When it comes to enterprise security, Steve Orrin believes in building it in rather than tacking it on. And the CTO of Sanctum spends much of his time evangelizing the importance of embedding security in applications by participating in two OASIS working groups established in 2003. The WAS-XML working group focuses on Web application security; he’s also working on formulating the Application Vulnerability Description Language.
Within Sanctum, early in 2003, Orrin led the development of AppScan DE, an automated testing tool that helps developers create secure Web applications using either Microsoft .Net or Java code. Orrin has also lead Sanctum's development of software that searches the Web for purloined documents, something companies use to prove that data has been stolen.