Back in 2005 my first involvement with OWASP was to help write the OWASP testing guide. The project was successfully lead by Matteo Meucci that is founder and chair of OWASP Italy and CEO of Minded Security. Three years later Matteo invited me to participate to the sponsored event on March 31st at the Congress Center of the University of Rome La Sapienza. The topic of the one-day event is "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies". The topic of my presentation is: "How to start a software security initiative within your organization: a maturity based and metrics driven approach."
As part of the event Matteo will moderate a round table talk on the following topics:
- Which are the countermeasures that organizations adopted to mitigate new attacks?
- Responsible information disclosure of vulnerabilities: what's the best approach?
- How do you implement a security enhanced software development life-cycle that also provides a good Return of Security Investment (ROSI)?
- Customers security awareness: does it provide fundamental leverage for implementing security controls?
My presentation can be found herein: http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf
A detail program of the event can be found here