[Owasp-board] Application Security Operations Practices

Paulo Coimbra paulo.coimbra at owasp.org
Thu May 6 21:08:47 UTC 2010


Leonel,

 

I also thank your prompt and clear response. Our organization appreciates
your interest and Softtek’s support. You have made all sense and we will get
back to you soon.

 

Best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Leonel Navarro [mailto:leonel.navarro at softtek.com] 
Sent: quinta-feira, 6 de Maio de 2010 19:08
To: paulo.coimbra at owasp.org
Cc: 'dinis cruz'
Subject: RE: Application Security Operations Practices

 

Paulo

 

Thanks for getting back to us. I would like to get more details about how a
company can collaborate and influence in the projects selection that OWASP
orchestrates as a response to what we’re seeing our customers and prospects
needs. I understand there should be some requisites or requirements that the
company sponsor should meet and some benefits.

 

We have several projects going on for our internal Software Security Program
and some others for our customers’ SSP so I think it would be a good idea to
understand in which area OWASP would require some collaboration and we can
generate synergy to make that happen. 

 

Having said that it would be great to get access to a quick executive
summary of OWASP projects, project’s sponsorship requisites, project’s
sponsorship benefits, so that we can move forward.

 

Does it make sense?

 

Thanks

LeoN

 

Leonel Navarro Segura, PMP
InfoSec Business Leader
Softtek NSS – Aguascalientes
DC *743 7628
T (+52) 449 910.7628
M (+52) 449 448.7407
E  <mailto:leonel.navarro at softtek.com> leonel.navarro at softtek.com
    <file:///\\www.softtek.com> www.softtek.com 

IMPORTANTE: Los documentos y archivos que se acompañan a esta transmisión,
contienen información confidencial la cual es legalmente secreta. Esta
información puede ser usada únicamente por el destinatario cuyo nombre
aparece inserto en esta transmisión. Si usted ha recibido esta transmisión
por error, notifíquenos inmediatamente por esta misma vía, y borre el
archivo y sus anexos. Se hace de su conocimiento por medio de esta nota, que
cualquier divulgación, copia, distribución o toma de cualquier acción
derivada de la información confiada en esta transmisión, queda estrictamente
prohibido, el incumplimiento de esto genera responsabilidad legal.

IMPORTANT: The documents and files attached to this transmission contain
confidential information that must be kept secret by law. This information
is for the exclusive use of the specified recipient whose name appears in
this transmission. If you have received this message by mistake, please
notify us immediately by return e-mail and delete the file and its
attachments. You are hereby notified that any dissemination, copying,
distribution or adoption of any action arising from the confidential
information contained herein is strictly prohibited. Any violation will be
penalized by law.

 

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Jueves, 06 de Mayo de 2010 12:17 p.m.
To: 'Leonel Navarro'
Cc: 'dinis cruz'
Subject: RE: Application Security Operations Practices

 

Hello Leonel,

 

I am writing you to inform that OWASP Board, in its next meeting to be held
in May, 11th, will discuss further to clarify our current model of project’s
sponsorship. Having this into account, would you like to point out any
specific interest in terms of sponsor benefits? Are your company looking
forward to any particular project development/feature?   

 

Please let me know your thoughts. I thank you in advance.

 

Best regards,

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: quinta-feira, 29 de Abril de 2010 16:09
To: 'Leonel Navarro'
Cc: 'dinis cruz'
Subject: RE: Application Security Operations Practices

 

Hello Leonel,

 

First things first and so I begin by apologizing for my delayed answer. Your
email has caught out of office using a short period of holidays and after
that I got swamped with countless small but urgent tasks. In addition, I
haven’t answered you back earlier because, regarding projects’ sponsorship,
our policy is weakly institutionalized and usually results from a casuistic
agreement between the sponsor and the project leader and being so I needed
the time that I hadn’t to cross consult these parts.

 

Thus, assuming you are still interested, I will consult both project leaders
to inform that they have a company interested in sponsoring their projects
and to ask what they think that could be a fair deal in terms of funds and
benefits. I will also copy carbon our Board to make sure the eventual
proposal deserves its approval.

 

As for your individual contribution I suggest you subscribe both projects
mailing lists. In addition, I will also inform the project leaders that you
are interested in becoming a contributor.

 

That’s all for now - I will get back to you soon with more information and
details.

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

From: Leonel Navarro [mailto:leonel.navarro at softtek.com] 
Sent: quarta-feira, 7 de Abril de 2010 23:24
To: paulo.coimbra at owasp.org
Subject: RE: Application Security Operations Practices

 

Paulo

 

How can I contribute with any of both projects individually? Or where can I
get information on how Softtek can become sponsors of any of those projects?

