Revision as of 11:24, 27 March 2011 by Tony Gottlieb
'1. Problems with secure software development training
A. No place for developers to get trained where a training path has been laid out B. Classes ranging from 2 to 3 days don’t cover enough material to elevate job skills C. Some technologies such as Java require a more robust security curriculum D. Educators are barred from teaching secure software development courses which constrains the growth of education services and the number of trained people. E. Colleges don’t integrate secure development into their curricula despite teaching architectural illustration using techniques such as UML, data flow, and use cases. F. Lean or light secure software development should be considered an option when risk analysis permits, not as a way to cajole developers into dipping their toes into something they would like to avoid. G. Despite the existence of attack enumeration services such as CERT and Symantec, the software development communities at large are not as a matter of course acting to mitigate these threats.
2. OWASP Global Education Committee Goals
A. Provide an accessible entrance into secure development for individual developers B. Provide a path for CIO’s to put their development organizations on C. Assimilate functional development into secure development (resistance is futile) D. Stimulate demand for the “Professional Developer”. E. Offer secure software Ed. Services to young people who wish to begin programming through OWASP’s Young Developer program.
3. Specific Projects to satisfy goals
A. Establish secure lifecycle curriculum for training companies and universities B. Curriculum for how to migrate software development personnel from insecure to secure. C. Process management / management reporting relative to software security D. Curriculum for performing Risk Assessment for software E. Work with marketing and SME community to establish a “Professional Developer”