Tuesday, July 7, 2009

OWASP and the Nominet Best Practice Challenge 2009

Authored by Colin Watson.

In March, OWASP London submitted an entry to the Nominet Best Practice Challenge 2009, on behalf of The Open Web Application Security Project, in the Best Security Initiative Award category.

Nominet maintain the .uk internet name space and is a not-for-profit company with 3,000 members, managing about 8 million domain names. Nominet work with the UK government, liaise with ICANN and other domain name registry organisations. They are supporting the UK's input to the worldwide Internet Governance Forum (IGF), which is a forum mandated by the UN Secretary General to discuss policy issues, critical resources, imposition of internet governance, to promote availability throughout the world and to facilitate exchange of information and best practices. Nominet, the UK government, key parliamentarians and other organisations formed the UK Internet Governance Forum.

For the last 3 years, Nominet has organised the Best Practice Challenge to recognise organisations, groups and individuals who have embraced the challenge of making the Internet a secure, open, accessible and diverse experience for all. The four IGF themes of security, access, diversity and openness were reflected in the six award categories:
  • Best development project award
  • Best security initiative award
  • Raising industry standards award
  • Personal safety online award
  • Internet for all award
  • Open Internet award
In 2008, OWASP was shortlisted for the same award. The judges, chaired by the Rt Hon Alun Michael MP, praised OWASP's democratic and international structure and the way it helped to raise awareness, but that it would be good to see how we progressed. OWASP London discussed the idea again in early 2009 and decided to enter for the 2009 round. We thought it would raise further awareness about OWASP since winners are promoted as examples of best practice on the Internet, to industry, government and academia in the UK. Most importantly though, the winners are showcased at the next IGF meeting, in Egypt in November, to a worldwide audience. That visibility is what we were hoping for.

Our entry was proposed the whole of OWASP for the award, although we did try to highlight contributions to OWASP, its projects and other activities by UK participants, and the presence of two other chapters in the UK - Leeds and Scotland. We especially mention the great work done by everyone in the Summer of Code 08, improved project management, the new tools and guides recently published, the availability of at-cost books and translations, the summit in Portugal and the work of the new committees. We also highlighted some of the outreach work to government organisations. The people who helped put the entry together were Justin Clarke, Colin Watson, Yiannis Pavlosoglou, Kate Hartman, Paulo Coimbra, Dinis Cruz and Wayne Huang. Dinis suggested we send some books as well - so we printed some from Lulu and sent them separately with the suggestion of passing the viral books "on to your own web application developers or a local university, college or school" after the awards. Justin Clarke, London Chapter Leader, submitted our entry at the end of March.

In June we heard that we had been shortlisted and were invited to the awards dinner at the early 17th century Banqueting House in Whitehall, London. Short-listed entries in all categories showed some innovative work being undertaken across the UK in security, access, diversity and openness. OWASP did not win - the Yorkshire Business Crime Reduction Centre (BCRC) won the Best Security Initiative Award. The BCRC is supported by South Yorkshire Police and the Regional Development Agency, and undertakes e-commerce and physical security assessments for small and medium-sized enterprises (SMEs) in the area. Their recent E-Crime Guide is a very useful introduction to the issues.

Congratulations to all the winners. The entry has, at least, raised OWASP's profile with decision-makers in the UK.

Authored by Colin Watson.

No comments: