[Owasp-board] My input on our response to CH
johanna curiel curiel
johanna.curiel at owasp.org
Fri Sep 4 15:45:09 UTC 2015
I'm just curious
How can OWASP avoid if he uses another email accounts/fake names addresses
to gain access?
I think access to the wiki has to be very strong supervised including a
background check of the person requesting access
Any ideas or procedures that are already in place?
On Fri, Sep 4, 2015 at 11:25 AM, Matt Tesauro <matt.tesauro at owasp.org>
> And the screenshot...
> Rushing to get back to work doesn't actually buy you more time ; )
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> On Fri, Sep 4, 2015 at 10:24 AM, Matt Tesauro <matt.tesauro at owasp.org>
>> > I'm assuming wiki editing has been revoked?
>> Good point about the wiki - its actually designed to clean up
>> bad/malicious edits so the damage potential is far less but I went ahead
>> and blocked his user account. See screenshot.
>> For the curious, his wiki contributions are at:
>> -- Cheers
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> On Fri, Sep 4, 2015 at 10:07 AM, Matt Konda <matt.konda at owasp.org> wrote:
>>> Wow. I was slow to respond to this whole series of events because I
>>> didn't have prior direct exposure to this individual. Lucky me.
>>> First, I'm glad we (esp. Matt T.) have taken care of part of the problem
>>> through mechanics. Thanks all for dealing with that, especially Josh for
>>> invoking the bylaws to trigger the action.
>>> Second, is there further action required with regard to CH? I'm
>>> assuming we keep our eyes out for disruptive behavior for a bit and just
>>> catch it and take action quickly. I'm assuming wiki editing has been
>>> Third, are there other open issues (people) like this that we should
>>> deal with proactively?
>>> Fourth, what can we do to handle this prior to the face to face
>>> meeting? As painful as it is over email, I would really rather focus on
>>> positive and constructive things we can be doing (like proposals for wiki
>>> overhaul and investments in projects) than re-hashing blow by blow the
>>> words of people we don't want to be part of the community. Is there a
>>> legitimate legal risk here?
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board