[Owasp-leaders] FW: Security Advice
rohit at securitycompass.com
Wed Apr 13 15:17:29 EDT 2011
I followed-up with Jacob Kaplan-Moss from Django and he certainly likes the idea of us providing an "Open Source Security Advisors" page listing individuals, their bios and email addresses who are open to helping open source development teams with security-sensitive topics. In order to vet people on this page, perhaps we can use the same process as committee voting where OWASP leaders endorse the people on the page.
Hopefully this is a way for us to forge closer ties with the development groups and help influence them to integrate security into the products.
I think it's in our best interests *not* to make this a wiki page editable by anyone. What other options do we have?
Vice President, Product Development
Security Compass & SD Elements
From: Jacob Kaplan-Moss [mailto:jacob at jacobian.org]
Sent: Wednesday, April 13, 2011 2:18 PM
To: Sethi, Rohit
Subject: Re: Security Advice
Hi Rohit --
Thanks for the explanation -- I totally see how a closed mailing list
would cut against what you're trying to do with OWASP. Balancing
security and openness is *hard*!
I think your alternative idea is great, though! I don't particularly
care about the specific mechanism; I think the win is just having some
sort of vetted resource to discuss security with. I think I've said
this before, but my problem is that not only am I not qualified to
make complicated security decisions, I'm *also* not qualified to judge
who would be qualified! I think a list of volunteers who've been
vetted by OWASP and are willing to be contacted by open source
projects would be perfect, and I'd use it. Heavily, I think.
More information about the OWASP-Leaders