[Owasp-leaders] Zone transfer
mike.boberski at gmail.com
Sun Apr 11 14:49:15 EDT 2010
Treat this like a customer in other words. There are many possible technical
mail lists that would provide the perfect context and would draw in
additional technical expertise, depending on the approach you wish to take
to explore this issue, e.g. from a testing or from an implementation
approach, or even an organizational process improvement approach to explore
how org's like OWASP handle such things. Write an article that explains the
issue, the risk, and then if e.g. there's no action, then add that to the
article, point people to this as an example of how organizations should be
open and know what their risks are and are perfectly within their rights to
accept risks. Maybe use this to drive that proposed project about putting
disclosure labels on sites.
On Sun, Apr 11, 2010 at 2:33 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
> BTW, consider the testing guide list, consider exploring this in the
> context of OWASP-IG-005, talk explore this as a case study, then writing up
> a finding, and presenting it to Larry and the board for their
> consideration/decision whether to accept the risk or to act on it.
> On Sun, Apr 11, 2010 at 2:20 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
>> Actually asvs is good, thanks. Busy translating it into I think 9
>> languages and counting, updating dev guide, some other things.
>> I suggest talking one on one with larry and the group of people
>> clearly interested in it, and if its not actionable then drop it
>> On 4/11/10, Arturo 'Buanzo' Busleiman <buanzo at buanzo.com.ar> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA512
>> > Mike Boberski wrote:
>> >> Please take this discussion off list, its not of general interest at
>> >> this point on this list. Thanks
>> > Is there any, in your opinion, better place where to discuss this
>> > related matter? Do we
>> > have an owasp-geeks mailing list?
>> > Thank you!
>> > BTW, how's ASVS?
>> > yours,
>> > - --
>> > Arturo "Buanzo" Busleiman
>> > Independent Linux and Security Consultant - OWASP - SANS - OISSG
>> > http://www.buanzo.com.ar/pro/eng.html
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v1.4.9 (GNU/Linux)
>> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> > iEYEAREKAAYFAkvCB6gACgkQAlpOsGhXcE34awCfT87wPuQWEXeBt2xxiPYC83Zc
>> > y6kAn05NlHrteiB6ApJ5cjB/3TWxK2IW
>> > =dsyI
>> > -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders