[Owasp-leaders] Other Ideas for Projects

daniel cuthbert daniel.cuthbert at owasp.org
Thu Sep 24 03:11:04 EDT 2009


>OWASP End User Education Project: I was hanging out with our lawyers last
week (before watching the wonderful membership video) and we got into a
fascinating conversation regarding >professional education. Independent
insurance agents, accountants, lawyers, etc are all required to take
continuing education credits whereby they are encouraged to watch videos,
attend >seminars, etc. So, with this thought in mind, why can;'t all of us
chapter leaders agree to one fixed day next year where we all present on web
application security from the perspective of an >end-user? Likewise, could a
few of us sketch out a skit that we could do for non-security types to watch
and videotape while in DC to load up on YouTube.
I've been working on this training concept for a while. It's a series of
mini courses for those in management and other roles, not necessarily
associated with the technical side. Right now it's in propriety format, but
I've been meaning to rewrite it and start again, so this could be a good
push.



2009/9/23 Mike Boberski <mike.boberski at cox.net>

> idea, ESAPI certification project, and I'll lead it
>
>
> Mike
>
>
>
>>
>> On Wed, Sep 23, 2009 at 1:12 PM, Jeff Williams <jeff.williams at owasp.org>wrote:
>>
>>>  The vulnerability disclosure idea is a good project that could fall
>>> under the OWASP Legal Project. I think we should try to give them everything
>>> they need to run a good application security response center.  I’m thinking…
>>>
>>>
>>>
>>> Application Security Response Program
>>>
>>> 1)      Text for website that encourages responsible disclosure and
>>> protects researchers from lawsuit
>>>
>>> 2)      A runbook for actually handling reported vulnerabilities
>>> (template emails, etc…)
>>>
>>> 3)      Guidance on metrics coming out of the program
>>>
>>> 4)      Guidance on performing rescues on operational applications
>>>
>>> 5)      … what else?
>>>
>>>
>>>
>>> --Jeff
>>>
>>>
>>>
>>> PS – Breakfast Serialz?  Seriously? Gimme a bowl of Hackios?  Leet
>>> Flakes?  Golden Graham Crackers?  And Tom Brennan’s fav -- two scoopz of
>>> Kellog’s Raisin Hell?
>>>
>>>
>>>
>>>
>>>
>>> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
>>> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *McGovern, James F
>>> (HTSC, IT)
>>> *Sent:* Wednesday, September 23, 2009 9:38 AM
>>> *To:* owasp-leaders at lists.owasp.org
>>> *Subject:* [Owasp-leaders] Other Ideas for Projects
>>>
>>>
>>>
>>> Hopefully one can propose an idea without having to necessarily lead it
>>> :-)
>>>
>>>    - OWASP End User Education Project: I was hanging out with our
>>>    lawyers last week (before watching the wonderful membership video) and we
>>>    got into a fascinating conversation regarding professional education.
>>>    Independent insurance agents, accountants, lawyers, etc are all required to
>>>    take continuing education credits whereby they are encouraged to watch
>>>    videos, attend seminars, etc. So, with this thought in mind, why can;'t all
>>>    of us chapter leaders agree to one fixed day next year where we all present
>>>    on web application security from the perspective of an end-user? Likewise,
>>>    could a few of us sketch out a skit that we could do for non-security types
>>>    to watch and videotape while in DC to load up on YouTube.
>>>    - OWASP Vulnerability Disclosure Project: We know that websites have
>>>    privacy policies, but what about vulnerability disclosure policies? Lets say
>>>    that I am CISO for a major bank and an OWASP member happens to notice that
>>>    the site is subject to cross-site. Should they tell me? How should I react?
>>>    How do you think most CISOs would react? The problem is that vulnerability
>>>    right now is only thought of in terms of software vendors (think Microsoft,
>>>    Oracle, CA, etc) and consumerish websites (think MySpace, Facebook, etc), we
>>>    need to figure out some simple text that folks could incorporate into their
>>>    website
>>>    - OWASP Branding Project: I mentioned that I am working with a local
>>>    soda company to create a flavor of soda unique to our chapter (Avery's Soda)
>>>    and wondered whether this type of branding and logo usage could serve OWASP
>>>    in other ways. Yes, we could panic and start worrying about food poisoning
>>>    but I think our endorsement avoidance is around tech companies and not other
>>>    domains. For example, wouldn't it be cool if we could have our own brand of
>>>    cereal (I got some pings out)
>>>
>>>
>>>
>>> ************************************************************
>>>
>>> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
>>>
>>> ************************************************************
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090924/0dc2a553/attachment.html 


More information about the OWASP-Leaders mailing list