[Owasp-leaders] OWASP Consumer Reports Project

Adam Muntner adam.muntner at quietmove.com
Mon Apr 12 10:14:37 EDT 2010


Sounds like a good way to get sued and criminally prosecuted by The Hartford
to Travelers, Progressive, Geico...

>
> On 4/12/10, McGovern, James F. (P+C Technology)
> <James.McGovern at thehartford.com> wrote:
> > Was noodling a conversation I had awhile back with Tom Brennan and
> > came up with an idea. If we truly want to make application security
> > visible, then we should figure out a way to partner with say Consumer
> > Reports (or at least borrow the Harvey Ball notation) where we compare
>
> > the security of poular sites to each other. For example, wouldn't a
> > lot of consumers want to know which brokerage firm is most secure
> > where we compare TD Ameritrade to Fidelity to E*Trade to Schwab and so
> on?
> >
> > Likewise, in order to get a quote for auto insurance, you have to
> > surrender lots of personally-identifiable information ranging from
> > social security number to drivers license, etc. Wouldn't it be good if
>
> > Consumers knew which auto insurance carrier was most secure where we
> > compared The Hartford to Travelers, Progressive, Geico and so on?
> >
> > The media at large would jump all over this idea and would provide us
> > with coverage. Likewise, for those being compared and receive less
> > than favorable ratings, may actually not just have their developers
> > pay attention to OWASP but also executive row! Of course, we would
> > need to come up with normalized criteria, but it wouldn't take too
> > long to put together. Criteria would include things like knowing they
> > are running the latest patch version of web server software, dns zone
> > transfer, basic input validation and other things that are observable
> > as a smart security consumer. At no time, would we scan a site without
> permission.
> >
> > Thoughts?
> > ************************************************************
> > This communication, including attachments, is for the exclusive use of
>
> > addressee and may contain proprietary, confidential and/or privileged
> > information.  If you are not the intended recipient, any use, copying,
>
> > disclosure, dissemination or distribution is strictly prohibited.  If
> > you are not the intended recipient, please notify the sender
> > immediately by return e-mail, delete this communication and destroy
> all copies.
> > ************************************************************
> >
>
>
> --
> Mike
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> ************************************************************
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited.  If you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100412/22127e2e/attachment.html 


More information about the OWASP-Leaders mailing list