Secure Coding” mailing list, SC-L@SecureCoding.org, Member of the Board of Directors and Steering Committee for non-profit organization, FIRST.org, Inc. (http://www.first.org), monthly columnist for on-line security portal, eSecurityPlanet(http://www.eSecurityPlanet.com), and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute (http://www.sei.cmu.edu).

Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities. Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®).

He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is also a CERT® Certified Computer Security Incident Handler.

William Smith
His background is generally IT focused with the last 4 years in security and controls. Currently he's an internal auditor for a financial company. He spend a lot of time reviewing documentation and checking controls for security related issues or vulnerabilities. He also does training for the auditors to help them understand IT General controls and what vulnerabilities are, what they could be, and how to find them. He has had about 3 years experience testing security controls on applications. He does some programming, though I am not a programmer. He understands concepts for applications and can read (and program utilities in) Java, Ruby, C++, VB.net, C#, Python and a few other older programming languages (currently looking into newLisp). He can write documentation fairly well, edit professionally and review with an eye of expertise.