Tuesday, 22 December 2009

OWASP Challenges World Governments to Improve Application Security

At the OWASP IBWAS 09 Conference (organized by the Portuguese and Spanish chapters) we had panel on the last day which debated what the Governments should do to improve Web Application Security in 2010. 

You can read the Press releases here in english,  spanish or portuguese.

And here is the contents of the press release with the 5 recommendations:

Madrid, Spain, 15/12/09

Around 40 participants and several dozens of technology students and their teachers have attended the Iberic Web Application Security conference (IBWAS’09) that was held at the Escuela Universitaria de Ingeniería Técnica de Telecomunicación, Universidad Politécnica de Madrid, Spain, on the 10thand 11th of December 2009.

The conference, which was a massive success, was organized by the Spanish and Portuguese OWASP chapters with the aim of bringing together application security experts, researchers, educators and practitioners from the industry and academia to discuss open problems and new solutions in application security.

Through the passionate discussion held in the "Web Application Security: What should Governments do in 2010?" panel, several conclusions have been reached.

These conclusions reflect the decisions made by the panel and are meant to be debated, updated and eventually published by OWASP as a set of recommendations.   

Panel’s conclusions:

  1. We challenge governments to work with OWASP to increase the transparency of web application security, particularly with respect to financial, health and all other systems where data privacy and confidentiality requirements are fundamental
  2. OWASP will seek participation with governments around the globe to develop recommendations for the incorporation of specific application security requirements and the development of suitable certification frameworks within the government software acquisition processes;
  3. We offer our assistance to clarify and modernize computer security laws, allowing the Government, citizens and organizations to make informed decisions about security;
  4. We ask governments to encourage companies to adopt application security standards that, where followed, will help protect us all from security breaches, which might expose confidential information, enable fraudulent transactions and incur legal liability;  
  5. We offer to work with local and national governments to establish application security dashboards providing visibility into spending and support for application security.

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Its mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of its materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization.