[Owasp-board] FW: Chat with yiannis at owasp.org

dinis cruz dinis.cruz at owasp.org
Thu Sep 17 16:24:03 UTC 2009


GPC and Board, what do you think of Yiannis chat below (and his post to the
owasp-leaders list)?
Btw, I googled for "OWASP Sucks" and couldn't see what Yiannis is talking
about:

   -
   http://www.google.com/search?hl=en&client=safari&rls=en&q=OWASP+sucks&aq=f&oq=&aqi=
   -
   http://www.google.com/search?hl=en&client=safari&rls=en&q=%22OWASP+sucks%22&aq=f&oq=&aqi=

Dinis


2009/9/17 Paulo Coimbra <paulo.coimbra at owasp.org>

>  Committee,
>
>
>
> For your information I am sending off the Google Chat I had with Yannis
> before he sent to the leaders mailing list the email with the subject “Would
> the real OWASP please stand up!”
>
>
>
> Thanks,
>
>
>
> Paulo
>
>
>
>
>
> *From:* paulo coimbra [mailto:pcoimbra at owasp.org]
> *Sent:* quinta-feira, 17 de Setembro de 2009 17:09
> *To:* Paulo Coimbra
> *Subject:* Fwd: Chat with yiannis at owasp.org
>
>
>
>
>
> ---------- Forwarded message ----------
> From: *yiannis at owasp.org* <yiannis at owasp.org>
> Date: Thu, Sep 17, 2009 at 3:28 PM
> Subject: Chat with yiannis at owasp.org
> To: pcoimbra at owasp.org
>
>  2:59 PM *yiannis*: Paulo, paulo, so many forms to fill in...
>
>   will start today!
>
> 3:00 PM *me*: just let me know once you have finished
>    ------------------------------
>
> 14 minutes
>
> 3:14 PM *yiannis*: Paulo, all this BS, please tell me where do I fill in
> the information for the pamphlet?
>
> 3:16 PM *me*: please create a PDF with the content and send it off
>
>   for more information please see here:
> http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/
>
>  *yiannis*: ok, so just attach it to the email reply?
>
>  *me*: yes, please. I will upload it.
>
> 3:17 PM however, if you want, you can do it yourself
>
>  *yiannis*: ok, ok, I won't shoot the messenger, but who came up with this
> shit?
>
>   :)
>
>  *me*: what shit are you talking about?
>
>  *yiannis*: Pamphlets, presentation slides,
>
>   roadmaps
>
> 3:18 PM *me*: you think these thinks are shit?!
>
>  *yiannis*: I think I will make a presentation next blackhat: "why owasp
> is failing to address real security problems"
>
>   Yes, we need people doing security
>
>   and instead now I understand that they are spending their time on fluffy
> issues
>
> 3:19 PM *me*: well, when the GPC opened the discussion to improve the
> assessment criteria you said nothing against it....
>
>  *yiannis*: Not improve it, demolish it
>
>   You have guys discovering vulnerabilites, hacking away
>
>   and you ask them to make pdf files?
>
>   ha ha ha
>
>   (not you, obviously)
>
>   but somewhere OWASP took a wrong turn or two
>
> 3:20 PM *me*: the pdf was only meant to be a easy way to publicise
> projects
>
>   they were also meant to be a tool for the Education Project
>
>  *yiannis*: anyway, made the user account, pamphlet reply to email with
> pamphlet material and presso
>
> 3:21 PM *me*: ok
>
>  *yiannis*: still, please liase back my opinion of why I think OWASP is
> loosing out on true hackers
>
>   making web applications better
>
> 3:22 PM *me*: "liase"?
>
> 3:23 PM are you asking to me to report your opinions to the GPC?
>
> 3:24 PM *yiannis*: No, just tell Dinis, he used to be on the side of
> getting things done once upon a time
>
>   Pamphlets...
>
> 3:26 PM *me*: I can do that. May I ask why can't you contact him directly?
>
>  *yiannis*: Oh, ok.. You upset?
>
>  *me*: I am not
>
> 3:27 PM nevertheless to be honest I don't fully understand your criticism
>
> 3:28 PM for one thing, the discussion to set up the assessment criteria
> was totally open and we haven't received any feedback from you....
>
> 3:29 PM for another, the current assessment criteria doesn't seem that
> heavy to me
>
>  *yiannis*: what about over lunch: "keep it simple, do not ask for more
> than you did in version 1"
>
>  *me*: sorry?
>
>  *yiannis*: Google "OWASP sucks" as well
>
> 3:30 PM this is why true people doing security are laughing at us
>
>   You have a security need which is not only been ignored, but also...
>
>   we create a big hype about little things
>
> 3:31 PM *me*: you think so? I suggest then, if I may, you address our
> leaders mailing list to trigger the discussion....
>
>  *yiannis*: do you apache, or let's forget technology, the FSA, having
> Pamphlets about
>
>   any of their FSA regulated companies
>
>  *me*: you know, I can discuss with you whatever you want....
>
>  *yiannis*: they release a rating, that's all
>
> 3:32 PM *me*: but at the end of the day what really counts is the opinion
> of the OWASP leaders.....
>
>  *yiannis*: you are right, we should fuse this conversation, apologies for
> being so upfront
>
> 3:34 PM *me*: you have nothing to apologise for. nevertheless, as you have
> raised what seemed to me a couple of good points, I must recommend you use
> the leaders mailing list to discuss them....
>
>
>
>
> --
> Paulo Coimbra,
> OWASP Project Manager
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20090917/c3087336/attachment-0002.html>


More information about the Owasp-board mailing list