dennis.groves at owasp.org
Thu Dec 20 19:23:09 UTC 2012
I agree with the message. I am not sure that OWASP has the 'clout' to
cause the change. However, certainly running unsigned, untrusted code in
your browser is as much of a bad idea as one could have from a security
standpoint. It can not hurt us to promote secure computing.
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
*This email is licensed under a [CC BY-ND
**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free
On 20 Dec 2012, at 15:20, Antonio Fontes wrote:
> Hi Vicente,
> Agreed, websites should offer a reduced mode that maintains access to
> the content even without JS running.
> However, on the question about OWASP encouraging the community to
> websites that work without JS, I am not sure I can identify the exact
> link with OWASP. This appears to be more motivated by typical
> usability/accessibility good practice than by security concerns. A
> website that requires JS to run is not inherently more insecure
> for the company or the client) than one, which does not. We could
> that the attack surface gets increased but...that would basically mean
> encouraging website designers to build plain text websites.
> When organisations keep forcing their users/customers into enabling JS
> in their browser, well then, basically they lose customers/users.
> Including me, and all those around me that I was able to convince with
> an alternative :)
> OWASP Switzerland, board member
> OWASP Geneva, chapter leader
> skype: antonio.fontes
> On 12/20/2012 12:25 PM, Vicente Aguilera wrote:
>> Hello leaderes,
>> Richard Stallman sent me the following message which I reproduce it
>> your consideration:
>> I run into quite a few sites nowadays that won't work without
>> Can OWASP help encourage Web designers to make their sites
>> Also, can it help encourage Web designers to make their sites
>> pass the LibreJS test?
>> What's your opinion?
>> Best regards,
>> Vicente Aguilera Diaz
>> OWASP Spain chapter leader
>> CISA, CISSP, CSSLP, ITIL, PCI ASV
>> CEH Instructor, ECSP Instructor, OPSA, OPST
>> vicente.aguilera at owasp.org <mailto:vicente.aguilera at owasp.org>
>> Homepage: http://www.owasp.org/index.php/Spain
>> Mailing list: http://lists.owasp.org/mailman/listinfo/owasp-spain
>> Twitter: @vaguileradiaz
>> Personal website: http://www.vicenteaguileradiaz.com
>> PGP: 0xD21C1EF8 - D1F0 E0B5 2ACC B4B5 57CD C427 58B7 CF0D D21C 1EF8
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders