[Owasp-board] Fwd: [Governance] OWASP statement on security: your opinion? - until Monday 14:00 CST

Kate Hartmann kate.hartmann at owasp.org
Fri Jan 24 19:41:34 UTC 2014


The form did not allow comments, but here is one from Jeff Williams.

---------- Forwarded message ----------
From: Jeff Williams <jeff.williams at aspectsecurity.com>
Date: Fri, Jan 24, 2014 at 10:20 AM
Subject: RE: [Governance] OWASP statement on security: your opinion? -
until Monday 14:00 CST
To: Kate Hartmann <kate.hartmann at owasp.org>


 I think this statement should spend more time on the idea of “visibility”
and why it is OWASP’s mission.   There can be no SECURITY where there is no
VISIBILITY.  What RSA is accused of doing is an egregious example of an
action in DIRECT conflict with OWASP’s mission.  There are many many less
serious examples of the lack of visibility into security – but most of them
are the result of apathy or negligence.  Like when companies fail to tell
us how their security controls work.  But the intentional hiding of
critical security information is diametrically opposed to OWASP’s mission
and we should fight hard to prevent anyone else from attempting it.



--Jeff






Kate Hartmann
kate.hartmann at owasp.org
+1 301-275-9403
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140124/95fd816c/attachment.html>


More information about the Owasp-board mailing list