Industry:e-Consumer Protection Consultation

From OWASP
Jump to: navigation, search


Return to Global Industry Committee

ACTIVITY IDENTIFICATION
Activity Name OFT e-Consumer Protection Consultation
Short Description Provide response to " e-Consumer Protection Consultation"
Related Projects None
Email Contacts & Roles Primary
Colin Watson
Secondary
TBC
Mailing list
Please use the Industry Committee list
ACTIVITY SPECIFICS
Objectives
  • Review document - in particular issues relating to web application security
  • Where appropriate, draft a response for submission
  • Submit the response as an official OWASP statement
Deadlines
  • 01 Oct 2010 - Complete first draft response
  • 02 Oct 2010 - Circulate to GIC mailing list
  • 10 Oct 2010 - Prepare final version
  • 12 Oct 2010 - Submit to OFT
Status
  • Closed
Resources Consultation notice and documents


Response submission using a method defined on the above page by 13th October 2010


Submission Response

Latest first


Final version

Grouped into single response, each with its own "About OWASP

'Promoting Business Compliance'

BC1. Why do businesses not use guidance more often, and what can we do to encourage them to?

Much guidance is not easy to find and often it has to be paid for. The OFT should promote access to high-quality free standards, guidance and procedures.

This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.

OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:


BC2. How can we make guidance on existing and future consumer protection regulation more accessible and user friendly (for example, are there exemplars we could follow and is there a specific location where guidance should be held such as Directgov, the OFT website, etc)?

OWASP produces a range of comprehensive, expert-reviewed, standards, guidance documents, code libraries and tools for organisations designing, developing and operating websites and web applications. Some key ones are:

All the output is available free-of-charge to anyone without registration, and printed copies can be bought at cost. The materials are so well regarded, they are referenced by many other national and international standards such as PCI DSS:

Much of the documentation is aimed at development and verification staff, but SAMM is much more aligned with the governance of such matters, and the Top Ten specifically discusses issues for website owners.

This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.

OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:


Draft Text

Introduction

This official response has been submitted on behalf of the Open Web Application Security Project (OWASP) by the OWASP Global Industry Committee, following our own consultation process.

Response

'Promoting Business Compliance'

BC1. Why do businesses not use guidance more often, and what can we do to encourage them to?

Much guidance is not easy to find and often it has to be paid for. The OFT should promote access to high-quality free standards, guidance and procedures.

BC2. How can we make guidance on existing and future consumer protection regulation more accessible and user friendly (for example, are there exemplars we could follow and is there a specific location where guidance should be held such as Directgov, the OFT website, etc)?

OWASP produces a range of comprehensive, expert-reviewed, standards, guidance documents, code libraries and tools for organisations designing, developing and operating websites and web applications. Some key ones are:

All the output is available free-of-charge to anyone without registration, and printed copies can be bought at cost. The materials are so well regarded, they are referenced by many other national and international standards such as PCI DSS:

Much of the documentation is aimed at development and verification staff, but SAMM is much more aligned with the governance of such matters, and the Top Ten specifically discusses issues for website owners.


About OWASP

OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible", so that people and organizations can make informed decisions about application security risks. OWASP has three active chapters in the UK:

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Further information:


Return to Global Industry Committee