[Owasp-leaders] Other Ideas for Projects

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Sep 23 09:38:19 EDT 2009

Hopefully one can propose an idea without having to necessarily lead it

*	OWASP End User Education Project: I was hanging out with our
lawyers last week (before watching the wonderful membership video) and
we got into a fascinating conversation regarding professional education.
Independent insurance agents, accountants, lawyers, etc are all required
to take continuing education credits whereby they are encouraged to
watch videos, attend seminars, etc. So, with this thought in mind, why
can;'t all of us chapter leaders agree to one fixed day next year where
we all present on web application security from the perspective of an
end-user? Likewise, could a few of us sketch out a skit that we could do
for non-security types to watch and videotape while in DC to load up on
*	OWASP Vulnerability Disclosure Project: We know that websites
have privacy policies, but what about vulnerability disclosure policies?
Lets say that I am CISO for a major bank and an OWASP member happens to
notice that the site is subject to cross-site. Should they tell me? How
should I react? How do you think most CISOs would react? The problem is
that vulnerability right now is only thought of in terms of software
vendors (think Microsoft, Oracle, CA, etc) and consumerish websites
(think MySpace, Facebook, etc), we need to figure out some simple text
that folks could incorporate into their website
*	OWASP Branding Project: I mentioned that I am working with a
local soda company to create a flavor of soda unique to our chapter
(Avery's Soda) and wondered whether this type of branding and logo usage
could serve OWASP in other ways. Yes, we could panic and start worrying
about food poisoning but I think our endorsement avoidance is around
tech companies and not other domains. For example, wouldn't it be cool
if we could have our own brand of cereal (I got some pings out)

This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090923/ed7204c6/attachment.html 

More information about the OWASP-Leaders mailing list