[Owasp-leaders] Zone transfer
jeff.williams at owasp.org
Wed Jun 9 08:03:38 EDT 2010
> On Jun 9, 2010, at 1:06 PM, Christian Heinrich wrote:
>> AXFR is a business related risk to OWASP due to the impact to our
>> (i.e. OWASP) reputation.
> Or you could see it as a great advertisement for how organisations should
look at the whole > business context in order to properly evaluate risk.
This is exactly the message I think we should emphasize. Security for
compliance's sake is stupid. If OWASP stands for anything, it's exactly the
notion that making informed decisions about risk is the way forward. Now of
course we don't want to damage our reputation, so I need everyone's help in
responding to nonsense.
> On Mon, Apr 12, 2010 at 3:27 PM, Jeff Williams <jeff.williams at owasp.org>
>> I greatly appreciate the interest and concern in OWASP's security and
>> reputation. I'd like to take this opportunity to once again recognize
>> Larry's excellent support of the OWASP network and application
>> infrastructure over the years. Few of you will probably ever meet him,
>> he has helped virtually all of us and we work under the blanket of his
>> protection every day!
>> Rest assured that Larry has been on top of the DNS situation for quite a
>> while and we just haven't been able to find another provider that is a
>> better fit for OWASP. This is a great case study in why vulnerabilities
>> aren't risks (as we have now hopefully made clear in the new T10 being
>> released very soon). You always have to consider the business context of
>> vulnerability you discover. In this case, nobody has articulated a
>> risk to OWASP.
>> However, we are absolutely committed to making our infrastructure secure
>> both for protection and as an example to others. We always welcome
>> constructive information about the security of our OWASP infrastructure.
>> Thanks Larry - great job as usual.
> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders