Sweden have gotten a local chapter of OWASP, the worldwide free and open community focused on improving the security of application software. On tuesday the 1st of april 2008 a seminar was scheduled to become the kick-off to startup this local chapter. The man behind all this was John Wilander, who have gotten the blessing of the OWASP board to start a Swedish chapter.
The agenda for the day called for three speakers that covered various areas including development methodology, computer languages with built-in support of secure programming paradigms and unusual and hard-to-spot flaws.
John Wilander of Omegapoint made the welcome speech and gave an introduction of OWASP and the his vision for setting up a local chapter.
Michael Anderberg of Microsoft gave an overview of the Secure Software Development Lifecycle concept and model that Microsoft have developed. The model was created as part of Microsoft’s Trustworthy Computing initiative. His main point was that everyone should use it. It was developed for the needs of Microsoft, but the model has been documented in various books, etc
Andrei Sabelfeld of Chalmer unversity gave an overview of the research performed by his research group, mainly information flow based security. He also gave some examples of the problems with some concurrent languages approach to this, e.g. the taint feature of perl.
Per Mellstrand of Sony Ericsson gave a good show beeing somewhat provocative and a lightning fast talker. His bughunting safari was quite nice where he pointed to the, now classic, subtle double free bug in the zlib compression library, and the effects of this - in everything from OSS kernels to commercial application code.
The program comittee have manage to put together a really nice seminar that included both more industrial type experiences and knowledge as well as hot research topics.
The overall impression of this OWASP Sweden kick-off cannot be described with any other words than pure success. Without any real budget or advertisment close to 100 persons, from industry, government and academia showed up at the World Trade Center in Stockholm to participate.
OWASP Sweden have all the possibilities to become a hot-house and focal point for some of the security community in Sweden.
If youre interested in application security, you can join the OWASP Sweden mailinglist here. The next OWASP Sweden seminar is scheduled to be in Clarion Hotel, Skanstull, at 6pm (snacks from 5pm) on the 27th of may. See you there.