[Owasp-board] FW: [Owasp-leaders] Summit Regonline

Kate Hartmann kate.hartmann at owasp.org
Wed Jan 12 19:32:18 UTC 2011


I spoke with our account rep at reg online today.  She said the sql problem fix will be implemented tonight.

 

I explained that we have some other issues and have requested that we have a contact on the Development team assigned to us so we can address these serious issues quickly.

 

They WANT to know about any issues we’re finding.  What can I do, in your opinion, to restore community trust in this program.

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of James McGovern
Sent: Wednesday, January 12, 2011 2:07 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Summit Regonline

 

Couldn’t resist chiming in.

 

1.       The risk to the consumer is $0 as credit card companies will reimburse. With that being said, there is an unstated cost to aggravating consumers when this happens. Need a metric around this.

2.       If regonline suffers from SQLI vulnerability, maybe the issue isn’t in OWASP negotiation but in the fact that PCI-DSS needs to have a way for when this is uncovered that their QSA could learn of it? With that being said, when we negotiated with them, did we use our own contract annex?

3.       The biggest risk here is one of brand risk. Imagine if it got out that OWASP uses a site for credit card collection that doesn’t even comply to the top ten…

 

James McGovern
http://twitter.com/mcgoverntheory


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.
 
---------------------------------------------------------------------------------------------
 
This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
 
---------------------------------------------------------------------------------------------

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110112/425777d6/attachment-0002.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Untitled attachment 01716.txt
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110112/425777d6/attachment-0002.txt>


More information about the Owasp-board mailing list