Summit 2011 Working Sessions/Session075

From OWASP
Jump to: navigation, search

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. owasp.jpg S is for Safety (as well as Security)
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Banner-securitysafety-2.png

This session has two aspects - safety critical systems, and safety in regards to protection of vulnerable groups (e.g. children).

  • What can OWASP learn from software safety engineering?
  • What can OWASP contribute to software safety engineering?
  • How does OWASP's work tie in to wider concerns about internet safety?

Get your helmets (hard hats) on and come along to discuss whether we need a new OWASP project, a new OWASP guide or embed safety thinking throughout OWASP's work.

This session will be particularly relevant to those interested in process control, safety critical applications, critical national infrastructure and other applications that could have a direct impact on system & human safety.

Related Projects (if any)


Email Contacts & Roles Chair
Colin Watson

Operational Manager
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Create a whitepaper on application security for critical systems
  2. Create a whitepaper on how application security protects people

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
Safety is not only concerned with confidentiality, integrity and availability. A safety-critical system (or life-critical system) is one where failure or malfunction can lead to (Wikipedia):
  • death or serious injury to people, or
  • loss or severe damage to equipment or
  • environmental harm.

In languages other than English, the distinction between "safety" and "security" may be less clear. Here is a good description of their slightly different meanings in English.

With software being used in so many safety-critical systems, the impact of application security flaws can have critical impacts on humans, equipment and the environment. There have been great advances in safety system design, but control system security is less advanced (Byres & Cusimano).

This session will discuss whether and how OWASP should contribute to the efforts in system safety.

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A white paper describing how the safety ecosystem overlaps with the OWASP ecosystem and whether there should be more bridges built between them.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Fred Donovan @