[Owasp-leaders] OWASP Home Page Project

Seba seba at owasp.org
Mon Sep 28 02:27:56 EDT 2009

Jim, all,
Indeed an important project to be done.
Who's game to turn this into a SOC proposal?

On Sun, Sep 27, 2009 at 8:04 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  I think that redesigning the OWASP homepage is a prudent and valuable
> project to undertake. I'm also a huge fan of the Wiki, but someday the Wiki
> should be a feature of the website, not *the* website, IMO.
> By the same token, such an undertaking is time consuming and expensive. We
> need a real team and budget to do it well.
> I feel the focus of the homepage redsign should be simple - just make the
> OWASP tools and projects more prominent - possibly categorizing projects
> into a few buckets. In the interest of making WebAppSec more visible, a more
> prominent, consistent and well managed press section could be of benefit to
> our core mission.
> The content of the OWASP homepage, IMO, is great. Even the overall layout
> is great. But a little Web 2.0 design and color would go a long way, I
> think. And this is not fluff - design and color are foundational elements of
> good web communication; and good communication - via visibility - is a core
> part of OWASP's mission.
> Respectfully,
> Jim
> ----- Original Message -----
> *From:* Mike Boberski <mike.boberski at cox.net>
> *To:* owasp-leaders at lists.owasp.org
> *Sent:* Tuesday, September 22, 2009 1:54 PM
> *Subject:* Re: [Owasp-leaders] OWASP Home Page Project
> I'm surprised no one jumped in on this thread; each is an item in my mind
> worth exploring; application security is incredibly hard to sell people on,
> such weak/non-existent mandates in this space. The Agile-like idea for
> example seems to pop up frequently, I think there is something to it. There
> is little arguing how the universe latched onto such a superficially silly
> thing with religious-like zeal; I have one customer right now for example
> where a development team is hiding behind the Agile Scrum process to the
> point of defying their management's (and their management's management's,
> and their management's management's management's) direct instruction to
> start addressing security concerns.
> Some initial thoughts on each of the items:
> I think the site could benefit for some high-level buckets near the top,
> similar to the recent Aspect Security web site update. Perhaps
> protect/detect/lifecycle as on the projects page.
> Member companies should go to the top, to the side, for the reasons cited
> below. I turned many people during ASVS' development into ASVS reviewers
> once they scrolled to the bottom.
> There is merit to the manifesto thing as mentioned above, the visible thing
> is a starting point but isn't all that it could be; here's a starting point
> for discussion: (1)A Web application may not disclose or modify user data
> without a data owner's permission or, through inaction, allow unauthorized
> disclosure or modification of user data. (2)A Web application must obey any
> inputs given to it by users or external systems, except where such orders
> would conflict with the First Law. (3)A Web application must protect its own
> existence as long as such protection does not conflict with the First or
> Second Law.
> I'm not sure the media thing is actionable, other than adding a link to an
> OWASP POC to respond to media inquiries.
> Mike
> On Mon, Sep 21, 2009 at 3:16 PM, McGovern, James F (HTSC, IT) <
> James.McGovern at thehartford.com> wrote:
>>  Figured I would share some marketing oriented thoughts regarding OWASP
>> with a focus on our web presence. If you feel I am full of it, then reply
>> back :-)
>>    - The OWASP website is not relatable. Who is the intended audience?
>>    Should we guide folks based on the roles they play?
>>    - There is nothing to speak to the legitimacy of OWASP ..... until you
>>    scroll down to the bottom and see the corporate endorsements. Those should
>>    be higher up on the screen. For those who will debate legitimacy, we have to
>>    acknowledge that the masses within IT get giddy when they see famiilar
>>    logos. Think folks who love Gartner Magic Quadrants.
>>    - Also on the home page there is nothing about what (specific)
>>    problem(s) OWASP addresses and fixes. Somewhat sporadic information. We need
>>    something more than making web application security visible.
>>    - Are there any quotes from people/organizations that were helped by
>>    OWASP involvement? Testimonials would attract more attention. Have folks
>>    seen the Agile Manifesto and the signatories page? We should do something
>>    similar.
>>    - Media coverage generally depends on a "face" to work their story.
>>    There are likely several angles you can utilize such as the "nimbleness" of
>>    a community vs. a corporation in solving a problem. How about a feature
>>    covering who are some of its participants. Sort of a personal profile.
>> ************************************************************
>> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
>> ************************************************************
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>  ------------------------------
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090928/68c2b5ed/attachment.html 

More information about the OWASP-Leaders mailing list