[Owasp-board] Outreach stuff

Jeff Williams jeff.williams at owasp.org
Wed Jun 4 19:27:00 UTC 2008

Hi Mark,


Thanks for all the great work.  We don't have much guidance on working with
the press, but it's a damn good idea.  If you think of some general
principles/rules/guidelines, how about sketching them out in a wiki page.
I'm sure all the project leaders and chapter leaders could use the advice.
It might even spur them to reach out more if the rules weren't unclear.


As far as Microsoft is concerned, you're right it's a bit dangerous.  Here's
the approach I'd like to use with both them, Adobe, Sun, IBM, etc.  They can
contribute content if they like, but they should clearly disclose the source
and recognize that anything they post is subject to be completely changed.
We will remove any unsubstantiated statements and product promotion.
Ultimately, I want OWASP to provide clear, easy to use guidance on how to
use different technologies securely. 


But there's a huge upside for Microsoft to be involved with OWASP.
Especially with a strong advocate like Curphey on the inside there.  I
wouldn't worry about them overwhelming us - they're more likely to not do
much of anything.  But perhaps they'll donate some of their security
guidance share data.  Great.




Jeff Williams, Chair

 <http://www.owasp.org/> The OWASP Foundation

work: 410-707-1487

main: 301-604-4882


 <https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference> OWASP
AppSec NYC 2008 is coming...  are you ready?


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Wednesday, June 04, 2008 11:26 AM
To: Mark Roxberry
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Outreach stuff


Hey Guys


Any guidance available for Mark on the questions asked below?




On Wed, Jun 4, 2008 at 4:19 PM, Mark Roxberry <mark.roxberry at owasp.org>

Hey Dinis,

Hope everything is going well for you.  I wanted to touch base with re:
working with magazine's and publications.  Does OWASP have guidance for

I've gotten ISSA Journal and ISC2 Blog responding with interest to a few
abstracts about projects and ideas that I sent and MSDN and Code magazines
sending me their article submission and content schedules.  So I've found
out that there's interest, not sure what your experience is with this type
of thing.  Any thoughts?  What is our policy?  Have you any wise words in
this area?  Advice is welcome.

Also,  I've gotten word that Microsoft has asked its Security MVPs (and
possibly internal folks) to work with OWASP .NET - not quite sure what that
means as I don't have first hand knowledge.  Bryan Sullivan (I'm told) is
supposed to touch base with me or someone from OWASP regarding their
interaction with the project.  Not sure if its in our best interest to be
overrun by the mothership of .NET.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080604/a194ead8/attachment-0002.html>

More information about the Owasp-board mailing list