Explore the evolution and impact of OWASP's standard classification system in this 27-minute talk by Jeff Williams. Delve into the challenges faced by the software industry, the importance of transparency in security, and the role of OWASP in promoting better practices. Learn about the concept of "rough consensus" and how it has shaped OWASP's approach to software security. Examine topics such as the Abstech problem, market for lemons, visibility levels, and the importance of trust in software development. Discover the potential of software security labels, DevSecOps, and the significance of open-source software in the context of public health and governance. Gain insights into OWASP's governing philosophy and its ongoing mission to improve software security across the industry.
OWASP Standard Classification - Rough Consensus - An OWASP Story
Overview
Syllabus
Introduction
I love software
We seem unable to do anything
The Abstech problem
Weve already benefited
Were not there yet
Its mission not accomplished
Market for lemons
Visibility levels
Trust
Security and Sunshine
Markets
Software Security Labels
Research on Labels
DevSecops
OOAs
Top 10 Lists
Why OSS is Special
Public Health
OS
Governing Philosophy
Summary
Taught by
OWASP Foundation
