[Owasp-leaders] Mark on 'Models for Better Security Communities'

Stephen Craig Evans stephencraig.evans at gmail.com
Fri Nov 11 02:23:49 EST 2011

Sorry, Mark, your recent emails always sound too much like LeBron
James' "I'm taking my talents to South Beach" :-)

Back to our regularly scheduled programming...


OWASP is what it is.

Except for you and many other titans - whom I won't name for fear of
leaving somebody off the list - OWASP is a great place for people like
me to come in and put in a burst of energy when we have time to do it.
That's why it's rather loosely structured and stuff is scattered and a
bit haphazard. I don't feel guilty about it. If somebody wants to come
in, put in the effort and take over the reins on projects, then go for
it. All contribution is always welcome.

Yeah, it's not perfect. There should be more "polish" on projects,
more interaction between infosec pros and developers, more this and
that, blah, blah blah.

But you look at OWASP at ground level, and what's better? ISACA? ISC2?
PCI SSC? ... Give me a f*cking break. All of the bluster and flailing
of arms at how much OWASP is broke and something has to be changed - I
am waiting for somebody to put out something better... I am still
waiting... I am still waiting...

As usual, my 2 cents worth,

P.S. And, if anybody is wondering, I pay my annual dues to the KC
chapter. That's the least I can do.

On Fri, Nov 11, 2011 at 12:12 AM, Chris Schmidt <chris.schmidt at owasp.org> wrote:
> It would be Mark, the one not trolling on a professional organization
> leaders list - thanks.
> On 11/10/2011 10:35 PM, Stephen Craig Evans wrote:
>> One question first, Dinis...
>> Is this Mark Curphey from Microsoft? The company that extorts money
>> from companies over Linux patents?
>> I wanna get this straight before I respond to your question.
>> Thanks,
>> Stephen
>> On Mon, Nov 7, 2011 at 3:41 AM, dinis cruz<dinis.cruz at owasp.org>  wrote:
>>> I think Mark raises a lot of good points in his latest
>>> blog: http://www.curphey.com/2011/11/models-for-better-security-communities/
>>> I don't agree with all of its analysis, but I share some of his concerns
>>> about OWASP.
>>> Ironically what he wants is to get a group of focused people working
>>> together on a common project/initiative/ecosystem that produces high quality
>>> results, which is exactly what I want to do too :).
>>> I still believe that OWASP is the best place to create such group, but if it
>>> is created outside OWASP, we should embrace it and collaborate (since the
>>> end goal is to help the Application Security world)
>>> What do you think?
>>> Dinis Cruz
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list