Application Security Industry Consortium Established to Develop Cross-Industry Application Security Guidelines, Measurements and Methodologies.WILMINGTON, Mass. -- Community of Technology Leaders to Define Security Guidelines and Generate Application Security Assessment Criteria Security Innovation, the independent industry leader in application security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, , research and training, today announced the formation of the Application Security Industry Consortium (AppSIC). Comprised of world-renowned industry technologists and leaders, AppSIC was formed to help establish and define cross-industry application security guidance and metrics. AppSIC's primary goals are to translate security practices and activities throughout the development lifecycle into business return on investment. This would arm organizations with what they need to make informed application security purchase and deployment decisions. The consortium aims to provide a critical bridge between the academic, industrial, vendor, government and business communities on the challenges of application security. Founding members of the consortium are drawn from such organizations as Compuware, Florida Institute of Technology Florida Institute of Technology is an independent technical college located in Melbourne, Florida (Brevard County), United States. It was founded by Jerome P. Keuper on September 22, 1958 as Brevard Engineering College, absorbing the University of Melbourne, and changing its name , Gartner, Inc., IDC, ING, Microsoft, Oracle, Red Hat, SAP, Secure Software, Security Innovation and Yoran Associates. "AppSIC will focus on developing evaluation methodologies that make application security relevant to business and technology decisions," said Herbert Thompson, Ph.D., consortium chair. "Consumers need to have confidence in the software they buy, build and deploy. Development groups need a yardstick to help them refine their processes and make measurable progress towards security. CxOs need actionable insight into the security of the applications that run their critical business processes. AppSIC's diversity and seasoned membership uniquely position it to deliver metrics and methodologies that meet these needs." By the end of the year, AppSIC will publish an industry whitepaper around security metrics and ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). . This will serve as the foundation for the metrics and guidelines AppSIC will be defining as part of its mission. "Security is a critical component of the application development lifecycle," said Mary Ann Davidson Mary Ann Davidson is the Chief Security Officer of Oracle Corporation, the second largest software company in the world. Her outspoken views regarding software security and role as security spokesperson for a leading database product have made hers an important voice among computer , chief security officer, Oracle. "Working with the AppSIC organization to establish application security guidelines, Oracle, the world's largest enterprise software company, can further help organizations better derive business benefits from their security procedures and resources." "As the world's leading provider of the software that runs companies' mission-critical business processes, SAP requires standardized security assessment criteria that are based upon sound methodologies and perspectives," said Sachar Paulus, chief security officer, SAP. "Making application security measurable needs the commitment of key stakeholders throughout the software community. SAP has joined AppSIC to help drive this mission-critical task objective for the industry and, ultimately, for our customers." "The IT, network and software development worlds intersect via applications but no one knows how to consistently assess the security of their applications. AppSIC will generate security assessment criteria, proliferate application security knowledge, and help organizations improve their internal processes to address application security across the lifecycle," said Charles Kolodgy, research director, IDC. Founding AppSIC members include: Herbert H. Thompson, Ph.D., consortium chair, Security Innovation Scott Charney, VP, Trustworthy Computing The term Trustworthy Computing (TwC) has been applied to computing systems that are inherently secure, available and reliable. The Committee on Information Systems Trustworthiness’ publication, Trust in Cyberspace, defines such a system as one which , Microsoft (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ) Mark Cox, senior research engineer, Red Hat (NASDAQ: RHAT RHAT Red Hat (stock symbol) RHAT Rainwater Harvesting Association of Tanzania RHAT Register Hba Attributes ) Mary Ann Davidson, CSO (Chief Security Officer) The person in charge of all staff members who are responsible for promulgating, enforcing and administering security policies for all systems within an enterprise or division. , Oracle (NASDAQ: ORCL ORCL Oracle (stock symbol) ) Charles Kolodgy, research director, Security Products, IDC Theresa Lanowitz, research director, Gartner, Inc. (NYSE NYSE See: New York Stock Exchange : IT) Steve Lipner, senior director of security engineering strategy, Microsoft Corp. (NASDAQ: MSFT) Serge Moreno, Global Information Risk Management, ING (NYSE: ING) Sachar Paulus, Ph.D., CSO, SAP (NYSE : SAP) Dan Schoenbaum, VP, Strategy, Compuware (NASDAQ: CPWR CPWR Center to Protect Workers' Rights (now Center for Construction Research and Training) CPWR Council for a Parliament of the World's Religions CPWR Coupled Plasma-Waveguide Resonance ) John Viega, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. , Secure Software James A. Whittaker James A. Whittaker is a professor of computer science at the Florida Institute of Technology (Florida Tech) and is founder of Security Innovation. In 1992, he earned his Ph.D. in computer science from the University of Tennessee. , Ph.D., professor, Florida Institute of Technology Amit Yoran, president, Yoran Associates For more information about AppSIC, please visit www.appsic.org. About AppSIC The Application Security Industry Consortium is a community of security and technology experts united to establish and define the cross-industry application security guidelines and measures, seeking to: --Bridge the gap between application security issues & business needs; --Develop a yardstick for secure software development processes; --Generate application security assessment criteria; --Develop guidelines to address application security issues throughout the software development process; and --Provide insight on security and business return on investment. About Security Innovation Security Innovation, Inc. is the leading independent provider of application security services. Dozens of leading organizations, including Adobe, Cisco, Fidelity, Harris Corporation, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , ING, HP, Microsoft, VISA, SAP, Symantec, VeriSign and a number of government agencies, rely on Security Innovation's expertise in application security testing and training to develop, evaluate and deploy more secure applications. More than 60 percent of the Company's staff holds advanced degrees in computer science with 30 percent at the Ph.D. level. The Company is headquartered in Wilmington, Mass., with offices in Amsterdam, The Netherlands; Seattle, Wash.; and Melbourne, Fla. For more information about Security Innovation, visit www.securityinnovation.com or call +1.978.694.1008. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion