[Owasp-leaders] R: Re: OWASP testing and disclosure levels

Jeff Williams jeff.williams at owasp.org
Tue Dec 22 12:14:20 EST 2009


Again, the point is to let organizations communicate their security testing
and disclosure preferences easily.  Some companies will choose to be open
and gain the benefit of engaging the security community.  Others will remain
closed and continue to ask the world to blindly trust them.  All the
questions you ask should be answered by the standard that these badges
represent.

 

--Jeff

 

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of daniel cuthbert
Sent: Tuesday, December 22, 2009 10:53 AM
To: loredana.mancini at business-e.it; owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] R: Re: OWASP testing and disclosure levels

 

Badges, we don't need no stinking badges
(http://www.youtube.com/watch?v=-lj056ao6GE)

 

I love the idea but think there would need to be some serious consideration
when it comes to any business in the UK allowing this. Not forgetting that
amazing bit of legislation that specifies "it is illegal to make a computer
perform a function....." would render most testing attempts illegal. 

How would a researcher go about testing the site? Would they first have to
make contact with the site owners and state their intention or would it be
automatically assumed they have permission, if the badge was shown somewhere
on the site? 

 

 

 

2009/12/22 <loredana.mancini at business-e.it>

Hi,

I am really interested in this project/idea, because my feeling is that it
is something needed, but when speking with industries about these topics
lots af doubts arise and it is not easy for them to accept this vision.

Very often technical/expert people have to struggle with management, legal,
administrative/ecc. to show the value of these activities and behaviour
models.

Microsoft as well,  started from far away to reach this point.....

So I would like to be involved in this project, please let me know, bye
Loredana
Sent from my BlackBerryR wireless device


-----Original Message-----
From: "Jeff Williams" <jeff.williams at owasp.org>
Date: Mon, 21 Dec 2009 21:08:53
To: <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] OWASP testing and disclosure levels

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091222/e33c9b8c/attachment.html 


More information about the OWASP-Leaders mailing list