[Owasp-board] Fwd: [Governance] OWASP statement on security: your opinion? - until Monday 14:00 CST

Jim Manico jim.manico at owasp.org
Fri Jan 24 22:23:33 UTC 2014

+1 Jeff is spot on, we need to include this. Jeff, I'm glad you support out
foray into infosec politics.

Jim Manico
(808) 652-3805

On Jan 24, 2014, at 9:42 AM, Kate Hartmann <kate.hartmann at owasp.org> wrote:

The form did not allow comments, but here is one from Jeff Williams.

---------- Forwarded message ----------
From: Jeff Williams <jeff.williams at aspectsecurity.com>
Date: Fri, Jan 24, 2014 at 10:20 AM
Subject: RE: [Governance] OWASP statement on security: your opinion? -
until Monday 14:00 CST
To: Kate Hartmann <kate.hartmann at owasp.org>

 I think this statement should spend more time on the idea of “visibility”
and why it is OWASP’s mission.   There can be no SECURITY where there is no
VISIBILITY.  What RSA is accused of doing is an egregious example of an
action in DIRECT conflict with OWASP’s mission.  There are many many less
serious examples of the lack of visibility into security – but most of them
are the result of apathy or negligence.  Like when companies fail to tell
us how their security controls work.  But the intentional hiding of
critical security information is diametrically opposed to OWASP’s mission
and we should fight hard to prevent anyone else from attempting it.


Kate Hartmann
kate.hartmann at owasp.org
+1 301-275-9403

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140124/dc1b5bc8/attachment.html>

More information about the Owasp-board mailing list