grouper-users - Re: [grouper-users] Grouper AppSec Working Group?
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Barton <>
- To:
- Subject: Re: [grouper-users] Grouper AppSec Working Group?
- Date: Wed, 14 Aug 2013 17:33:50 -0500
Bill, thanks. I think this is a very interesting (and fun looking!) way to help ensure that an app like grouper is secure.
Grouper-Users, if you or your security team colleagues might be interested in something like this, please speak up by replying to this thread. The grouper developers would be extremely interested to see what would be learned by such an effort, and I know they will want to address any substantial issues that would emerge.
Thanks,
Tom
On 8/14/2013 12:01 PM, William G. Thompson, Jr. wrote:
Folks,
On a recent grouper-dev call the issue of application security came
up. Earlier this year the CAS community formed a working group
composed of security minded folks from the CAS adopting community.
We've been following OWASP Threat Modeling
https://www.owasp.org/index.php/Application_Threat_Modeling to produce
security artifacts for CAS
https://wiki.jasig.org/display/CAS/CAS+Threat+Modeling.
The goals of the WG include improving CAS security, providing security
artifacts for potential adopters, and implementing policy and
processes for vulnerability analysis and notification.
There will be a presentation on this at AppSecUSA 2013 in November.
http://appsecusa.org/2013/schedule/
Anyway happy to chat about this work with anyone if there's interest
in doing something similar for Grouper.
Best,
Bill
- [grouper-users] Grouper AppSec Working Group?, William G. Thompson, Jr., 08/14/2013
- Re: [grouper-users] Grouper AppSec Working Group?, Tom Barton, 08/14/2013
Archive powered by MHonArc 2.6.16.