How it will work and what to expect next
An update from the new Chair of the Board of Governors
My name is Robert Rodger, I’ve worked in cyber security for just over 29 years; I have a passion for helping organisations unlock business value through being secure and reliably resilient. In my day job I am a Chief Information Security Officer within financial services. I am delighted to share that I will be the Chair of the Board of Governors for the Software Security Project or SSP.
It has been a long time since the SSP was first conceived, and unapologetically, we are slowly working on exactly how it will operate. It’s important we get it right from the outset. That said, it feels like a good time to provide a short update about where we are today. I jumped in to Chair the project, because I strongly believe that we need everyone in the
industry to rally around an unbiased set of industry priorities, and collectively work to make improvements in those areas that truly matter.
We want to put those who are accountable for delivering security within organisations to collectively work on a set of issues that are top of mind for those of us that are accountable for protecting companies and do it in a way that is free of bias from people selling services and tools. There will be no fee to join or sponsorship.
The project is being led and governed by a board of around ten directors that are all Chief Information Security Officers, Chief Security Officers and very senior security leaders working in industry. We will have representatives from financial services, manufacturing, telecoms, travel and leisure, health care and government. As of today there is a European bias for practicality but this will change to a global one as we get established. Participation in the governance process is by invite only and will not include consultants or vendors. Mark Curphey who founded OWASP (Open Worldwide Application Security Project) and conceived the SSP will be our Chief of Staff, but will not have a role in governance. We all have busy day jobs and so will direct work to be done by our teams or people we invite at our discretion.
We will publish the list of the governors when they have obtained the appropriate compliance sign off from their companies.
The first project we will be tackling is to create a list of the Top Ten issues we see in Software Security Engineering. Current lists don’t represent the real macro level issues the industry needs to focus on.
We are hoping to be able to publish this along with a roadmap that is aligned to it by the end of year.
If you are not already signed up the mailing list, please do so at
https://softwaresecurityproject.org/
Regards,