Starting an OWASP Project (That’s Not a List!) – Grant Ongers – ASW #272
We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org.
Segment Resources:
https://owasp.org/www-project-product-security-capabilities-framework/- https://github.com/OWASP/pscf
- https://prods.ec/
- https://owaspsamm.org
- https://iso25000.com/index.php/en/iso-25000-standards/iso-25010
- https://www.scmagazine.com/podcast-episode/application-security-weekly-242
Announcements
Don’t let 3rd party risk ruin your Valentine’s Day! Join Adrian Sanabria and Bill Brenner on an SC Media webcast titled: Understanding third party risk by studying third party breaches. As listeners will know, Adrian loves exploring risk through our understanding of real breaches and incidents. They’ll discuss how to prepare for some of the most concerning third party risks you should be aware of, along with our partner for this webcast, ProcessUnity.
Visit securityweekly.com/ValentineRisk to register!
Guest
Co-founder of Secure Delivery and current OWASP Global Foundation board chair, Grant Ongers is a firm believer in security enabling delivery not blocking it. Well-known in the international InfoSec community (it’s hard to forget the beard!), his 10+ years of experience in Dev, 20 years in Ops and 30 years in Sec (mostly white hat) has made him a firm believer that there’s no such thing as DevSecOps – just DevOps done right, and that compliance != security (or the other way around). Alongside his role as CTO within Secure Delivery, Grant provides C-suite advice and guidance on security to FTSE100 enterprises and strategic risk analysis within M&A diligence teams.
Hosts