 

Thanks

LeoN

 

Leonel Navarro Segura, PMP
InfoSec Business Leader
Softtek NSS – Aguascalientes
DC *743 7628
T (+52) 449 910.7628
M (+52) 449 448.7407
E  <mailto:leonel.navarro at softtek.com> leonel.navarro at softtek.com
    <file:///\\www.softtek.com> www.softtek.com 

IMPORTANTE: Los documentos y archivos que se acompañan a esta transmisión,
contienen información confidencial la cual es legalmente secreta. Esta
información puede ser usada únicamente por el destinatario cuyo nombre
aparece inserto en esta transmisión. Si usted ha recibido esta transmisión
por error, notifíquenos inmediatamente por esta misma vía, y borre el
archivo y sus anexos. Se hace de su conocimiento por medio de esta nota, que
cualquier divulgación, copia, distribución o toma de cualquier acción
derivada de la información confiada en esta transmisión, queda estrictamente
prohibido, el incumplimiento de esto genera responsabilidad legal.

IMPORTANT: The documents and files attached to this transmission contain
confidential information that must be kept secret by law. This information
is for the exclusive use of the specified recipient whose name appears in
this transmission. If you have received this message by mistake, please
notify us immediately by return e-mail and delete the file and its
attachments. You are hereby notified that any dissemination, copying,
distribution or adoption of any action arising from the confidential
information contained herein is strictly prohibited. Any violation will be
penalized by law.

 

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Lunes, 15 de Marzo de 2010 11:16 a.m.
To: leonel.navarro at softtek.com
Subject: RE: Application Security Operations Practices

 

Hello Leonel,

 

I thank your contact and your interest in OWASP Projects.

 

As for your question, to be honest, I am not absolutely sure about what you
are precisely looking for. I am wondering if you are looking to gauge
process/maturity, and in that case SAMM may be what you need, or if you are
more seeking something like OWASP Backend Security Project. 

 

http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model 

http://www.owasp.org/index.php/Category:OWASP_Backend_Security_Project

 

Nevertheless, if neither of the above pointed out projects solves your
needs, please drop me a line and give me more details about what you are
looking for. 

 

Many thanks, best regards,

 

Paulo Coimbra,

OWASP <https://www.owasp.org/index.php/Main_Page>  Project Manager

 

 

 

 

From: Leonel Navarro [mailto:leonel.navarro at softtek.com] 
Sent: Thursday, March 11, 2010 6:12 PM
To: kate.hartmann at owasp.org
Cc: 'Leonel Navarro'
Subject: Application Security Operations Practices

 

Kate,

Let me introduce myself, I’m Leonel Navarro, I’m acting Security Business
Leader for Softtek. I’m mainly responsible for the Operations  of the
Application Security Services we deliver to our customers, in addition, I’m
in charge of the Softtek Internal Application Security Program and I also
orchestrate the efforts from our Marketing, Sales, and Product Management
department.

I approach to you to ask for your help, I would like to know if within OWASP
there is a project focused on sharing Operations practices around
Application Security.  If so, can you please point me to the right person to
get more information around it?

I was able to pull your contact information from OWASP community. 

Thanks in advance.

LeoN

Leonel Navarro Segura, PMP
InfoSec Business Leader
Softtek NSS – Aguascalientes
DC *743 7628
T (+52) 449 910.7628
M (+52) 449 448.7407
E  <mailto:leonel.navarro at softtek.com> leonel.navarro at softtek.com
    <file:///\\www.softtek.com> www.softtek.com 

IMPORTANTE: Los documentos y archivos que se acompañan a esta transmisión,
contienen información confidencial la cual es legalmente secreta. Esta
información puede ser usada únicamente por el destinatario cuyo nombre
aparece inserto en esta transmisión. Si usted ha recibido esta transmisión
por error, notifíquenos inmediatamente por esta misma vía, y borre el
archivo y sus anexos. Se hace de su conocimiento por medio de esta nota, que
cualquier divulgación, copia, distribución o toma de cualquier acción
derivada de la información confiada en esta transmisión, queda estrictamente
prohibido, el incumplimiento de esto genera responsabilidad legal.

IMPORTANT: The documents and files attached to this transmission contain
confidential information that must be kept secret by law. This information
is for the exclusive use of the specified recipient whose name appears in
this transmission. If you have received this message by mistake, please
notify us immediately by return e-mail and delete the file and its
attachments. You are hereby notified that any dissemination, copying,
distribution or adoption of any action arising from the confidential
information contained herein is strictly prohibited. Any violation will be
penalized by law.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100506/3d0bea9b/attachment-0002.html>


More information about the Owasp-board mailing list