Published on March 14, 2014
OWASP SECURITY LABELING SYSTEM PROJECT READ THE LABEL!
Luis Enriquez (IT/IP Lawyer. LLM, CEH, CHFI) email@example.com https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project
• In 2010, Jeff Williams proposed a wonderful idea: A labeling system for disclosing vulnerabilities in Software. It was a great dropped idea. You can get that presentation here: http://www.slideshare.net/DinisCruz/2010-11-owaspsoftwarelabels • After joining the OWASP community in my local chapter, I got a very similar idea. I wrote to Jeff, and we think we can revive it. PRESENTATION
• Luis Enriquez (IT Lawyer). • Jeff Williams (Security Expert). • Jorge Lara (Graphical dessigner). Would you like to join?? CONTRIBUTORS
• The labeling system is a technical and legal security program. It is composed by 4 badges: Security (Secure code), Privacy(Trust), Ingredients(Transparency), and Openness(Open security). • We need an attractive and easy going labeling system. Users will benefit because they want security, and to know what are they getting within a software. Developers will also benefit because OWASP labeled software would be preferred by users and other developers, in terms of technical and legal security. • We need transnational solutions. There are many jurisdictions, and applicable laws around the planet. The labeling system has to be transnational, so it can be easily applied. WHAT IS IT?
(1) Create and Distribute opinion polls to different sides involved in the IT environment. (such as software developers, e-commerce agents, IT security firms, Cyber communities, Internet rights Associations, lawyers, and of course, users). This stage has already begun, and results are helping us to shape the model. • (2) Create the most suitable methodology for the security labeling system. The labeling system provides 4 logos and 4 clauses (1 for each badge). • (3) Application of the labeling system. The OWASP labeling system volunteers will contribute to check that the system is working properly. The label can always be removed. ROAD MAP
1. SECURITY LABEL(S)
• Security criterion label (S). Security starts with SECURE CODING, and secure maintenance. This label certifies that the software is 'good enough' because it follows good security practices in its development life cycle, regular updates, and so forth. 1. SECURITY LABEL(S)
2. PRIVACY LABEL(P)
• Privacy(P). Security is also about TRUST. This label certifies that your software does not come with non-authorized spyware, and web applications follow ethical principles of data protection 2. PRIVACY LABEL(P)
3. INGREDIENTS LABEL (I)
• Ingredients(I). Security is also about TRANSPARENCY. It certifies that all the ingredients of a computer program or Web application, are disclosed to the public. 3. INGREDIENTS LABEL(I)
4. OPENNESS LABEL(O)
• Openness(O). This label consists about the open disclosure of vulnerabilities of Web Applications Software, to the public. 4. OPENNESS LABEL(O)
SPECIFICATIONS • Purpose of labels. Each label has its own purpose. There is not hierarchy between them. Any software or Web application can hold all of them, or just the ones they prefer. • A mutual compromise. Using the security labels means that there is a compromise between software developers and OWASP. The goals: SECURITY AND TRUST. • Prize of labels. In order to avoid unfair competition, labels would not have a prize. But donations are always welcome in order to cover logistic costs.
• If you want to become a team member, or just provide ideas and suggestions, please send them to: firstname.lastname@example.org • Or connect to our mailing list at: https://lists.owasp.org/mailman/listinfo/owasp_security_labeling_system_project Project Page: https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project FEEDBACK IS VERY IMPORTANT! GET INVOLVED
OWASP SECURITY LABELING SYSTEM. This Web Application is labeled under the OWASP security labeling system with the purpose of making security ...
To see the collection of prior postings to the list, visit the Owasp_security_labeling_system_project Archives. Using Owasp_security ...
what is this project? Name: OWASP Security Labeling System Project Purpose: Creating a security labeling system for software and web applications This ...
Important: From this point on, you must have cookies enabled in your browser, otherwise no administrative changes will take effect.
OWASP Security Labeling System Project: "Let's make security visible for USERS" Click here and join the project
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security ...
THE OWASP SECURITY LABELING SYSTEM PROJECT. Let’s make security visible for everybody. OWASP was just the perfect environment for developing this legal ...
LEGAL REPRESENTATIVE: Jazz scales corporation. TYPE: Computer program. (Source code ) NAME: Jazz-Scales.zip. LABELS: FURTHER INFORMATION: SECURITY LABEL ...
View 384 Owasp Security posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn.
OWASP Statement on the Security of the Internet The OWASP (Open Web Application Security Project, www.owasp.org ...