[Owasp-board] owasp email address

Jeff Williams jeff.williams at owasp.org
Sun Oct 17 02:00:51 UTC 2010


I think we should make them available to anyone who wants one - even promote
them.  We can ask them to:

 

.        Agree to follow our code of ethics

.        Use the email address to help OWASP achieve our mission

.        Do no evil

 

That sort of thing.

 

--Jeff

 

From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of Eoin
Sent: Friday, October 15, 2010 8:23 PM
To: dinis cruz
Cc: Jeff Williams; OWASP Foundation Board List; dan cornell
Subject: Re: [Owasp-board] owasp email address

 

board,

healthy discussion......need a little clarification here if you don't mind?

 

"What we need is to make sure that are clear guidelines on what is expected
and what are the rules of engagement. Then is just a case of dealing with
the few/rare abuse cases"- Dinis

 

are the guidelines to adhere to expected of a member? or of someone who has
an owasp email address?

 

So we want to be abused; being that, i take it we want to be worth abusing
is the way of looking at it.

 

Jeff you don't want any restriction on individuals having owasp email
addresses?

Dinis you agree?

 

so a mass spam email/phishing attack some time in the future is a good thing
or someone posing as an owasp member attempting to damage the foundation is
also good?

 

"Email addresses are a key definition of our community." - if this is the
case is this not worth protecting/controlling?

 

 

 -ek

 

 

 

 

On 15 October 2010 08:13, dinis cruz <dinis.cruz at owasp.org> wrote:

Love it Jeff 


"We have to stop thinking like security people and start thinking like
leaders, stop protecting OWASP and start getting people to abuse it, stop
saving and start spending, ..."

Spot on :)

I agree that we have more to gain with people using and abusing OWASP. What
we need is to make sure that are clear guidelines on what is expected and
what are the rules of engagement. Then is just a case of dealing with the
few/rare abuse cases

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2





On 15 October 2010 03:45, Jeff Williams <jeff.williams at owasp.org> wrote:

I strongly believe that we should try to get as many people using @owasp.org
emails as possible.

Yes there may be abuses and we can deal with those when they happen.  But
there is a massive upside to having great people make great contributions
using an @owasp.org email address.  Email addresses are a key definition of
our community.  Offhand I can't think of a more simple or powerful way for
someone to say "OWASP is great" than to use our domain as a part of their
identity.  Even if someone abuses the privilege, it STILL sends a great
message about us.  It says we are important enough to be a target.

We have to stop thinking like security people and start thinking like
leaders, stop protecting OWASP and start getting people to abuse it, stop
saving and start spending, ...

--Jeff



-----Original Message-----
From: owasp-board-bounces at lists.owasp.org

[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
OWASP
Sent: Thursday, October 14, 2010 10:33 PM
To: Dave Wichers
Cc: OWASP Foundation Board List; dan cornell
Subject: Re: [Owasp-board] owasp email address

fyi

390 current @owasp.org emails (not counting alias's) many have never logged
in - others have not logged in over 90 days, 83 accounts are active last 7
days.





On Thu, Oct 14, 2010 at 7:43 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:
> Certainly a vote is fine with me. Sounds like we have 2-3 different
> proposals on the table. Do you want to settle on one recommendation
> and vote on that or list each option and have us vote on which we prefer?
>
>
>
> -Dave
>
>
>
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Thursday, October 14, 2010 12:15 PM
> To: Laurence Casey
> Cc: OWASP Foundation Board List; dan cornell
> Subject: Re: [Owasp-board] owasp email address
>
>
>
> indeed
>
> On 14 October 2010 16:16, Laurence Casey <larry.casey at owasp.org> wrote:
>
> Personally, I think email accounts should only be given to chapter and
> project leaders. It is more work to maintain 500+ user email accounts
> than verify that these people are the only ones to get accounts. Being
> able to have a OWASP email account would have no effect on if somebody
> contributes to our cause. Dealing with somebody who uses an OWASP
> email account for personal gain should also be considered.
>
>
>
> --Larry
>
>
>
>
>
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
> Sent: Thursday, October 14, 2010 4:13 AM
> To: OWASP Foundation Board List; dan cornell
>
> Subject: Re: [Owasp-board] owasp email address
>
>
>
> in my opinion owasp email addresses should be made available to owasp
> leaders (projects/chapters), not to members
>
>
>
> --Seba
>
> On Thu, Oct 14, 2010 at 9:36 AM, Eoin <eoin.keary at owasp.org> wrote:
>
> Can we put it to vote at least?
>
> On 14 Oct 2010 00:38, "Dave Wichers" <dave.wichers at owasp.org> wrote:
>
> I don't think we should do this as it creates unnecessary work for
> minimal benefit. And it discourages contributions/participation for
> anyone that is 'excluded' somehow.
>
>
>
> -Dave
>
>
>
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Wednesday, October 13, 2010 9:51 AM
> To: Kate Hartmann
> Cc: OWASP Foundation Board List; Dan Cornell; dan cornell
> Subject: Re: [Owasp-board] owasp email address
>
>
>
> Can we change this as email address infers some sort of
> membership/affiliation. Having no restr...
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
>
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board




-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101016/0953cce9/attachment-0002.html>


More information about the Owasp-board mailing list