Hi Benjamin, I appreciate the suggestion. I think the challenge is that it's hard to find a one size fits-all solution. Moreover, the requirements as they currently stand don't reflect the reality of implementation challenges for frameworks. The whitepaper will forever live as an artifact on http://labs.securitycompass.com/papers/secure-web-application-framework-manifesto-v0-08.pdf- it might be useful as reference material and to give an idea of a starting point on things you can do to integrate with frameworks.
On Mon, Mar 14, 2011 at 3:36 PM, Benjamin Tomhave < tomh...@secureconsulting.net> wrote: > That's interesting - thanks for the update Rohit. I'm curious about one > thing, though (and, first, allow me to don my flak jacket). I think > integrating with a project like Django to simply *ahem* "build security > in" is a great approach, but I hate to see the white paper lost. Why not > also look at joining efforts with something like the Rugged Manifesto > movement? fwiw. > > On 3/11/11 1:14 PM, Rohit Sethi wrote: > > Last year we released a project called the Secure Web Application > > Framework Manifesto on OWASP. I'd like to announce that we're closing > > it, in favor of simply working with Django itself. I'm hoping others > > will adopt the same mentality for other popular open source frameworks > > and libraries. > > > > Details here: > > > http://labs.securitycompass.com/index.php/2011/03/11/closing-the-secure-web-application-framework-manifesto-project/ > > > > Cheers, > > > > -- > > Rohit Sethi > > Security Compass > > http://www.securitycompass.com > > twitter: rksethi > > > > > > > > _______________________________________________ > > Secure Coding mailing list (SC-L) SC-L@securecoding.org > > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > > List charter available at - http://www.securecoding.org/list/charter.php > > SC-L is hosted and moderated by KRvW Associates, LLC ( > http://www.KRvW.com) > > as a free, non-commercial service to the software security community. > > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > > _______________________________________________ > -- > Benjamin Tomhave, MS, CISSP > tomh...@secureconsulting.net > Blog: http://www.secureconsulting.net/ > Twitter: http://twitter.com/falconsview > LI: http://www.linkedin.com/in/btomhave > > [ Random Quote: ] > "Perhaps in time the so-called Dark Ages will be thought of as including > our own." > Georg Christoph Lichtenberg > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ > -- Rohit Sethi Security Compass http://www.securitycompass.com twitter: rksethi
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
