logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Bootstrap and increase your software assurance with OWASP SAMM v2.1

Conference:  Global AppSec Dublin 2023
Authors: Sebastien Deleersnyder, Bart De Win
2023-02-15
Are you looking for an effective and measurable way to analyze and improve your organization's software security posture? Look no further! During this talk, Seba and Bart, the co-leaders of the OWASP SAMM project, will introduce you to OWASP SAMM v2.1 - the premier maturity model for software assurance. They will provide a thorough overview of how to use SAMM in your organization and highlight the new features of the recently released v2.1. In addition, they will share the results of our 2022 SAMM survey and provide an update on the revamped SAMM benchmark initiative. Don't miss this opportunity to learn from the experts and take your organization's software security to the next level!
Tags:
software security
SAMM v2.1
Maturity Model
software assurance
survey

Understanding the Future of Ingress-nginx

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Ricardo Katz, James Strong
2022-10-28

tldr - powered by Generative AI

The presentation discusses the complexity of managing the Ingress Nginx project and the roadmap for future developments.
  • The Ingress Nginx project is complex and requires extensive testing and maintenance
  • The project includes multiple container images, static configurations, annotations, and configuration options
  • The roadmap includes a data plan control plane split and the addition of new features such as Open Telemetry
  • Users are encouraged to test new releases and provide feedback to ensure stability
  • The CH root environment was added to address a CVE vulnerability and will be removed once the CPDP split is complete
Tags:
ingress-nginx
community
survey
results
future

OWASP Top 10 Flagship Project "The making of the OWASP Top 10 and beyond"

Conference:  OWASP 20th Anniversary Event
Authors: Brian Glas
2021-09-24

tldr - powered by Generative AI

The presentation discusses the process of creating the OWASP Top 10 2021 and the core principles that guided the selection of the top 10 risk categories.
  • The OWASP Top 10 is a baseline for software security and not a ceiling.
  • Data is important but has limitations as it reflects the past and not necessarily the present.
  • Stability is crucial in the selection of the top 10 risk categories to provide foundational stability for others to build on.
  • The goal is to raise the minimum bar and improve security across the industry and community.
  • Driving the right behavior is important to improve software security across the industry.
  • Root cause analysis is important in identifying and addressing software security issues.
  • The OWASP Top 10 2021 was created through a process of data collection, survey, data analysis, categorization, drafts, reviews, and the released product.
Tags:
Top 10 2021
data collection
survey
data analysis
Categorization