[Owasp-leaders] Zone transfer

Christian Heinrich christian.heinrich at owasp.org
Wed Jun 9 07:06:15 EDT 2010


Jeff,

In light of http://twitter.com/Jabra/status/15652299005

AXFR is a business related risk to OWASP due to the impact to our
(i.e. OWASP) reputation.

FYI - aside from Reputation, the other two business related risks are
Financial (e.g. GFC) and Regulatory.

On Mon, Apr 12, 2010 at 3:27 PM, Jeff Williams <jeff.williams at owasp.org> wrote:
> All,
>
> I greatly appreciate the interest and concern in OWASP's security and
> reputation. I'd like to take this opportunity to once again recognize
> Larry's excellent support of the OWASP network and application
> infrastructure over the years. Few of you will probably ever meet him, but
> he has helped virtually all of us and we work under the blanket of his
> protection every day!
>
> Rest assured that Larry has been on top of the DNS situation for quite a
> while and we just haven't been able to find another provider that is a
> better fit for OWASP. This is a great case study in why vulnerabilities
> aren't risks (as we have now hopefully made clear in the new T10 being
> released very soon). You always have to consider the business context of any
> vulnerability you discover. In this case, nobody has articulated a serious
> risk to OWASP.
>
> However, we are absolutely committed to making our infrastructure secure -
> both for protection and as an example to others. We always welcome
> constructive information about the security of our OWASP infrastructure.
>
> Thanks Larry - great job as usual.
>
> --Jeff

-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking


More information about the OWASP-Leaders mailing list