• XRATOR
  • Our Experts
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Vulnerability & Weakness

OWASP: The Battle for Governance and Funding

The Open Letter calls for a greater inclusion of Open Source Software coverage a an improved ability to prioritize remediation.

Gwendal SmithbyGwendal Smith
February 20, 2023
in News, Vulnerability & Weakness
0
OWASP: The Battle for Governance and Funding

The Open Web Application Security Project (OWASP) has been a mainstay in the cybersecurity community for over two decades. Its mission is to provide unbiased and practical information about application security. However, recent developments have brought the organization’s governance and funding model into question.

What is OWASP?

OWASP was founded in 2001 as a non-profit organization focused on improving software security. The group aims to provide free and open resources for developers, security professionals, and organizations to build more secure software. Their work includes developing secure coding practices, maintaining a list of the top 10 web application security risks (the famous OWASP Top 10), and publishing guidelines for secure software development.

The Open Letter

In February 2023, a group of 73 OWASP project leaders, contributors, and supporters published an open letter to the OWASP board of directors. The letter detailed concerns about the organization’s governance and funding model, specifically the lack of a prioritized plan for addressing the most critical vulnerabilities and the need for more funding to support projects.

The letter called for a prioritized plan for addressing the most critical vulnerabilities based on a risk-based vulnerability management approach. This means that vulnerabilities would be prioritized based on their likelihood and potential impact, rather than just their severity score. The group also called for a new funding model, which would provide more resources to OWASP to support projects, such as hiring full-time staff, supporting travel expenses for project leads, and funding security research.

Response from OWASP

OWASP’s board of directors responded positively to the letter, acknowledging that the organization needs a prioritized plan and more funding to support projects. However, there are concerns about the feasibility of implementing the proposed changes. Andrew van der Stock, the executive director of OWASP, stated that a change in the organization’s bylaws would be required to implement the proposed changes, and he is unsure if the community would support such changes.

The debate over OWASP’s governance and funding may not have an immediate impact on CISOs and security practitioners. However, the decisions and actions that OWASP makes now could have a long-term ripple effect that influences the kind of technology options they will have for helping developers in the long run. For example, a more risk-based approach to vulnerability prioritization could result in better support for emergent technologies, which could impact the way practitioners adopt these technologies.

Conclusion

The future of OWASP is uncertain, but the recent debate about governance and funding shows the importance of transparency and community involvement in non-profit organizations. A risk-based vulnerability management approach to vulnerability prioritization could provide better support for emergent technologies and result in higher quality software security. However, implementing these changes will require significant effort and support from the community.

Tags: GovernanceOWASPSecurity Budget

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    0 shares
    Share 0 Tweet 0
  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0
  • Three Social Impacts of Ransomware Operations

    0 shares
    Share 0 Tweet 0
  • Methods to Conduct an Insider Threat Risk Assessment

    0 shares
    Share 0 Tweet 0
  • Why Lockbit does fake cyberattacks ?

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}