[Owasp-board] URGENT - Fwd: [WebSand] Letter of Interest from OWASP

Jeff Williams jeff.williams at owasp.org
Mon Oct 19 22:47:41 UTC 2009


Seba,

 

Can you explain this more?  Why all the cloak-and-dagger?  Is this an OWASP
Project?  Or do they just want our logo?  Will it be open source and
consistent with our other principles?

 

I think exploring sandbox technology is a good idea and something OWASP can
get behind, but I have to point out that every time people implement a
fine-grained access control mechanism (CMW, Java sandbox, .NET sandbox, lots
of others) - the problem is managing complexity, not the security mechanism.

 

--Jeff

 

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
Sent: Monday, October 19, 2009 1:19 AM
To: OWASP Foundation Board List
Subject: [Owasp-board] URGENT - Fwd: [WebSand] Letter of Interest from OWASP

 

Gents,

 

We are supporting this research from different chapters. I will also synch
this with GEC and GIC.

Can I create a letter that supports the research from OWASP Foundation
Board?

 

 

regards

 

Seba

---------- Forwarded message ----------
From: Lieven Desmet <Lieven.Desmet at cs.kuleuven.be>
Date: Sun, Oct 18, 2009 at 11:01 PM
Subject: [WebSand] Letter of Interest from OWASP
To: Seba <seba at owasp.org>, Sebastien Deleersnyder <seba at deleersnyder.eu>


Seba,

As I informed you on Friday, the WebSand consortium (consisting of the
Katholieke Universiteit Leuven, Chalmers University, the University of
Passau, Siemens AG and SAP) is currently submitting a research proposal
to improve web application security by adopting a server-driven
sandboxing approach. More information about the project is included in
attachment.

Each of the participating countries has already ongoing collaborations
with the local OWASP chapters: KUL with OWASP Belgium, Chalmers with
OWASP Sweden and Passau and Siemens with OWASP Germany.

I would like to ask the support of OWASP as well as of the Belgium OWASP
chapter by means of a letter of interest. (The other partners will do
the same for OWASP Sweden and OWASP Germany.) In this letter, OWASP
could express their interest in the projects results, and explains
possible dissemination cooperation. For inspiration, I already included
a possible template.

Because of a tight submission schedule, I would need your letters on
Wednesday the latest to ensure a timely submission. I'm very sorry for
this late rush.

Kind regards,

Lieven
--
Lieven Desmet
Research Manager Secure Software
DistriNet, Katholieke Universiteit Leuven

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091019/650217fc/attachment-0002.html>


More information about the Owasp-board mailing list