Software Integrity Blog

Author Archive

Andrew van der Stock


Andrew van der Stock is a senior principal consultant at Synopsys, providing technical leadership in security architecture, threat modeling, security architecture reviews, secure coding guidelines and reviews, assurance and penetration tests, risk assessments, and developer training. He has worked in the IT industry for over 20 years and is a seasoned web application security specialist and enterprise security architect. Andrew currently leads the OWASP Top 10 2017 and Application Security Verification Standard projects.

Posts by Andrew van der Stock:


Data misuse is a first-class security concern

Facebook has extended their long-running bug bounty program to include data misuse by third-party application providers. I applaud Facebook for making this stand. Despite the news being about one social media platform, one third-party application collecting data for a purported psychological survey, and the firms and people that surround the incident, it is important to […]

Continue Reading...

Posted in Data Breach | Comments Off on Data misuse is a first-class security concern


What’s happening with the OWASP Top 10 2017?

One of my favorite books, “The Hitchhiker’s Guide to the Galaxy,” describes itself in the introduction like this: “In many of the more relaxed civilizations on the Outer Eastern Rim of the Galaxy, the Hitchhiker’s Guide has already supplanted the great Encyclopedia Galactica as the standard repository of all knowledge and wisdom, for though it […]

Continue Reading...

Posted in Security Standards and Compliance, Web Application Security | Comments Off on What’s happening with the OWASP Top 10 2017?