Wednesday was another day packed full of project presentations and working group sessions. The project presentations I attended included:
- Eduardo Neves – Positive Security Project – Many security programs are focused solely on the negative – what should not be done and so on. This project is intended to create awareness of the “good” activities teams can perform to build security in.
- Martin Knobloch – Education Project – This goal of this project is to organize OWASP materials so that they can be used in programs to educate developers about application security. So far they have put together two full training classes with slide decks.
- Juan Carlos Calderon – Internationalization – This project aims to get OWASP materials translated into a variety of languages to as to better distribute them to the developers that need them.
- Lucilla Mancini – PASSWD – The PASSWD project aims to use modeling to predict the security state of applications.
- Me (Dan Cornell) – Open Review Project (ORPRO) – This is a project I have been working with Mario deBoer and the folks from Fortify with for the past couple of months. The goal is to make security code review services – both automated and manual – available to open source projects. We are currently working with the folks from Moodle and will be looking to expand that involvement to other projects in the future. (We’re always looking for volunteers, so if you are interesting in performing security reviews for open source code please let me know!)
The working group I attended was:
- Education Project Working Group – Lots of great discussions in this group including how to best structure the courses of instruction as well as thoughts about using the LiveCD Project as a distribution mechanism for courseware.
dan _at_ denimgroup.com