[Owasp-leaders] OWASP Mailing Lists

dinis cruz dinis.cruz at owasp.org
Thu Mar 5 18:08:19 EST 2009


Hey guys, there is no problem with OWASP forums, in fact we have implemented
'official' OWASP forums in the past (I believe it was at
http://forums.owasp.org/) and the problem was that NOBODY used it  :)
Remember that with OWASP there is NOTHING stopping any of you from trying
new stuff for your project or chapter (of course that it should be
compatible with our Code of
Ethics<http://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project>
,
and if it does, just about anything can be done)

What is great about OWASP, is that because we are open and most people don't
have time to deal with 'non working' stuff, what tends to happen (and be
given attention) are things that ACTUALLY work (like the
WIKI<http://www.owasp.org> ,
Mailing Lists <https://lists.owasp.org/mailman/listinfo/> , local
chapters<http://www.owasp.org/index.php/Category:OWASP_Chapter> ,
Seasons of Code<http://www.owasp.org/index.php/Category:OWASP_Season_of_Code> ,
OWASP Project Assessment
Criteria<http://www.owasp.org/index.php/Category:OWASP_Project_Assessment>
,
OWASP Committees <https://www.owasp.org/index.php/Global_Committee_Pages> ,
etc..).

So for the ones that are proposing Forums, GO FOR IT , show us how they work
for your project or chapter. Make them SO powerful that the mailing lists
become redundant :)

Finally, and Tim sorry to pick on you, but (my personal opinion) is that
comments like these are out of line (i.e. not acceptable) in the
owasp-leaders list (especially in the context they were written):

"...Obviously, and I am not being caustic, you don't manage a large, modern,
commercial forum..."
"...Email discussion lists are antique relics of the IT of yesterday...."
"... Email is so "last century" LOL....

One of the (good) lessons that I learned from being involved with the OWASP
Seasons of Code and the OWASP Summit, is the high level of professionalism
and 'people quality' (values, ethics, good humor, etc...) that we have in
our community. After thinking about it (as in "WHY is that"?), I realized
that due to our open culture and the fact that only the people who actually
DO something get airtime and visibility, we have a very healthy
self-selection process of active owasp-leaders.

So, the next time you think about sending a negative or
very-opinionated  comment, remember that we are all very experienced
professionals who tend to be quite good at what they do and have a wealth of
experience in lots of different areas. Also remember that due to our
multi-cultural reach what is 'funny' in one side of the world is 'not funny
at all' in the other. It's all about common-sense and being sensitive to
other's opinions, values and knowledge.

Bottom line, let's keep these discussions ALWAYS on productive mind-sets,
and when possible don't just criticize, but offer solutions.

So in this case, don't say 'Mailing lists suck' , but say 'Hey I've set-up a
forum (at Yahoo groups because I'm old-school) and I'm going to show there
how it can work'

Remember that OWASP IT should be focusing on scalability, reliability and
 resilience (look at how Paulo Coimbra was so worried about the fact that
his  ...VERY IMPORTANT EMAIL ABOUT THE CURRENT RFC (REQUEST FOR COMMENT) ON
THE PROPOSED OWASP PROJECT ASSESSMENT CRITERIA THAT ALL, I MEAN ALL (DID I
MENTION ALL) OWASP PROJECT LEADERS MUST READ, UNDERSTAND AND (IF REQUIRED)
COMMENT ABOUT ... was not being received by other OWASP members a couple
minutes after it was sent.

Note, the major sign of something becoming invaluable and "can't live
without" is when it fails, people notice about it and raise alerts (our WIKI
and Mailing lists are good examples). Remember that we had 'official OWASP'
forums in the past (and blogs) who started, lived and died without much
'noise' from our community.

Final point, I agree 100% that OWASP needs to explore the 'Web 2.0'
collaboration tools, and that they can dramatically improve some of our
current technological bottlenecks, so my challenge to you is: Show us which
one works, so that we can scale it out to the rest of the community.

Dinis Cruz




2009/3/5 Arturo 'Buanzo' Busleiman <buanzo at buanzo.com.ar>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Tim Bass wrote:
> > Obviously, and I am not being caustic, you don't manage a large,
> > modern, commercial forum.
>
> OWASP does not run a commercial <insert term here>. It's a non-for-profit
> web security organization.
> If you're willing to provide all the know how and resources to make what
> you claim happen, then make
> a proposal. I'm sure a good % of people will love a forum, and another % of
> those people will love a
> mobile skin so they can use their smartphones to access it painlessly.
>
> - --
> Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107
> Independent Linux and Security Consultant - SANS - OISSG - OWASP
> http://www.buanzo.com.ar/pro/eng.html
> Mailing List Archives at http://archiver.mailfighter.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkmwT60ACgkQAlpOsGhXcE36GgCbBp8rApKgcuuIsJ6KptrdlP4A
> N4UAn0jyevhIW7WlxE342cgCbsOzD5Zy
> =5uPt
> -----END PGP SIGNATURE-----
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090305/180b5622/attachment-0001.html 


More information about the OWASP-Leaders mailing list