[Owasp-leaders] OWASP Mailing Lists

Laurence Casey larry.casey at owasp.org
Fri Mar 6 10:59:04 EST 2009


I have been watching this thread and agree that we need a more visible
solution when it comes to communicating. Mailing lists are a reliable yet
old school approach that works well when it works. Until I fixed the problem
and started this thread, it was not working as expected. Now that it¹s
fixed, lets see how it can be improved.

One of the projects I implemented, but dropped shortly after was the forums.
The version I was looking at lacked the ability to use like a mailing list.
This is a very important part that must exist. This would make the
transition seamless for users that prefer not to use a forum.

The most important reason for moving to a forum as appose to mailing lists
is that you only need to join once and see everything that OWASP has to
offer. You can choose to have what you want emailed to you so you can get it
on your mobile device. The current mailing list solution has archives, but
it doesn¹t promote growth or sharing ideas across all chapters. Imagine
everyone around the world discussing the same topic in once thread, not in
isolated mailing lists. So much more could be done. Lets not forget what
forums will do for the admin either. Centralized administration of user

Yes we did have forums in the past. They didn¹t work for several reasons.
First they weren¹t promoted as the tool for discussions. With an option for
forums or mailing list, people stuck with what they had setup. Without a
full commitment and requiring people to move, I would expect it to fail.
Second and probably the major reason for the forums not taking off was the
forum software. Honestly, it sucked.

We are desperately in need of a better tool and I truly think forums will be
the tool. Jason mentioned an email plug-in and we will be looking at it. I
would be happy to hear suggestions on products you are ³experienced² with,
not just heard of. Please pass them on to me and we will check them out.

I also agree in part with Dinis that we need to try new things and prove
that they will work. I don¹t agree with taking these ideas off the ³mother
ship² and in to your own OWASP branded location on the web. I would prefer
to see your ideas tested in a localized environment and presented to the
website committee and/or myself for review. If the idea works and we have
consensus that its worth implementing, we do it on OWASP resources. This
needs to be centralized! Also keep in mind that for every idea we will need
resources to maintain them.

Not to leave out Google and Yahoo, these just won¹t work for us. I really
like Google Groups, but without branding its just not going to happen.
Moving to Google for our email was one of the best things since sliced
bread. We could brand it OWASP and the spam filter is amazing.
Unfortunately, both direct request to Google by myself and the community has
not made a dent in them opening branding for groups. I don¹t know much about
Yahoo, but having Google for mail and Yahoo for groups would be wrong in so
many ways. Not to mention I have no interest in Yahoo, its very invasive.

This thread is a great example of what OWASP is needing to grow. If the
website committee was in a forum and not mailing list, the community would
see what¹s in the pipeline without having to subscribe to another mailing
list. We have been working on a forums solution for a few months now.

Some statistics:

312     Members are currently able to read and contribute to this thread for
15191 Members around the world could read and contribute if we were using
forums (this could be good and bad:)

Thanks to everyone who responded to my original request. Very helpful. The
mailing lists are running smooth now.


On 3/6/09 5:12 AM, "dinis cruz" <dinis.cruz at owasp.org> wrote:

> To Nam (hey, we are a social network :)  )
> Doug, you are supposed to use the central resources when they work, are
> available and do what you need them to do :)
> What we don't want is for you guys to NOT do something because the OWASP
> Mothership is not providing it. Remember that from a central point of view
> there are a lot of issues to consider when providing an 'official service' to
> our community, so ideally what we really need is for new ideas to be created,
> tested, debugged, stabilized and matured at local (chapter, project or
> committee) level before we deploy it globally.
> Remember that EVERYTHING at OWASP is open and freely available. So as long as
> you comply with our values, code of ethics and common sense, literally
> anything goes :)
> And you (Doug) actually said it quite nicely in this comment "...If we have
> that license/freedom, I'll be curious to see what people do come up with...."
> . Me too, I'm quite curious and excited to see what our community will come up
> with.
> And remember that you (project or chapter) have A HUGE amount of flexibility
> into what you can do on your project. I do want to make this point again! We
> don't want the 
> proposed https://www.owasp.org/index.php/Category:OWASP_Project_Assessment
> <https://www.owasp.org/index.php/Category:OWASP_Project_Assessment>  to put
> any limitations on your creativity and vision for your project! (for project
> leaders, remember to print a copy, read it careful and send in your
> comments+solutions). Our objective is to package your goodness into something
> that can be used by others :)
> The best way for you to 'talk' at OWASP is by doing stuff, and you will find
> that when you have something to show for, you will get attention / focus, and
> when you just throw comments with no solutions, you will be ignored (i.e.
> nothing will happen with those comments).
> From my experience there are only two ways to get things done at OWASP: via
> Events or by Providing Energy/Work to projects/chapters.
> And the good news here is that all of you in this list (owasp-leaders) is in
> charge of a bit of OWASP, so if you want to make a point, use your own turf to
> prove it  :)
> Dinis Cruz
> 2009/3/6 Doug Wilson <doug.wilson at owasp.org>
>> dinis cruz wrote:
>>> > So for the ones that are proposing Forums, GO FOR IT , show us how
>>> > they work for your project or chapter. Make them SO powerful that the
>>> > mailing lists become redundant :)
>> I'm not proposing anything. But to play devil's advocate, aren't we
>> supposed to only use central resources, for purposes of branding and
>> consistency? To follow up on this suggestion, do we have license from
>> the board to set up something that is chapter specific that is not
>> running on the same technology as the rest of OWASP?
>> I'm asking that not to provoke, but basically if the answer to that is
>> not "yes," then you're not going to have much experimentation, unless
>> someone has the time to do it with some other project they are working
>> on, and then desires to port it over.
>> If we have that license/freedom, I'll be curious to see what people do
>> come up with.
>> Doug
>> --
>> Doug Wilson
>> dougDOTwilsonATowaspDOTorg
>> --
>> OWASP DC Chapter Co-Chair
>> https://www.owasp.org/index.php/Washington_DC
>> AppSec US 09 Organizer
>> https://www.owasp.org/index.php/OWASP_AppSec_US_2009_-_Washington_DC
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090306/8e9c6e99/attachment-0001.html 

More information about the OWASP-Leaders mailing list