GPG Infrastructure for OWASP
OWASP generates, delivers, and hosts a range of documents and tools that are widely accepted for their high quality. But there is no mechanism to make these projects tamper-proof.
OWASP needs an organisational and technical infrastructure to sign documents and code. This Working Session aims to create a GPG infrastructure for OWASP.
- Organisational infrastructure: e-mail addresses, people who “own” the keys, trust chain
- Technical infrastructure: e-mail addresses, owasp.org/GPG
- Leaders should have a GPG key signed by OWASP’s “master key” at end of the Summit
- TBD …
The target audience for this Working Session is:
- Board members
- Technical staff
Back to list of all Working Sessions and Tracks
Edit this page here