Hosting Provided By

Re: Are bad developer libraries the problem with M$ software?

From: Mark Curphey <mark(at)curphey.com>
Date: Thu Nov 21 2002 - 23:06:33 EST

Alex

The OWASP Guide to Building Secure Web Applications (http://www.owasp.org/ ) has been downloaded over 500,000 times in the last 3 months. It may not be exactly what you are angling at (its more architecture and dev methodology focused than language specific guidance today) but the statistics show people are keen to find out the issues. Also worth noting from the enormous feedback we get, the readership are rarely poeple on security lists (and they do read it). They are mainstream developers. The reaction is always as you describe, one of shock at having discovered an issue that is so large and so prevelant.

We have another project in the pipe that is building resueable APIs for Java, C, Python and Perl that enables developers to easily call an input filter. Early Java code is in the cvs and you can read the vision document for that project at http://www.owasp.org/filters/

If you want to add language specific content to the OWASP Guide feel free to contact me offline. Its on our plan.

Mark

On Mon, 2002-11-18 at 19:57, Alex Lambert wrote:
> > those weren't likely to happen. I do feel that much of the problem

-- 
Mark Curphey

Received on Sat Nov 23 01:31:49 2002

This message: [ Message body ]
Next message: Crispin Cowan: "Re: Are bad developer libraries the problem with M$ software?"
Previous message: Michael Howard: "Security Education (was are bad developer libs....)"
In reply to Alex Lambert: "Re: Are bad developer libraries the problem with M$ software?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT

Do you need help?