[Global_industry_committee] Nice idea to discuss and follow-up - [Fwd: IMPORTANT Please forward to Georg Hess BEFORE Tuesday]

Georg Heß georg.hess at artofdefence.com
Tue Nov 10 23:29:02 EST 2009


Christian,

great - does anybody really use it - in the sense that in the case of an
incident, this email alias is alerted to everybody will react quickly ???


-- 
Dr. Georg Hess (CEO) - georg.hess at artofdefence.com
T:+49 (0)941 604 889 58  M:+49 (0)170 575 3154  F:+49 (0)941 604 889 837

art of defence GmbH, Bruderwöhrdstr 15b, 93055 Regensburg, Germany
------------------------------------------------------------------------
Amtsgericht Regensburg HRB 9708
Geschäftsführer:
Dr. Georg Heß, Alexander Meisel
------------------------------------------------------------------------

Christian Heinrich wrote:
> Georg,
> 
> Security related e-mail aliases were defined in
> http://www.rfc-archive.org/getrfc.php?rfc=2142 back in 1997.
> 
> On Tue, Nov 10, 2009 at 3:37 AM, Georg Heß <georg.hess at artofdefence.com> wrote:
>> Dear members,
>>
>> pl find attached an idea that was brought up to me end of last week
>> after an interview with the podcast journalist.
>>
>> I am not at all familiar whether there are already tons of initiatives
>> like this one in the US but it might be a good topic to hook on and
>> perhaps even discuss it on the Summit on Wednesday.
>>
>> I feel it is one of these opportunities where OWASP can actually do
>> something... and which we could use in reaching out to "all industries,
>> branches, etc... "
>>
>>
>> I told Ira that although I am certainly much interested in following up
>> with him I might just be the wrong person in particular for the US region.
>>
>> What do you think ?
>>
>> Looking forward to meeting you WED evening... my flights were already
>> booked before the summit was announced...
>>
>> Cheers
>> Georg
>>
>>
>> -------- Original Message --------
>> Subject: IMPORTANT Please forward to Georg Hess BEFORE Tuesday
>> Date: Sat, 7 Nov 2009 22:58:02 -0500
>> From: Ira Victor <Ira at dataclonelabs.com>
>> To: Nicole Miscioscia <nicole at marchpr.com>
>>
>> Hello Georg,
>> It was good to meet you on the phone this week. Here is the "elevator
>> pitch" for Report Security Flaws:
>>
>> Report Security Flaws exists to increase awareness and responsiveness in
>> Internet vendors and web site operators when they receive
>> security-related disclosures.
>>
>> It is our hope that all vendors/operators maintain an email alias that
>> exists for the sole purpose of receiving disclosure notices from parties
>> reporting noted security flaws on the vendor/operator's web site. Report
>> Security Flaws was established as a public service by Russ McRee of
>> HolisticInfoSec.org and Ira Victor, of The Data Security Podcast.
>>
>> Further, said email alias should be monitored by individuals with an
>> understanding of web application security issues and business logic
>> flaws, while maintaining a close working relationship with the site
>> developers and operations engineers. This relationship should allow for
>> the quick escalation of reported issues for mitigation and remediation.
>>
>> Examples of such email alias might include:
>> security at domain.com
>> websecurity at domain.com
>> webreports at domain.com
>>
>> Too often vendors and web site operators fail to manage the proper
>> intake and escalation of reported security flaws, leading to lapses in
>> web application security for days, weeks, and even months.
>>
>> We are very interesting in having OWASP incorporate this approach into
>> its guidelines. It is our desire that this concepts spread to other
>> organizations and standard setting bodies. We would be happy to provide
>> more details and meet by phone or online web meeting.
>>
>> Sincerely,
>> Ira Victor, GIAC G17799 GCFA GPCI GSEC  ISACA CGEIT
>> Co-host, Data Security Podcast
>> 30min every week on data security, privacy and the law
>>
>> Audio Stream: http://datasecuritypodcast.com
>>
>> On iTunes: http://itunes.datasecuritypodcast.com
>>
>>
>> --
>> Dr. Georg Hess (CEO) - georg.hess at artofdefence.com
>> T:+49 (0)941 604 889 58  M:+49 (0)170 575 3154  F:+49 (0)941 604 889 837
>>
>> art of defence GmbH, Bruderwöhrdstr 15b, 93055 Regensburg, Germany
>> ------------------------------------------------------------------------
>> Amtsgericht Regensburg HRB 9708
>> Geschäftsführer:
>> Dr. Georg Heß, Alexander Meisel
>> ------------------------------------------------------------------------
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>
> 
> 
> 


More information about the Global_industry_committee mailing list