Jason Li jason.li at owasp.org
Fri Aug 5 02:51:39 UTC 2011


I saw that Tom shared the OWASP Global Feedback and Inquiry form with the
committee chairs.

I'm concerned that we're trying to field these types of technical questions.

As volunteer committee members, we are not setup handle these types of
requests in a scalable way. Not only that, but we are doing a disservice to
folks asking questions by providing only one opinion/knowledge source. I
know that I for one am not informed about every single application security
development or issue and questions like these are much more suited to be
answered by the greater community.

There was some talk at the Summit about setting up a stackoverflow-like
system for people to ask questions of the OWASP community. Does someone want
to take up the initiative to put that together?


On Thu, Aug 4, 2011 at 12:03 PM, Paulo Coimbra <pcoimbra at owasp.org> wrote:

> GPC,
> I have received the inquiry below but I fear am lacking the technical
> knowledge to properly answer it. Have you the spare cycles to please provide
> me the needed guidance? If you wish to answer directly, Greg's email address
> is greg.duval at citec.com.au.
> "I am currently developing a Web Application Security Testing guideline for
> the Queensland State Government in Australia.  I intend to adopt the ASVS
> and align out data classification framework with it to provide a consistent
> approach across agencies (a task to which ASVS seems totally suited given
> the 4 levels of testing closely aligns to our multi-level classification).
>  My next phase is to create a Penetration Testing standard that can also be
> aligned to the data classification (the higher the classification the more
> rigor is applied to pen testing).  Do you know of any projects similar to
> ASVS that are geared towards Pen Testing (hardware etc not just apps)?  I've
> looked at OSSTMM; ISSAF; NIST etc but they don't have levels of testing that
> can be 'ramped up' as classification increases.
> Regards
> Greg Duval
> Enterprise Security Architect
> "
> Thanks,
> - Paulo
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110804/8be75745/attachment-0002.html>

More information about the Owasp-board mailing list