[Owasp-leaders] New OWASP project

mark curphey mark at curphey.com
Mon Oct 31 21:23:23 EDT 2011


Having a good operating system is also critical. Should OWASP build an open source OS as well ? Even if it was aligned storing digests and files the same place is BAD security. 


On Oct 31, 2011, at 6:16 PM, Jim Manico wrote:

> This project is an open source database to aid in malware detection.
> Detecting malware is a crucial defensive mechanism when building file
> upload services.
> Providing good application security tools for developers helps aid our
> mission of spreading awareness.
> 
> - Jim
> 
>> Avoiding the obvious of MD5 pseudo ciollisions, SHA-1 and storing a digest on the same physical location as the object file (i.e. any good security architect is going have a field day), what has this got to do with making application security visible?
>> 
>> On Oct 31, 2011, at 5:39 PM, Mark Bristow wrote:
>> 
>>> I disagree I think it squarely supports the AppSec mission.
>>> 
>>> Best of luck Lucas and team.
>>> 
>>> Mark Bristow
>>> Global Conferences Committee, Chair
>>> mark.bristow at owasp.org
>>> (703) 596-5175
>>> 
>>> Sent concisely from my wireless device
>>> 
>>> ----- Reply message -----
>>> From: "Christian Heinrich" <christian.heinrich at owasp.org>
>>> To: "Jim Manico" <jim.manico at owasp.org>
>>> Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>>> Subject: [Owasp-leaders] New OWASP project
>>> Date: Mon, Oct 31, 2011 8:15 pm
>>> 
>>> 
>>> 
>>> Jim,
>>> 
>>> No disrespect to the Lucas but Mark does have a point i.e. the project is not directly related to webappsec or appsec.
>>> 
>>> It could be brought into scope if it focused on files related to web servers e.g. IIS and web applications e.g. Wordpress.
>>> 
>>> 
>>> On Tue, Nov 1, 2011 at 10:58 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> A better question is, is there any reason why OWASP should not be doing
>>> this?
>>> 
>>> We need to encourage new projects and err on the side of welcoming
>>> volunteers who are willing to actually do some work!
>>> 
>>> - Jim
>>> 
>>>> Hiya, sorry if I am missing something obvious but why is owasp doing this ?
>>>> 
>>>> Sent from my Phone
>>>> 
>>>> On Oct 31, 2011, at 4:48 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
>>>> 
>>>>> Dear fellow leaders,
>>>>> 
>>>>> I'd like to announce a new OWASP project, the OWASP File Hash
>>>>> Repository (https://www.owasp.org/index.php/OWASP_File_Hash_Repository).
>>>>> Its descritption is:
>>>>> 
>>>>> The goal of this project is to build a repository of hashes of
>>>>> executable and source files. This repository can then be queried by
>>>>> clients to determine the status os of files based on their hashes.
>>>>> Some statuses are GOOD, MALWARE, SOURCE CHECKED, etc. This repository
>>>>> can consolidate several available sources (NIST, MHR, VirusTotal, etc)
>>>>> and provide better query capabilities.
>>>>> 
>>>>> The project mailing list is available here:
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-file-hash-repository,
>>>>> or contact me directly if you have questions or comments.
>>>>> 
>>>>> Best regards,
>>>>> 
>>>>> Lucas
>>>>> 
>>>>> --
>>>>> Homo sapiens non urinat in ventum.
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> --
>>> Jim Manico
>>> 
>>> Connections Committee Chair
>>> Cheatsheet Series Product Manager
>>> OWASP Podcast Producer/Host
>>> 
>>> jim at owasp.org
>>> www.owasp.org
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> -- 
>>> Regards,
>>> Christian Heinrich
>>> http://www.owasp.org/index.php/user:cmlh
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> -- 
> Jim Manico
> 
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> 
> jim at owasp.org
> www.owasp.org
> 



More information about the OWASP-Leaders mailing list