20:20 - The History and Future of OWASP


Authors:   Mark Curphey


The speaker discusses the future of application security and the role of OWASP in securing critical open source libraries and frameworks.
  • The speaker suggests that the future of application security lies in securing critical open source libraries and frameworks.
  • OWASP should focus on curating and fixing critical open source libraries and frameworks to make them more usable for developers.
  • OWASP should become a SAS provider and distribute secure open source libraries.
  • The speaker emphasizes the need for a world security team to fix and secure open source projects.
  • The speaker suggests that OWASP should partner with big open source projects to teach threat modeling and fix vulnerabilities.
The speaker mentions that when installing a package in Node, it may require downloading 3000 packages, which can be frightening. He also mentions that there are about a quarter of a million vulnerabilities in open source libraries. The speaker suggests that OWASP can step up and address this mass problem.


20 years ago I was moderating the webappsec mailing list on securityfocus and had just started a new job running application security at Charles Schwab, when the CIO came running down the hall demanding to speak to the new guy. He wanted to know why we were in the Wall Street Journal and what I was going to do about it. I felt like I had been framed. After fending off ambulance chasers and wading through marketing “bull shiitake” from vendors, I realized there was a gap that needed to be filled. OWASP was born. No real plan, no real goal, armed with just a belief that the world needed better information I sent out a call to action for like-minded people to get involved. The rest as they say is history. Looking back it’s been an amazing success story of a community that has had a significant positive impact on the world during a time when development technology and the threat landscape has changed beyond recognition. What was critical to OWASPs success and how should it evolve over the next 20 years? We will take a walk down memory lane, stargaze into the future and leave with an updated call to action for the next twenty years.


Post a comment

Related work

Authors: Venkata Gunapati, Anusha Ragunathan

Conference:  Defcon 26

Authors: Juan Pablo Quiñe Paz