[Owasp-leaders] Hack OWASP.org as a pre/during SummitCompetition

James McGovern JMcGovern at virtusa.com
Wed Jan 26 10:03:36 EST 2011


The biggest challenge is that finding solutions to breaking tends to
take a lot longer than the actual breaking itself...

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of
Harisfazillah Jamel
Sent: Wednesday, January 26, 2011 8:13 AM
To: owasp-leaders at lists.owasp.org
Cc: Mancini Lucilla; owasp-leaders-bounces at lists.owasp.org; Ralph
Durkee; Loredana Mancini
Subject: Re: [Owasp-leaders] Hack OWASP.org as a pre/during
SummitCompetition

Hi,

I disagree using hacking to find vulnerabilities, as a way of promoting.

It's hard to find a contest that relate to hardening of server and
application or making codes better as part of a contest. We already
expose OWASP members with many ways of finding vulnerabilities. Lets
we balance with how to defense ourself from attack.

For example. We ask the contestant to fixed problem with all the
vulnerabilities listed and make report on the effort.

Or we can balance both. They find the vulnerabilities and do the
reports on how to fix it.

Haris ....

On Wed, Jan 26, 2011 at 6:18 PM, dinis cruz <dinis.cruz at owasp.org>
wrote:
> This practice is starting to be quite common these days. Google,
Microsoft,
> Mozilla (and others) have similar arrangements.
>
> But you raise good questions, and we should have answers for it on an
FAQ
> (Loredana can you add an FAQ to that page (here is a good template
> http://www.owasp.org/index.php/Summit_2011_FAQ))
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------


More information about the OWASP-Leaders mailing list