[Owasp-board] My input on our response to CH

johanna curiel curiel johanna.curiel at owasp.org
Fri Sep 4 15:45:09 UTC 2015


I'm just curious

How can OWASP avoid if he uses another email accounts/fake names addresses
to gain access?

I think access to the wiki has to be very strong supervised including a
background check of the person requesting access

Any ideas or procedures that are already in place?

regards

Johanna

On Fri, Sep 4, 2015 at 11:25 AM, Matt Tesauro <matt.tesauro at owasp.org>
wrote:

> And the screenshot...
>
> Rushing to get back to work doesn't actually buy you more time ; )
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
> On Fri, Sep 4, 2015 at 10:24 AM, Matt Tesauro <matt.tesauro at owasp.org>
> wrote:
>
>> > I'm assuming wiki editing has been revoked?
>>
>> Good point about the wiki - its actually designed to clean up
>> bad/malicious edits so the damage potential is far less but I went ahead
>> and blocked his user account.  See screenshot.
>>
>> For the curious, his wiki contributions are at:
>> https://www.owasp.org/index.php/Special:Contributions/Cmlh
>>
>> -- Cheers
>>
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>
>> On Fri, Sep 4, 2015 at 10:07 AM, Matt Konda <matt.konda at owasp.org> wrote:
>>
>>> Hi.
>>>
>>> Wow.  I was slow to respond to this whole series of events because I
>>> didn't have prior direct exposure to this individual.  Lucky me.
>>>
>>> First, I'm glad we (esp. Matt T.) have taken care of part of the problem
>>> through mechanics. Thanks all for dealing with that, especially Josh for
>>> invoking the bylaws to trigger the action.
>>>
>>> Second, is there further action required with regard to CH?  I'm
>>> assuming we keep our eyes out for disruptive behavior for a bit and just
>>> catch it and take action quickly.  I'm assuming wiki editing has been
>>> revoked?
>>>
>>> Third, are there other open issues (people) like this that we should
>>> deal with proactively?
>>>
>>> Fourth, what can we do to handle this prior to the face to face
>>> meeting?  As painful as it is over email, I would really rather focus on
>>> positive and constructive things we can be doing (like proposals for wiki
>>> overhaul and investments in projects) than re-hashing blow by blow the
>>> words of people we don't want to be part of the community.  Is there a
>>> legitimate legal risk here?
>>>
>>> Thanks,
>>> Matt
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150904/83b2c995/attachment.html>


More information about the Owasp-board mailing list