[Governance] [Owasp-leaders] [OWASP ASVS] Obfuscation?

Matt Tesauro matt.tesauro at owasp.org
Fri Nov 7 04:04:16 UTC 2014


Yvan is 100% correct with:
[snip]
The technical enforcement aspect is only one part of it.  Technical
measures to curtail participation are a rathole, especially for security
folks since many of us have "figure out how to bypass controls" as part of
our of our professional repertoire.
[snip]

Any attempt to ban someone from the OWASP lists with a technical measure
such as rejecting an address at the email gateway or banning an address
from posting to Mailman would be trivial to bypass.

It would be like bringing a dull knife to a gun fight.

Josh:  Perhaps you misheard me since you were remote for the board meeting
in Denver/September - that's the only board meeting I've attended in quite
some time.  If I said anything like that - or was asked, it would be to say
its technically possible to implement but absolutely useless as an
effective measure to stop someone determined to post to a one of our public
lists.

[snip] Not sure where the ball was dropped there [snip]

Honestly, I don't think the ball was ever in the air to begin with.

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project

>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20141106/8124f012/attachment.html>


More information about the Governance mailing list