[Owasp-leaders] 2010 Elections

Mandeep Khera mkhera at owasp.org
Tue Dec 2 12:02:53 EST 2008


I have to agree with Fabio here. Giving certifications to Web sites is like
a putting a bulls eye on the site for hackers as we have seen with some
seals out there including McAfee and others. It requires a lot of work to
make sure that the Web sites are secure and even then it's not always
hundred percent. 
 
Mandeep Khera
Chief Marketing Officer
Cenzic, Inc.
 <blocked::http://www.cenzic.com/> www.cenzic.com | (866) 423-6942
455 El Camino Real, Ste. 100
Santa Clara, CA 95050
Phone: (408) 200-0712
Email:  mandeep at cenzic.com
Fax: (408) 200-0701

#1 in Enterprise Web Application Vulnerability Assessment and Risk
Management 
SC Magazine Best Buy
http://www.cenzic.com/downloads/pdf/SC_magazine_04-2008.pdf 
Gartner Video: Web App Security
https://www.cenzic.com/landing/GartnerVideo/ 




  _____  

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of
fabio.e.cerullo at aib.ie
Sent: Tuesday, December 02, 2008 1:53 AM
To: McGovern, James F (HTSC, IT)
Cc: OWASP-Leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] 2010 Elections



you are suggesting risky waters there... imagine if the website is defaced
and the OWASP badge is sitting at the bottom of their site? 

also, that would mean continuosly monitoring these websites as new
vulnerabilities are discovered. 

Mcafee already run into trouble thanks to their Hacker Safe certificate... 

http://attrition.org/errata/sec-co/mcafee07.html 

Fabio Cerullo
Information Security 
Bankcentre D1, 
Ballsbridge,
Dublin 4,
Ireland.

Tel: +353 1 642 6309
Email: fabio.e.cerullo at aib.ie




	"McGovern, James F (HTSC, IT)" <James.McGovern at thehartford.com> 
Sent by: owasp-leaders-bounces at lists.owasp.org 


01/12/2008 18:08 

        
        To:        <OWASP-Leaders at lists.owasp.org> 
        cc:         
        Subject:        [Owasp-leaders] 2010 Elections 





I had another half-baked idea for a 2009 project and wanted to get reactions
from others. Many folks are aware that Barack Obama raised a lot of money
for his Presidential campaign via his website. Likewise, his website was
under attack. What would we think if we as members of OWASP helped senators,
congressman, etc in a non-partisan way audit their websites at no charge and
do so in exchange for an OWASP badge at the bottom of their site. 
  
We all make fun of those websites that display badges indicating 128-bit SSL
but need to noodle whether the badging strategy could work for OWASP as a
way to spread brand in a controlled manner. Bringing a higher-level badging
strategy would be beneficial to the industry. Imagine a badge indicating
that they are OWASP Top Ten compliant where upon clicking it, we could
explain security to average users... 
************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
************************************************************
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


******************************************************

This document is strictly confidential and is intended for use by the
addressee unless otherwise indicated.



This email has been scanned by an external email security system.



Allied Irish Banks



AIB and AIB Group are registered business names of Allied Irish Banks p.l.c.
Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
Registered in Ireland: Registered No. 24173



Please consider the environment before printing this e-mail. 

******************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20081202/de78db75/attachment.html 


More information about the OWASP-Leaders mailing list