[Governance] [Owasp-leaders] [OWASP ASVS] Obfuscation?

Matt Tesauro matt.tesauro at owasp.org
Fri Nov 7 04:04:16 UTC 2014

Yvan is 100% correct with:
The technical enforcement aspect is only one part of it.  Technical
measures to curtail participation are a rathole, especially for security
folks since many of us have "figure out how to bypass controls" as part of
our of our professional repertoire.

Any attempt to ban someone from the OWASP lists with a technical measure
such as rejecting an address at the email gateway or banning an address
from posting to Mailman would be trivial to bypass.

It would be like bringing a dull knife to a gun fight.

Josh:  Perhaps you misheard me since you were remote for the board meeting
in Denver/September - that's the only board meeting I've attended in quite
some time.  If I said anything like that - or was asked, it would be to say
its technically possible to implement but absolutely useless as an
effective measure to stop someone determined to post to a one of our public

[snip] Not sure where the ball was dropped there [snip]

Honestly, I don't think the ball was ever in the air to begin with.

-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20141106/8124f012/attachment.html>

More information about the Governance mailing list