[Owasp-london] Owasp-london Digest, Vol 8, Issue 2

[Sebastian Sanchez]

Thanks Ivan, I enjoyed the meeting and will try to get more people from work
to go next time.

Seb

On 10/09/2007, owasp-london-request at lists.owasp.org <
owasp-london-request at lists.owasp.org> wrote:
>
> Send Owasp-london mailing list submissions to
>         owasp-london at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.owasp.org/mailman/listinfo/owasp-london
> or, via email, send a message with subject or body 'help' to
>         owasp-london-request at lists.owasp.org
>
> You can reach the person managing the list at
>         owasp-london-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-london digest..."
>
>
> Today's Topics:
>
>    1. September 5 Meeting Notes (Ivan Ristic)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 09 Sep 2007 22:27:02 +0100
> From: Ivan Ristic <ivanr at webkreator.com>
> Subject: [Owasp-london] September 5 Meeting Notes
> To: owasp-london at lists.owasp.org
> Message-ID: <46E46526.1040503 at webkreator.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> The meeting on September 5th was held in the Auriol Kensington Rowing
> Club (http://www.akrowing.com/page.php?page=findus). Breach Security
> (http://www.breach.com) covered the cost of the venue.
>
> There were 13 people at the meeting. A few others wanted to come but
> were prevented either by work or the tube strike.
>
> The meeting kicked off with a video message from Jeff Williams. Well,
> not really a video message because we didn't get to actually see
> Jeff. We only got to hear his voice over some slides describing OWASP.
>
> PDP spoke next. His talk was very interesting (you can find the
> whitepaper here:
> http://www.gnucitizen.org/blog/for-my-next-trick-hacking-web20); it
> lasted longer than anticipated. This wasn't a problem for PDP or
> the audience, but it did affect the activities scheduled for after
> - some people had to leave.
>
> After a short break, the mandatory discussion on privacy issues
> followed. The overall impression is that the topic of privacy is
> much larger than web application security. Even if we fixed all
> issues we could (in this area) the issues of privacy would remain
> largely unaffected.
>
> An idea was floated to force all sites to declare what they are
> going to do with personal information. And to have them inspected
> (certified) by a third party on regular basis. For example:
>
> - Provide a list containing each piece of information kept.
>
> - For each such piece declare how long it will be kept.
>
> A third party could certify the site was developed in accordance
> with best security development practices. (Note that it would
> not certify that the site does not contain any problems.)
>
> Ultimately, however, the problem is that the majority of people
> simply do not care for the privacy and security issues. Until
> that changes it is not likely for things to improve.
>
> The plan, initially, was to also discuss the future of the OWASP
> chapter but because it was already 22:30 most people wanted to
> leave. However, the topic was brought up several times during the
> meeting, in the breaks between the activities. The good news is there
> is both will and interest. I will summarise in a separate email and
> move discussion to the mailing list.
>
> Some suggestions I got from people:
>
> - Meet more often.
>
> - Have shorter meetings (7pm - 9pm was suggested).
>
> Bye,
> Ivan
>
>
> ------------------------------
>
> _______________________________________________
> Owasp-london mailing list
> Owasp-london at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-london
>
>
> End of Owasp-london Digest, Vol 8, Issue 2
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-london/attachments/20070910/d30721bd/attachment.html