SpoC 007 - OWASP Corporate Application Security Rating Guide

Back to Sponsored Projects

AoC Candidate: Erwin Geirnaert

Project coordinator: Mandeep Khera

Project Progress: 20% Complete, Progress Page

Executive Summary
This is a very interesting opportunity to study the software development market and their commitment to application security. I hope that the results will show to business people that they need to think about security when selecting a product and also vendors should implement a SDL like Microsoft.

The main challenge here is to contact the right people at the organizations that are selected and be able to get the right information. People like CISOs must be able to give input or at least consider the lack of application security.

Objectives and Deliverables
Milestone 1: end of August 2007: selection of the corporations that will be included in the rating guide

Milestone 2: end of September 2007: first draft of the review, limited in review to a few people at the sponsor

Milestone 3: release for review by the OWASP Community at end of October 2007

Milestone 4: published end of November 2007 with the necessary noise by the OWASP PR team and sponsor

Why I should be sponsored for the project
I have more then 10 years experience in Java and J2EE and the last 6 years I have tested and broke a lot of web applications. I gave also some very successful J2EE security courses and web security courses. I spoke at different conferences about application security in Europe. And I am responsible for the security track at Javapolis, one of the biggest Jave conferences in Europe. I am the co-founder of ZION SECURITY where we do security testing, code review, design reviews, training,... I'm also member of the OWASP Belgium board that started in March 2007.

Back to SpoC 007 Selection page