trusted software alliance
DESCRIPTION
The Trusted Software Alliance was founded in May of 2013 to raise public and professional awareness of application security as a major risk in application development. We capture the thoughts, ideas and trends as seen by the most important voices in the appsec industry. This includes a series of “50 in 50 Interviews”, highlighting the most influential people and companies working on application security. We are working with OWASP to define a series of industry best practices for managing vulnerability and risks in open source component usage. The project, Good Component Practices, is a community effort of companies and people interested in managing open source component risk at the enterprise level. A second initiative of TSWA is to promote surveys and major reports created by members of the open source security community. We currently have two ongoing reports. The first is a weekly status update from Central Repository displaying downloads and other information about the previous week’s activities in Central. The second is a Website Security Statistics Report created by Jeremiah Grossman‘s team at WhiteHat Security. As we find more reports, we will make them available. In a third initiative, the Trusted Software Alliance is interested in supporting the work of the top influencers in the industry and is in the process of creating a series based upon our research of the most influential voices in application security. The interview podcast, “50 in 50 Interviews“, is live, one-one conversations with these influencers, examining the ideas and trends within the application security industry. We welcome all members of the appsec community to participate in this initiative, whether it be through article contributions, research reports and survey data.TRANSCRIPT
TrustedSoftwareAlliance.comThoughts, Ideas and Trends in Application Security
My SharePoint Destinations
International
Montreal
Ottawa
Toronto
Birmingham, UK
London
Nottingham, UK
Dubai
Sydney
Canberra, AU
Wellington, NZ
Philippines
Beijing
Shanghai
Switzerland
France
Uruguay
Argentian
Chile
Antarctica
United States
Virginia
Michigan
Florida
Denver
New York City
San Francisco
Los Angeles
Washington DC
Baltimore
Philidelphia
Boston
What is TSWA
It is an Idea
“Security needs to be pushed as far „left‟
in the application life cycle as possible
through automated discovery and
remediation.” -- TSWA
It is a Resource
1.Define Good Component Practice
2.Promote industry reports and surveys
3.Support industry influencers
It is a Web Site
Our Main Initiatives
50-in-50 Interview Series
Survey: October 2013
The Role of DevOps
in Application Security
Good Component Practice
What We Believe
Moving Left Saves Money
The Cost of Change
“100 to 1 cost growth was happening on large,
unenlightened projects.” -- Barry Boehm
What We Have Learned About
Fighting Defects
“Finding and fixing a software problem after
delivery is often 100 times more expensive
than finding and fixing it during the
requirements and design phase.”
-- The Center for Empirically Based Software
Engineering
The Cost of Software Defects
“The cost of correcting a defect rises
exponentially with the time taken to identify
the defect.” -- Jon Strickler
Please Help us “Move Left”
Listen to the Interviews
Provide Content
Support the Survey
The Role of DevOps
in Application Security
TrustedSoftwareAlliance.comThoughts, Ideas and Trends in Application Security