GPG Infrastructure for OWASP


OWASP generates, delivers, and hosts a range of documents and tools that are widely accepted for their high quality. But there is no mechanism to make these projects tamper-proof.

OWASP needs an organisational and technical infrastructure to sign documents and code. This Working Session aims to create a GPG infrastructure for OWASP.


  • Organisational infrastructure: e-mail addresses, people who “own” the keys, trust chain
  • Technical infrastructure: e-mail addresses,
  • Leaders should have a GPG key signed by OWASP’s “master key” at end of the Summit
  • TBD …


The target audience for this Working Session is:

  • Board members
  • Technical staff

Back to list of all Working Sessions and Tracks

Edit this page here