[Owasp-board] OWASP conf - your topics?

Sebastien Deleersnyder seba at deleersnyder.eu
Sat Jan 26 12:56:32 UTC 2008

I subscribe these themes.

I would also add our basic theme:

Keep providing an open platform for application security projects and
We should provide and continously improve an engaging environment that
provides all people and organisations that support the OWASP mission to
create quality application security tools and guidelines that are available
to everyone.

I think it is important to stress this, certainly if we are supported by big
organisation such as MS and Adobe.
1) we should stay independant
2) we should also stay open for others, i.e. not create exclusive ties with
the supporting organisations

I do not want to preach to the choir, I just want to assure that we keep on
reflecting this in the external view on OWASP. i.e. guard the OWASP brand.



-----Original Message-----
From: Jeff Williams [mailto:jeff.williams at owasp.org] 
Sent: vrijdag 25 januari 2008 23:10
To: tomb at owasp.org; 'Sebastien Deleersnyder'; 'OWASP Foundation Board List';
'Alison McNamee'
Subject: RE: [Owasp-board] OWASP conf - your topics?

That's a good idea. Let's discuss our 2008 messaging at the Board meeting
upcoming.  My key themes are...

1) Encouraging transparency in all aspects of application security

I believe that the software market is broken, and the only way to fix it is
to address the current asymmetry in information between software buyers and
sellers. The more we can trick, cajole, and require organizations to
disclose how they are building, testing, and operating security, the closer
we will get to a market the encourages security.

2) Positive approach to improving the software market

The negative approach hasn't worked. I don't think security "researchers"
publishing exploits is helping fix the market. It encourages the
hamster-wheel-of-pain approach to managing security rather than an SDLC
approach.  So we don't disclose exploits, we make sure that everything we
discuss includes constructive advice on avoiding risks.

3) OWASP focuses on helping people use technologies more securely

This last one is very important to me, but controversial (at least with
Dave). My theory is that if spend our time trying to force improvements in
products (like IE, Flash, etc...) that we will end up largely frustrated,
and generally unappreciated.  However, if we recognize that all technologies
out there have vulnerabilities and can be used insecurely, our mission seems
clear.  We focus on helping people use these technologies (as broken as they
are) without taking on too much risk.



-----Original Message-----
From: Tom Brennan - OWASP [mailto:tomb at owasp.org] 
Sent: Friday, January 25, 2008 8:07 AM
To: jeff.williams at owasp.org; Sebastien Deleersnyder; OWASP Foundation Board
List; Alison McNamee
Subject: Re: [Owasp-board] OWASP conf - your topics?

Jeff how about a video keynote? The attendees like to hear from the big
Tom Brennan
OWASP Foundation Board Member
Tel: 973-202-0122 | Url: www.owasp.org

-----Original Message-----
From: "Jeff Williams" <jeff.williams at owasp.org>

Date: Thu, 24 Jan 2008 21:12:15 
To:"'Sebastien Deleersnyder'"
<seba at deleersnyder.eu>,<owasp-board at lists.owasp.org>,
<alison.mcnamee at owasp.org>
Subject: Re: [Owasp-board] OWASP conf - your topics?

I’d like to, but can’t because we’re expecting our 4th child around April 1
and I’m on a bit of a short leash for several months around that. 
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Sebastien
 Sent: Thursday, January 24, 2008 4:14 PM
 To: owasp-board at lists.owasp.org; alison.mcnamee at owasp.org
 Subject: [Owasp-board] OWASP conf - your topics? 
Gents, Alison, 
Who of you plans to attend the EU conference? 
What topics do you want to entertain us with on the conference: then I can
already put you in the schedule? 
I already have Mark as key note on day 1 – ideas for another one are welcome
(Bruce Schneier is not available – I asked). 
Owasp-board mailing list
Owasp-board at lists.owasp.org

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.19.11/1244 - Release Date: 25/01/2008

More information about the Owasp-board mailing list