I have sung the praises of OWASP in previous columns. With their five-figure rapidly growing membership and bounty of free publications, guidelines and tools, OWASP has become a force to reckon with. Even the U.S. Treasury’s Office of the Comptroller of the Currency (OCC), a major financial regulatory agency, quoted OWASP’s top ten application vulnerabilities in its Bulletin 2008-16. There is a rapidly growing interest in application security in financial services and the panel on which I was scheduled to serve consisted of current and prior senior security officers of major financial institutions.
As a reflection of this surge of interest in the topic, I have put together a software assurance project for the Financial Services Technology Consortium (FSTC) with participants from financial institutions, academia, government, industry and professional associations, software vendors and vendors of security services and products. If you belong to any of these categories and have an interest in participating, you can reach me at warren.axelrod@fstc.org and I will provide you with more details about the effort. The project is designed to develop preferred policy and practices for software security assurance as it applies to the banking and finance sector. Building and maintaining secure software is considered to be the topmost security challenge facing the financial services sector as highlighted in the FSSCC Research Agenda (available at www.fsscc.org ).
Popularity: 4%
