Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
23:09

Adopt OSS. A new initiative by OWASP Italy.

NibbleSec blog is a place for neat vulnerabilities, new security research and (hopefully) food for thought. In today's post, I want to take the opportunity to promote a new initiative by OWASP Italy.


Adopt OSS

In the wake of the Snowden revelations and recent OpenSSL vulnerabilities, ensuring the security of the technology that powers our daily life is vital for individuals’ security and privacy on the Internet. Despite the collaborative and transparent nature of open source software, security flaws are still frequently discovered in popular applications.

Given OWASP’s mission to help organizations with application security, the Italian Chapter of OWASP has established a new initiative to provide free, voluntary based support to open source software projectsBy building together open, free and secure systems, we can promote innovation and help building better software, resilient to modern threats.

Thanks to Adopt OSS​, security enthusiasts are paired with participating open source projects, thus gaining exposure to real-­life security engineering challenges and the opportunity for career growth. In turn, the participating projects are able to obtain free professional expertise to better improve their security posture, and ultimately build secure software. Examples of activities include, but are not limited to, thread modeling, performing security assessments, testing security patches, writing documentation on security topics, improving SDLC and vulnerability disclosure practices.

Over a six months period​, OWASP Italy will facilitate the effort by coordinating the initiative and
providing support when needed. The first edition of this initiative will take place between May and November 2015. At the end of the six months period, OWASP Italy will publish results and feedback from both volunteers and OSS maintainers.

Many OpenSource projects need help, and hopefully more security enthusiasts will contribute and create similar initiatives. If you have time to complain about something, then you have the time to do something about it.

Don't be the product, buy the product!

Schweinderl