Ounce in the News

Security, .NET, and the OWASP Project

10/5/2007, Dr. Dobbs

Summary

Dinis Cruz is a security consultant for Ounce Labs specializing in application security, source code security reviews, and security curriculum development. While the current main security model is based on trying to achieve nonexistence of application security vulnerabilities and malicious code, Cruz holds that the reality is that they do exist but need to be executed in a “sandbox” so they cannot be exploited. He thinks the current models reward features, performance, and speed-to-market while one single mistake can be fatal, because the current application environments are not designed to protect the data assets contained and managed by the application. He is trying to get some big players in the market to change application security paradigm to using Sandboxing technologies. Cruz is heavily involved with Open Web Application Security Project (OWASP), which is part of the open source efforts focusing on quality and value of application assets.

Read the full article at Dr. Dobbs.

Learn more about source code security.