Difference between revisions of "Security Ecosystem Project"

From OWASP
Jump to: navigation, search
(Undo revision 79229 by Paulo Coimbra (Talk))
Line 27: Line 27:
  
 
==== Project Details ====
 
==== Project Details ====
{{:Projects/Security Ecosystem Project | OWASP Project Identification Tab}}
+
{{:Projects/Security Ecosystem Project | Project About}}
  
 
__NOTOC__ <headertabs />
 
__NOTOC__ <headertabs />

Revision as of 13:55, 5 March 2010

Main

The time has come for OWASP to do even more to lead technology companies towards getting their software secure! One key component of achieving secure software is to have a thriving community ecosystem focused on the security of the technology. A few organizations are starting to build these, like Microsoft’s BlueHat community and perhaps a few others. But there’s a huge opportunity for us to do better and OWASP is uniquely positioned to lead this important effort.

The OWASP Security Ecosystem Project

OWASP has recently been approached by several large SaaS vendors to help them work improve their security. We’ll be announcing these vendors and launching their ecosystems as soon as we get permission. Now is the time for us to organize our “Security Ecosytem Project” so that we are ready to help get these programs off the ground quickly and successfully.

So what is a “security ecosystem”?

Nobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. The ecosystem will include researchers (both builders and breakers), tools, libraries, guidelines, awareness materials, standards, education, conferences, forums, feeds, announcements, and probably more.

Why collaborate with vendors?

It might be possible for OWASP to try to start an ecosystem without the vendor’s involvement. In fact the OWASP Java and .NET project partially fit that description. But these efforts may seem like a threat to technology vendors. Vendors might start their own ecosystem, but it is much more likely to succeed with an independent partner like OWASP. The OWASP Ecosystem Project is intended to help create a collaborative open effort focused on improving the security of the technology by focusing on visibility, understanding, and informed decisions about risk. OWASP’s independence and positive approach makes us the perfect environment for these ecosystems to grow.

How do we get started?

The first step is to create a framework for a healthy security ecosystem! Then we can choose a few key technologies and vendors that want to work with us to start. We need to pull together the materials we have and other materials out on the net into a OWASP Security Ecosystem Portal. To grow the ecosystem, we’ll solicit research, tools, and other materials and work with both end-users and the vendor to focus on eliminating the key risks associated with the technology.

The future!

This could mark the dawning of a new collaborative era of application security, where companies actively engage with security researchers in order to make their products better. Everyone benefits by creating an ecosystem focused on fostering transparency. The time has come for security experts and software developers to collaborate. The stakes are way too high to waste time and effort on obscurity and infighting.

Join us

We're looking for energetic technical leaders who would like to build a thriving security ecosystem around a technology. If you have at least 10 hours a week to dedicate to this important effort, and you think you're the right person, contact us at owasp@owasp.org.

Project Details

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: Security Ecosystem Project (home page)
Purpose: Nobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. The ecosystem will include researchers (both builders and breakers), tools, libraries, guidelines, awareness materials, standards, education, conferences, forums, feeds, announcements, and probably more.
License: Creative Commons Attribution ShareAlike 3.0
who is working on this project?
Project Leader(s):
Project Contributor(s):
  • This project is currently seeking volunteers. If you are interested please contact us through the mailing list.
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases