GPG Infrastructure for OWASP


Why

OWASP generates, delivers, and hosts a range of documents and tools that are widely accepted for their high quality. But there is no mechanism to make these projects tamper-proof.

OWASP needs an organisational and technical infrastructure to sign documents and code. This Working Session aims to create a GPG infrastructure for OWASP.

What

  • Organisational infrastructure: e-mail addresses, people who “own” the keys, trust chain
  • Technical infrastructure: e-mail addresses, owasp.org/GPG
  • Leaders should have a GPG key signed by OWASP’s “master key” at end of the Summit
  • TBD …

Who

The target audience for this Working Session is:

  • Board members
  • Technical staff


Back to list of all Working Sessions and Tracks

Edit this page here