[Owasp-leaders] I am glad to announce we've just set a new project up - the OWASP Myth Breakers Project, led by Stefano Di Paola & Dinis Cruz.

[Dave Wichers]

I did a talk last fall at AppSec DC on 'Strengths of Combining Code Review
with Application Penetration Testing
<http://www.owasp.org/index.php/The_Strengths_of_Combining_Code_Review_with_
Application_Penetration_Testing> '. One major point of my talk was to try to
bust the 'myth' that code review is way more expensive than pen testing, and
that we can't find enough qualified code reviewers. There are millions of
really good developers that can be taught how to review code. There aren't
anywhere near as many good pen testers. So it's my position that its
'easier' to find and use good code reviewers than pen testers, not harder,
and that code review is far more effective than pen testing overall, and
really shines when both are done together.

 

This is not obvious from the title of my talk but I was trying to not offend
anyone.

 

-Dave

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Stefano Di Paola
Sent: Tuesday, March 01, 2011 3:29 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] I am glad to announce we've just set a new
project up - the OWASP Myth Breakers Project, led by Stefano Di Paola &
Dinis Cruz.

 

Thanks Paulo,
in the next days we'll put together the ideas and start the mailing
list!
Anyone with some ideas about legends to be busted is encouraged to note
it down and send it to the new mailing list as soon as it'll be
available.

Cheers,
Stefano



On Tue, Mar 1, 2011 at 1:41 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

Leaders,

 

I am glad to announce we've just set a new project up - the OWASP Myth
Breakers Project, led by Stefano Di Paola & Dinis Cruz. 

 

http://www.owasp.org/index.php/Projects/OWASP_Myth_Breakers_Project 

 

The project's purpose is "similar to http://dsc.discovery.com/tv/mythbusters
but for appsec, urban legends and assumptions regarding appsec will be
tested and there'll be a set of examples that will prove the
correctness/incorrectness of a statement related to the question. Every
question will be answered in the mailing list and further, a page on the
OWASP site will be created to report the results. Also anyone will be able
to use the contents of the page/ml in OWASP conferences to spread the verb
about what's an urban legend and what's not".

 

As always, your suggestions and contributions would be greatly appreciated.


 

Thanks,

- Paulo

 

 

Paulo Coimbra,

OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra> 

 


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110301/af6e1858/attachment.html