[Owasp-board] [Owasp-leaders] Fwd: Thank you for your membership!

Kate Hartmann kate.hartmann at owasp.org
Wed Jan 12 15:47:03 UTC 2011

Jessica, today is Wednesday and I had to call tech support to get an update
on my "critical" request.  (your site says within 8 hours).  The tech
support representative could not tell me anything other than, "it is with
the development team."


This particular problem is a serious flaw.  As an organization of
professionals who have devoted their careers to web application security,
this type of issue is a "showstopper."  


Additionally, since we have launched the Reg online system 1/1/11, there
have been other issues arising with the security of the system.


When I call tech support and press #2, I really feel there is no urgency.
They seem to be available to assist with problems like - "how do I enter a
discount code?" but not serious system vulnerabilities.


So, who in your organization can we contact to work on these bigger system
flaws.  This is, after all, what we do and considering we are in at least a
2 year contract with you, I need to know that these issues are being
appropriately addressed.  If not, I will lose the confidence of our
membership and won't be able to use the system.


Kate Hartmann

Operations Director


 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1


From: Jessica Leberer [mailto:Jessica.Leberer at activenetwork.com] 
Sent: Monday, January 10, 2011 12:47 PM
To: Kate Hartmann; Dalton Davis
Subject: RE: [Owasp-leaders] Fwd: Thank you for your membership!


Good morning Kate!


Thank you much for letting me know about this. I see that it's with support
and its already be run up to development J


Of course, let me know if you find anything else!


Jess Leberer, Sr. Account Manager


Active Network


Tel 303.577.5126


From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
Sent: Saturday, January 08, 2011 11:36 AM
To: Jessica Leberer; Dalton Davis
Subject: FW: [Owasp-leaders] Fwd: Thank you for your membership!


Well, I told you they would break the "unhackable system" somehow J  We are
a community of application security professionals.  Please see the email
below from one of our 7 Global Board Members who is located in Belgium.


Kate Hartmann

Operations Director


www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1


From: sebastien.deleersnyder at gmail.com
[mailto:sebastien.deleersnyder at gmail.com] On Behalf Of Seba
Sent: Saturday, January 08, 2011 4:19 AM
To: Kate Hartmann
Cc: OWASP Foundation Board List
Subject: Fwd: [Owasp-leaders] Fwd: Thank you for your membership!




I try SQLi on one field and see all the OWASP badges!

Who is your contact at RegOnline?

They need to fix and assure us on the secure development of the code!



---------- Forwarded message ----------
From: seba <seba at owasp.org>
Date: Sat, Jan 8, 2011 at 10:15 AM
Subject: Re: [Owasp-leaders] Fwd: Thank you for your membership!
To: owasp-leaders at lists.owasp.org, Kate Hartmann <kate.hartmann at owasp.org>

I could not resist :-)

Maybe we should warn RegOnline about the SQLi:



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110112/4e6a20bf/attachment-0002.html>

More information about the Owasp-board mailing list