Sunday, August 24, 2008
Do Indian Outsourcing Firms understand Web Application Security
Has anyone noticed that the vast majority of Indian outsourcing firms have no clue when it comes to web application security? Other than having a few guides on their intranet site that nobody actually reads, are US customers acting irresponsibly by allowing folks to write web applications offshore making themselves insecure if the proper knowledge base doesn't exist?
The folks over at Cognizant are the only consistent exception I have been able to observe. They actively encourage their employees not only learn about web application security but to also attend local OWASP chapter meetings regardless of whether they are in India or the United States. They even sponsor the OWASP chapter in Chennai.
It is curious to me that Cognizant understands the value proposition of encouraging their employees to participate in OWASP, but other firms such as Infosys, Satyam, TCS and others are still missing in action...
| | View blog reactionsThe folks over at Cognizant are the only consistent exception I have been able to observe. They actively encourage their employees not only learn about web application security but to also attend local OWASP chapter meetings regardless of whether they are in India or the United States. They even sponsor the OWASP chapter in Chennai.
It is curious to me that Cognizant understands the value proposition of encouraging their employees to participate in OWASP, but other firms such as Infosys, Satyam, TCS and others are still missing in action...