Re: [SC-L] SearchSecurity: Cyber Security and the Law
All, OWASP has a document which was targeted at the Brazilian government at first and then translates into English. It contains several proposals of government actions to improve the application security (and information security) landscape. The English version is available here: https://www.owasp.org/index.php/OWASP_Brasil_Manifesto/en The original version is here: https://www.owasp.org/index.php/OWASP_Brasil_Manifesto Hope this fits as concrete proposals. ;-) Regards, Lucas On Thu, Aug 9, 2012 at 10:45 AM, Iván Arce ivan.w.a...@gmail.com wrote: Gary, Could you elaborate a bit more? Specifically, what kind of incentives you have in mind? How would they work? The debate about what to do to improve software security at a national or larger scale is mostly populated with abstractions and generic ideas but the enumeration and description of concrete, specific measures to deploy is notably scant. -ivan On 8/3/12 9:32 AM, Gary McGraw wrote: hi greg, Good question. I'm biased of course, but I think a BSIMM type measurement is the best way to approach this. (See http://bsimm.com.) However, regardless of measurement I strongly believe that incentives are way better than regulations and penalties. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___ -- Homo sapiens non urinat in ventum. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
[SC-L] AppSec Brasil 2009 - Call for participation
*AppSec Brasil 2009 * *Call for Participation * *International Conference on Application Security,* sponsored by TI-Controle Community and the Brazilian Chamber of Deputies, in partnership with OWASP and support from the University of Brasília, UnB. The Computing Centre of the Brazilian Chamber of Deputies and TI-Controle invite all interest parties to attend AppSec Brasil 2009, which will happen in Brasília, Brazil, from October 27th to October 30th 2009. The Conference comprises training sessions on October 27th and 28th, followed by plenary sessions on October 29th and 30th 2009. *Keynotes* Dr. Gary McGraw, CTO, Cigital Inc. *The Building Security In Maturity Model(BSIMM)* Jason Li, Aspect Security *Agile and Secure: Can we do both?* Dinis Cruz, OWASP Board *OWASP* Project Overview Kuai Hinojosa, NY University e OWASP *Implementing Secure Web Applications using OWASP Resources* *Selected talks* The Conference will have several technical talks on several aspects of Application Security. Some of the subjects are: - Web Application Security - Security expenses optimaization - SQL Ownage - Tools *Trianing Sessions* The Conference will also present 5 training sessions: - Gestão de Riscos de Segurança Aplicada a Web Services (in Portuguese) - Segurança Web: Técnicas para Programação Segura de Aplicações (in Portuguese) - Segurança Computacional no Desenvolvimento de Web Services (in Portuguese) - Tecnologias de Segurança em Web Services (in Portuguese) - Hands on Web Application Testing using the OWASP Testing Guide (in English) *Location* The conference will be at the Brazilian Chamber of Deputies, in Brasília. The plenary sessions will occur at Auditório Nereu Ramos, Anexo II. The training sessions will be at the Centro de Formação, Treinamento e Aperfeiçoamento. *Registration* Thanks to the sponsors, there will be no fee to attend the Conference, but registration will be required to avoid overcrowding the auditorium. Registration will be open beginning September 29th, 2009, at the URL: http://www.camara.gov.br/appsecbrasil2009 *More Information* For more information, please consult the web sites listed below or write to appsec.bra...@camara.gov.br Registration and general information: http://www.camara.gov.br/appsecbrasil2009 TI-Controle Community: http://www.ticontrole.gov.br Chamber of Deputies: http://www.camara.gov.br ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] AppSec Brasil 2009 - email issues
Dear colleagues, the AppSec Brasil 2009 Conference had a few issues receiving emails sent from Gmail in the last couple of weeks. So, if you or anyone you know sent us a proposal, please verify that a confirmation email was received. If not, please send us the proposal again. Sorry for the inconvenience, AppSec Brasil Organizing Team *CALL FOR PRESENTATIONS* OWASP is currently soliciting presentations for the OWASP AppSec Brasil 2009 Conference that will take place at Câmara dos Deputados in Brasília, DF on October 27th through 30th of 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with each day having one single track. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english). We are seeking people and organizations that want to present on any of the following topics (in no particular order): - Application Threat Modeling - Business Risks with Application Security - Hands-on Source Code Review - Metrics for Application Security - OWASP Tools and Projects - Privacy Concerns with Applications and Data Storage - Secure Coding Practices (J2EE/.NET) - Starting and Managing Secure Development Lifecycle Programs - Technology specific presentations on security such as AJAX, XML, etc - Web Application Security countermeasures - Web Application Security Testing - Web Services-, XML- and Application Security - Anything else relating to OWASP and Application Security To make a submission you must include : - Presenter name - Additional author(s) name(s) - Presenter(s) Email and/or Phone number(s) - Presenter(s) bio(s) and, optionally, bios of the other authors - Title - Abstract - Presentation outline, defining all topics that will be covered by the presentation - Any supporting research/tools (will not be released outside of CFP committee) Each presenter will have 45 minutes for the presentation, followed by 10 minutes reserved for questions from the audience. The presentations must respect the restrictions of the OWASP Speaker Agreement. *Important Dates:* Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3). Notification of acceptance is August 7th 2009. Final version is due September 5th 2009. Proposals must be sent by email to *appsec.brasil (at) camara.gov.br* For more information, please see the following web pages: Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009 FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement TI-Controle: http://www.ticontrole.gov.br Deputy Chamber: http://www2.camara.gov.br/english ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] OWASP AppSec Brasil - 2nd Call for presentations
