[Owasp-leaders] Would the real OWASP please stand up!

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Wed Sep 23 18:05:00 EDT 2009

Hash: SHA512

I really hate it when "real" security professionals look down to me and say "oh, you're the owasp
guy". For instance, and I was talking the other day with someone from another webappsec
organization, and basicly, he said: "Sorry, you're an OWASP guy, I can't talk to you". My answer
was: "Oh, I wasn't aware kindergarden had webappsec groups".

Lots of people on the industry dislike my project just because it's OWASP sponsored. And I don't
give a **** about the opinion of those individuals.

The real OWASP is the people who can see beyond the stupidity and jealousy of others, and kick it
away and continue to love OWASP and support it. I've been in the IT security business since 1996 (I
was 14 years at that time), when I hacked into Argentina's presidency's email server and contacted
their "systems guy" and told him how to reproduce the attack, how to fix it (it was an IRIX 5.3
operating system running a very vulnerable set of cgi scripts), and how to start thinking about
security in a more open way ("use linux" - back in 1996 that was a blast :P).

And the past 3 years I've seen a big change in the industry. Lots of "floss activists" becoming
"security experts", advanced "windows power users" becoming IT security developers, and things like
that. And I sense that the hacker philosophy is being lost in a big noisy inter-group flamewar full
of politics and bureaucratic stuff, when we should be focusing on developing tools, analyzing
malware, educating programmers on how to write secure code, educating users, and HACKING STUFF UP.

And I've found LOTS of that kind of people in OWASP: real hackers with real hacker philosophy and
code of ethics, great programmers. And that is why I'll continue to support OWASP.

(And I know, you, the childish guy-leader from the other webappsec group, are reading this: grow up).

And this will be my only public rant :)

- --
Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107
Independent Linux and Security Consultant - SANS - OISSG - OWASP
Mailing List Archives at http://archiver.mailfighter.net
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the OWASP-Leaders mailing list