[Owasp-board] owasp email address

Eoin eoin.keary at owasp.org
Sat Oct 16 00:23:26 UTC 2010


board,
healthy discussion......need a little clarification here if you don't mind?

"What we need is to make sure that are clear guidelines on what is expected
and what are the rules of engagement. Then is just a case of dealing with
the few/rare abuse cases"- Dinis

are the guidelines to adhere to expected of a member? or of someone who has
an owasp email address?

So we want to be abused; being that, i take it we want to be worth abusing
is the way of looking at it.

Jeff you don't want any restriction on individuals having owasp email
addresses?
Dinis you agree?

so a mass spam email/phishing attack some time in the future is a good thing
or someone posing as an owasp member attempting to damage the foundation is
also good?

"Email addresses are a key definition of our community." - if this is the
case is this not worth protecting/controlling?


 -ek





On 15 October 2010 08:13, dinis cruz <dinis.cruz at owasp.org> wrote:

> Love it Jeff
>
> *"We have to stop thinking like security people and start thinking like
> leaders, stop protecting OWASP and start getting people to abuse it, stop
> saving and start spending, ..."*
>
> Spot on :)
>
> I agree that we have more to gain with people using and abusing OWASP. What
> we need is to make sure that are clear guidelines on what is expected and
> what are the rules of engagement. Then is just a case of dealing with the
> few/rare abuse cases
>
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
>
>
> On 15 October 2010 03:45, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>> I strongly believe that we should try to get as many people using @
>> owasp.org
>> emails as possible.
>>
>> Yes there may be abuses and we can deal with those when they happen.  But
>> there is a massive upside to having great people make great contributions
>> using an @owasp.org email address.  Email addresses are a key definition
>> of
>> our community.  Offhand I can't think of a more simple or powerful way for
>> someone to say "OWASP is great" than to use our domain as a part of their
>> identity.  Even if someone abuses the privilege, it STILL sends a great
>> message about us.  It says we are important enough to be a target.
>>
>> We have to stop thinking like security people and start thinking like
>> leaders, stop protecting OWASP and start getting people to abuse it, stop
>> saving and start spending, ...
>>
>> --Jeff
>>
>>
>> -----Original Message-----
>> From: owasp-board-bounces at lists.owasp.org
>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
>> OWASP
>> Sent: Thursday, October 14, 2010 10:33 PM
>> To: Dave Wichers
>> Cc: OWASP Foundation Board List; dan cornell
>> Subject: Re: [Owasp-board] owasp email address
>>
>> fyi
>>
>> 390 current @owasp.org emails (not counting alias's) many have never
>> logged
>> in - others have not logged in over 90 days, 83 accounts are active last 7
>> days.
>>
>>
>>
>>
>>
>> On Thu, Oct 14, 2010 at 7:43 PM, Dave Wichers <dave.wichers at owasp.org>
>> wrote:
>> > Certainly a vote is fine with me. Sounds like we have 2-3 different
>> > proposals on the table. Do you want to settle on one recommendation
>> > and vote on that or list each option and have us vote on which we
>> prefer?
>> >
>> >
>> >
>> > -Dave
>> >
>> >
>> >
>> > From: owasp-board-bounces at lists.owasp.org
>> > [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Eoin
>> > Sent: Thursday, October 14, 2010 12:15 PM
>> > To: Laurence Casey
>> > Cc: OWASP Foundation Board List; dan cornell
>> > Subject: Re: [Owasp-board] owasp email address
>> >
>> >
>> >
>> > indeed
>> >
>> > On 14 October 2010 16:16, Laurence Casey <larry.casey at owasp.org> wrote:
>> >
>> > Personally, I think email accounts should only be given to chapter and
>> > project leaders. It is more work to maintain 500+ user email accounts
>> > than verify that these people are the only ones to get accounts. Being
>> > able to have a OWASP email account would have no effect on if somebody
>> > contributes to our cause. Dealing with somebody who uses an OWASP
>> > email account for personal gain should also be considered.
>> >
>> >
>> >
>> > --Larry
>> >
>> >
>> >
>> >
>> >
>> > From: owasp-board-bounces at lists.owasp.org
>> > [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
>> > Sent: Thursday, October 14, 2010 4:13 AM
>> > To: OWASP Foundation Board List; dan cornell
>> >
>> > Subject: Re: [Owasp-board] owasp email address
>> >
>> >
>> >
>> > in my opinion owasp email addresses should be made available to owasp
>> > leaders (projects/chapters), not to members
>> >
>> >
>> >
>> > --Seba
>> >
>> > On Thu, Oct 14, 2010 at 9:36 AM, Eoin <eoin.keary at owasp.org> wrote:
>> >
>> > Can we put it to vote at least?
>> >
>> > On 14 Oct 2010 00:38, "Dave Wichers" <dave.wichers at owasp.org> wrote:
>> >
>> > I don't think we should do this as it creates unnecessary work for
>> > minimal benefit. And it discourages contributions/participation for
>> > anyone that is 'excluded' somehow.
>> >
>> >
>> >
>> > -Dave
>> >
>> >
>> >
>> > From: owasp-board-bounces at lists.owasp.org
>> > [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Eoin
>> > Sent: Wednesday, October 13, 2010 9:51 AM
>> > To: Kate Hartmann
>> > Cc: OWASP Foundation Board List; Dan Cornell; dan cornell
>> > Subject: Re: [Owasp-board] owasp email address
>> >
>> >
>> >
>> > Can we change this as email address infers some sort of
>> > membership/affiliation. Having no restr...
>> >
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >
>> >
>> >
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >
>> >
>> > --
>> > Eoin Keary
>> > OWASP Global Board Member
>> > OWASP Code Review Guide Lead Author
>> >
>> > Sent from my i-Transmogrifier
>> > http://asg.ie/
>> > https://twitter.com/EoinKeary
>> >
>> > _______________________________________________
>> > Owasp-board mailing list
>> > Owasp-board at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-board
>> >
>> >
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101016/7a423aee/attachment-0002.html>


More information about the Owasp-board mailing list