[Owasp-leaders] Mailing list -> Forum

Andrew van der Stock vanderaj at owasp.org
Wed Feb 9 19:24:31 EST 2011

We tried a forum in 2006. I bought a license to vBulletin, Larry set it up, and no one came. 

If we were going to do a forum again this time around, let's try Xen Foro. They're still in development, but they're about the only one with a good security story, such as the use of prepared statements. 

We could also ask the devs to build in some of the features that we want.


Legal issues are irrelevant. I have run a very large forum (8000+) members in a country with no freedom of speech laws, and have stared down bush lawyers (i.e. folks who think they know the law but don't) about 10 times since 2002. Once they realise that a) we host in the USA b) we don't have any money c) we act on moderation reports in a timely fashion d) we don't allow folks to publish defamatory content for any length of time e) real lawyers realize there's no hope in getting any big settlements - they give up. Once they come to the realization that they are not going to get anything, I ban them for life. It's in the terms and conditions they agreed to when joining my community. Threatening the forum's very existence is immediate and permanent banishment. 


More information about the OWASP-Leaders mailing list