[Global_chapter_committee] [Owasp-pci-project] Draft Project Plan - May 2011

Christian Heinrich christian.heinrich at owasp.org
Thu May 12 00:48:09 EDT 2011


On Thu, May 12, 2011 at 2:14 PM, Tom Brennan <tomb at owasp.org> wrote:
> Like that you have a project plan seems it involved every committee.  Perhaps what I am missing here is what would you like to achieve with this effort?

Not sure why the GCC (Chapter) was CCed - perhaps you can clarify?

As for reference to the other OWASP committees, Card Brands, etc - I
tend to prefer not to politically threaten others unless push comes to
shove (i.e. my position is correct) and would prefer their support
rather then the surprise attack at the eleventh hour.

This may be more clearly when I start the discussions with the OWASP
committees next week so I apologies in advice if the above can be

On Thu, May 12, 2011 at 2:14 PM, Tom Brennan <tomb at owasp.org> wrote:
> End Game - How do you know when the project is completed - what is the goal?

The intent is to complete a majority of this for presentation at

On Thu, May 12, 2011 at 2:14 PM, Tom Brennan <tomb at owasp.org> wrote:
> When Trey Ford and I talked about him starting this project is was about pointing out shortcomings to PCI and application security.. the project never got off the ground after he left WhiteHat.   Clarification can help crowd source on the effort.  As you are well aware PCI is to protect the card brands that is pushed to the processors and the merchants to limit liability to the..... card brands.

I don't completely accept this argument, rather that the conserviate
nature of financial services hinders their security while economically
they promote that they are "secure".

That stated, I would prefer collaboration with PCI SSC and the Card
Brands rather then conflict - neither am I expecting their
culture/position to change overnight, rather over a period of time.

Christian Heinrich

More information about the Global_chapter_committee mailing list