The Software Security Project转发了
It's taken a long time to get started but it was important to get right. This post from Robert Rodger, the Chair of the project and a seasoned CSO is well worth a read announcing that he will be leading the The Software Security Project board of governors. I am looking forward to the rest of the board being announced in the coming weeks and months. They represent CSO's from significant companies across a wide range of industries. I will be the Chief of Staff, essentially doing the grunt work all under the direction and oversight of the board. I will not have a role in the projects governance. From day one of conceiving the project, it's always been critical to me that it is driven by operational CSO's and not consultants or security tools vendors. I am a tools vendor. If we are to work on truly improving software security engineering in the most critical areas, its important that those critical areas are defined by people that don't have a bias, natural or otherwise. As Robert says, the first project we will be tackling is to create a list of the Top Ten issues we see in Software Security Engineering. Current lists don’t represent the real macro level issues the industry needs to focus on. Do make sure you are signed up to the mailing list
My name is Robert Rodger, I’ve worked in cyber security for just over 29 years; I have a passion for helping organisations unlock business value through being secure and reliably resilient. In my day job I am a Chief Information Security Officer within financial services. I am delighted to share that I will be the Chair of the Board of Governors for the Software Security Project or SSP. It has been a long time since the SSP was first conceived, and unapologetically, we are slowly working on exactly how it will operate. It’s important we get it right from the outset. That said, it feels like a good time to provide a short update about where we are today. I jumped in to Chair the project, because I strongly believe that we need everyone in the industry to rally around an unbiased set of industry priorities, and collectively work to make improvements in those areas that truly matter. We want to put those who are accountable for delivering security within organisations to collectively work on a set of issues that are top of mind for those of us that are accountable for protecting companies and do it in a way that is free of bias from people selling services and tools. There will be no fee to join or sponsorship. The project is being led and governed by a board of around ten directors that are all Chief Information Security Officers, Chief Security Officers and very senior security leaders working in industry. We will have representatives from financial services, manufacturing, telecoms, travel and leisure, health care and government. As of today there is a European bias for practicality but this will change to a global one as we get established. Participation in the governance process is by invite only and will not include consultants or vendors. Mark Curphey who founded OWASP? Foundation (Open Worldwide Application Security Project) and conceived the SSP will be our Chief of Staff, but will not have a role in governance. We all have busy day jobs and so will direct work to be done by our teams or people we invite at our discretion. We will publish the list of the governors when they have obtained the appropriate compliance sign off from their companies. The first project we will be tackling is to create a list of the Top Ten issues we see in Software Security Engineering. Current lists don’t represent the real macro level issues the industry needs to focus on. We are hoping to be able to publish this along with a roadmap that is aligned to it by the end of year. If you are not already signed up the mailing list, please do so at https://lnkd.in/dGk7Bj3t Regards, Robert Rodger