Over the past few years, I haven’t had the time to attend many security conferences. I happened to be in Seattle for the tail end of the OWASP autumn of code (October of 2006). I had the chance to go out to dinner and chat with many of the leaders in web application security. These are some of the sharpest guys in the industry and OWASP is on the cusp of really taking off. Some of their proposed projects for the Spring of Code will greatly aid the security industry. I already use many of their tools and the financing of innovative, open source security tools is *always* a good thing.
I’m very excited to see that a ‘source code scanner’ may be one of the funded tools. As I’ve blogged in the past, there are great ‘frameworks’ (CodeScout and SWAAT to name two), but the meat of the work is always the individual checks. I hope to see a great open source .NET source code scanner in the near future.
If you’re young (of heart or otherwise), full of vim and vigour, and can afford the time, check out their Spring of Code initiative at http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007