**OWASP APPSEC BRASIL 2009** **2nd CALL FOR PRESENTATIONS** Colleagues, OWASP is currently soliciting presentations for the OWASP AppSec Brasil 2009 Conference that will take place at Câmara dos Deputados in Brasília, DF on October 27th through 30th of 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with each day having one single track. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english). We have confirmed Mr. Gary McGraw as a keynote speaker for this conference. For more information, please see the conference page listed at the bottom of this message. We are seeking people and organizations that want to present on any of the following topics (in no particular order): - Application Threat Modeling - Business Risks with Application Security - Hands-on Source Code Review - Metrics for Application Security - OWASP Tools and Projects - Privacy Concerns with Applications and Data Storage - Secure Coding Practices (J2EE/.NET) - Starting and Managing Secure Development Lifecycle Programs - Technology specific presentations on security such as AJAX, XML, etc - Web Application Security countermeasures - Web Application Security Testing - Web Services-, XML- and Application Security - Anything else relating to OWASP and Application Security To make a submission you must include : - Presenter name - Additional author(s) name(s) - Presenter(s) Email and/or Phone number(s) - Presenter(s) bio(s) and, optionally, bios of the other authors - Title - Abstract - Presentation outline, defining all topics that will be covered by the presentation - Any supporting research/tools (will not be released outside of CFP committee) Each presenter will have 45 minutes for the presentation, followed by 10 minutes reserved for questions from the audience. The presentations must respect the restrictions of the OWASP Speaker Agreement. **Important Dates:** Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3). Notification of acceptance is August 7th 2009. Final version is due September 5th 2009. Proposals must be sent by email to appsec.brasil (at) camara.gov.br For more information, please see the following web pages: Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009 FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement TI-Controle: http://www.ticontrole.gov.br Deputy Chamber: http://www2.camara.gov.br/english Please forward to all interested practitioners and colleagues. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] OWASP AppSec Brasil 2009 - 2nd Call for Training Providers
**OWASP APPSEC BRASIL 2009** **2nd CALL FOR TRAINING SESSIONS** Colleagues, OWASP is currently soliciting training proposals for the OWASP AppSec Brasil 2009 Conference which will take place at Câmara dos Deputados (Deputy Chamber) in Brasília, DF, on October 27th through October 30th 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with one single track per day. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english). We are seeking training proposals on the following topics (in no particular order): - Application Threat Modeling - Business Risks with Application Security - Hands-on Source Code Review - Metrics for Application Security - OWASP Tools and Projects - Privacy Concerns with Applications and Data Storage - Secure Coding Practices (J2EE/.NET) - Starting and Managing Secure Development Lifecycle Programs - Technology specific presentations on security such as AJAX, XML, etc - Web Application Security countermeasures - Web Application Security Testing - Web Services-, XML- and Application Security - Anything else relating to OWASP and Application Security Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted. There may be 1 or 2-day courses. The proposals must respect the restrictions of the OWASP Speaker Agreement. The conference sponsors will provide lodging and domestic (within Brazil) air travel for one presenter per course, no other compensation is available. If you require a different arrangement, please contact the conference organization team at the email address bellow. **Important Dates:** Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3). Notification of acceptance is August 7th 2009. Final version is due September 5th 2009. To make a proposal, please fill the form (http://www.owasp.org/images/4/4b/OWASP_AppSec_Brazil_09_CFT.docx) and send it by email to appsec.brasil (at) camara.gov.br For more information, please see the following web pages: Proposal form as a zipped RTF file: http://www.owasp.org/images/e/ea/OWASP_AppSec_Brazil_09_CFT_RTF.zip Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009 FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement TI-Controle: http://www.ticontrole.gov.br Deputy Chamber: http://www2.camara.gov.br/english Please forward to all interested practitioners and colleagues. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] OWASP AppSec Brasil 2009 - Call for Training Providers
**OWASP APPSEC BRASIL 2009** **CALL FOR TRAINING SESSIONS** Colleagues, OWASP is currently soliciting training proposals for the OWASP AppSec Brasil 2009 Conference which will take place at Câmara dos Deputados (Deputy Chamber) in Brasília, DF, on October 27th through October 30th 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with one single track per day. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english). We are seeking training proposals on the following topics (in no particular order): - Application Threat Modeling - Business Risks with Application Security - Hands-on Source Code Review - Metrics for Application Security - OWASP Tools and Projects - Privacy Concerns with Applications and Data Storage - Secure Coding Practices (J2EE/.NET) - Starting and Managing Secure Development Lifecycle Programs - Technology specific presentations on security such as AJAX, XML, etc - Web Application Security countermeasures - Web Application Security Testing - Web Services-, XML- and Application Security - Anything else relating to OWASP and Application Security Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted. There may be 1 or 2-day courses. The proposals must respect the restrictions of the OWASP Speaker Agreement. The conference sponsors will provide lodging and domestic (within Brazil) air travel for one presenter per course, no other compensation is available. If you require a different arrangement, please contact the conference organization team at the email address bellow. **Important Dates:** Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3). Notification of acceptance is August 7th 2009. Final version is due September 5th 2009. To make a proposal, please fill the form (http://www.owasp.org/images/4/4b/OWASP_AppSec_Brazil_09_CFT.docx) and send it by email to appsec.brasil (at) camara.gov.br For more information, please see the following web pages: Proposal form as a zipped RTF file: http://www.owasp.org/images/e/ea/OWASP_AppSec_Brazil_09_CFT_RTF.zip Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009 FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement TI-Controle: http://www.ticontrole.gov.br Deputy Chamber: http://www2.camara.gov.br/english Please forward to all interested practitioners and colleagues. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___