The Trusted Software Alliance was founded in May of 2013 to raise public and professional awareness of application security as a major risk in application development. We capture the thoughts, ideas and trends as seen by the most important voices in the appsec industry. This includes a series of “50 in 50 Interviews”, highlighting the most influential people and companies working on application security.
We are working with OWASP to define a series of industry best practices for managing vulnerability and risks in open source component usage. The project, Good Component Practices, is a community effort of companies and people interested in managing open source component risk at the enterprise level.
A second initiative of TSWA is to promote surveys and major reports created by members of the open source security community. We currently have two ongoing reports. The first is a weekly status update from Central Repository displaying downloads and other information about the previous week’s activities in Central. The second is a Website Security Statistics Report created by Jeremiah Grossman‘s team at WhiteHat Security. As we find more reports, we will make them available.
In a third initiative, the Trusted Software Alliance is interested in supporting the work of the top influencers in the industry and is in the process of creating a series based upon our research of the most influential voices in application security. The interview podcast, “50 in 50 Interviews“, is live, one-one conversations with these influencers, examining the ideas and trends within the application security industry.
We welcome all members of the appsec community to participate in this initiative, whether it be through article contributions, research reports and survey data.
2. My SharePoint Destinations
International
Montreal
Ottawa
Toronto
Birmingham, UK
London
Nottingham, UK
Dubai
Sydney
Canberra, AU
Wellington, NZ
Philippines
Beijing
Shanghai
Switzerland
France
Uruguay
Argentian
Chile
Antarctica
United States
Virginia
Michigan
Florida
Denver
New York City
San Francisco
Los Angeles
Washington DC
Baltimore
Philidelphia
Boston
4. It is an Idea
“Security needs to be pushed as far „left‟
in the application life cycle as possible
through automated discovery and
remediation.” -- TSWA
5. It is a Resource
1.Define Good Component Practice
2.Promote industry reports and surveys
3.Support industry influencers
20. The Cost of Change
“100 to 1 cost growth was happening on large,
unenlightened projects.” -- Barry Boehm
21. What We Have Learned About
Fighting Defects
“Finding and fixing a software problem after
delivery is often 100 times more expensive
than finding and fixing it during the
requirements and design phase.”
-- The Center for Empirically Based Software
Engineering
22. The Cost of Software Defects
“The cost of correcting a defect rises
exponentially with the time taken to identify
the defect.” -- Jon Strickler
The Trusted Software AllianceMark Miller, Founder and CuratorMark.Miller@TrustedSoftwareAlliance.com@TSWAllianceFacebook: https://www.facebook.com/TrustedSoftwareAlliance
I have spoken throughout the world as keynote speaker at major conferences as well as to small, local enthusiast groups. My main expertise is in simplifying the story of technology into layman terms.
Agile Software Development Systems: The Cost of Change (page 220)http://books.google.com/books?id=uE4FGFOHs2EC&pg
What We Have Learned About Fighting Defects - The Center for Empirically Based Software Engineeringhttp://www.cs.umd.edu/~mvz/pub/eworkshop02.pdf
The Cost of Software Defects – Jon Stricklerhttp://agileelements.wordpress.com/2008/04/22/cost-of-software-defects/
Cost of Software Defects – Jon Stricklerhttp://agileelements.wordpress.com/2008/04/22/cost-of-software-defects/
The Trusted Software AllianceMark Miller, Founder and CuratorMark.Miller@TrustedSoftwareAlliance.com@TSWAllianceFacebook: https://www.facebook.com/TrustedSoftwareAlliance
