[Owasp-board] Fwd: Your comments on Owasp Membership (and MerryChristmas and Happy NewYear)

Jeff Williams jeff.williams at owasp.org
Mon Jan 8 18:25:44 UTC 2007


I think it makes sense to say the materials were originally provided by
Company X.  The Fortify (vulnerability writeups) and Secure Software (CLASP)
donations work that way.  I think we should reserve this for major
donations, not for little articles here and there.

 

--Jeff

 

  _____  

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Monday, January 08, 2007 11:33 AM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Fwd: Your comments on Owasp Membership (and
MerryChristmas and Happy NewYear)

 

Jeff, 

As per the email below, do we have a policy for co-branding of materials
donated to OWASP?

Dinis

---------- Forwarded message ----------
From: Tracy, Edward <tracy_edward at bah.com>
Date: Jan 8, 2007 4:28 PM
Subject: RE: Your comments on Owasp Membership (and Merry Christmas and
Happy NewYear)
To: Dinis Cruz < dinis at ddplus.net>

You got some really good answers on OWASP membership. I really like the
question about non-conflicting board members. Who are the board members, how
does that work, and are there elections? 

 

I also like the point that someone made that OWASP is a group of
hackers...in the sense that we're all the security professionals and not
really software engrs. We have a heavy bias on security analysis instead of
security engineering. Tho greatly interested in security testing, I find
even I have been turned off by some threads of discussion. People coming
across as find-vulnerabilities-and-stick-it-to-the-man.

 

Some chapters aren't active. Can there be some kind of incentive for a
chapter lead for evangelisizing? Getting chapter meetings to be held at
local universities sounds brilliant. Can someone organize a chapter
presentations catalog? (i know, i'm thinking of volunteering...argh)

 

I also want to reiterate that I think the Top 10 is viewed as a beginner's
document. So, it's read once then quickly put on the shelf. It comes across
as a security guy's first whitepaper on the issues. It's not academic, it's
not clearly organized, it's not looking at concepts but instead symptoms,
and it causes problems and confusion when organizations try to "address" the
top 10, etc.

 

I am optimistic that OWASP is maturing, and I'm trying to help...I have
materials that I want to release thru OWASP and maintain branding. Is this
possible. I know, we have project sponsors, but will the document be
co-branded? That may convince our execs to release some material.

 

-ed

 

 


  _____  


From: owasp-all-bounces at lists.owasp.org
[mailto:owasp-all-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Friday, January 05, 2007 8:17 PM
To: owasp-all at lists.owasp.org
Subject: Your comments on Owasp Membership (and Merry Christmas and Happy
NewYear)

Hi, Firstly I would like to wish you a very Merry Christmas (if you
celebrate it) and a Happy New Year of 2007 (I know, I know, I am a bit late,
but this year my Holidays in Portugal were 'offline' so I wasn't able to
send this before :) ) 

Secondly I would like to thank everybody that responded to my 'why aren't
you a member?' request. 

If you want to read these comments, I posted an anonymized version in our
WIKI: https://www.owasp.org/index.php/Members_Comments_On_OWASP_membership
(It makes a very interesting read and several comments are spot-on).

Your answers are a very good sample of what I suspected the current issues
to be. I am using them as a basis for an article that I am writing were I am
defending the case for OWASP membership (I will try to release it in a
couple weeks). 

Just as a preview, I will argue in this article that it is in YOUR (and your
company) best interest to join OWASP, since it can affect you: technically,
economically, socially and ethically. At the end of the day, it makes
business sense for you (and your company) to support OWASP :) 

So thanks for your comments, keep participating in OWASP and have a great
year of 10 0 0 111 :)

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org 



-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070108/979db9fc/attachment-0002.html>


More information about the Owasp-board mailing list