[Owasp-leaders] Security 101 Mailing List?

Ludovic Petit ludovic.petit at owasp.org
Thu Jan 26 10:53:19 UTC 2012

Great idea, even if  indeed users are likely to have many answers from many
of us.
However and even in this perspective, I think it will be a good thing
because it will show users the benefit of the community for the subject
being treated. So as such, good for spreading the Voice of OWASP.

Last but not least, I agree and understand your final comment about "dumb'
questions and "Did you Google it?",
but in my view and as I often say on a daily basis, there is no "dumb"
questions, only wrong answers.

Maybe could we foster the idea for a 'banner' in such mailing list, to make
users more confident in their questions and queries ;-)


On Thu, Jan 26, 2012 at 12:26 AM, Michael Coates
<michael.coates at owasp.org>wrote:

> I recently gave a security presentation to a group of developers in the
> health care startup scene.  There was great turnout and they really loved
> Webgoat (delivered via OWASP BWA).  As I left the presentation I pointed
> them at a variety of OWASP links - top 10, cheat sheets, secure coding
> guidelines - but I felt that it was a missed opportunity to really engage
> the group that had so much to gain from OWASP.
> What are people's thoughts about establishing a OWASP-Security-101 mailing
> list?  The idea would be to have this be a public list where developers
> would ask basic/intro web security questions.  We (OWASP leaders) would
> then direct people to available OWASP resources or answer the questions
> directly.
> This idea would create an ecosystem with developers that are not security
> experts per se (e.g. getting past the echo chamber). In addition, this will
> quickly identify gaps in OWASP resources ( 5 questions about topic X and we
> have no OWASP page on that topic).
> The goal here isn't to replace something like stack overflow, but instead
> to create an inviting space within OWASP where we can integrate more
> developers and publicize/enhance OWASP tools, resources, etc.
> One important thing for this new list would be that it's a safe place to
> ask "dumb" questions.  I think we could really distinguish ourselves here
> since many people are nervous about jumping into a more technical mailing
> list and just getting the "Did you google it?" type answer.
> Thoughts?  OWASP-Security-101?
> Michael Coates
> michael.coates at owasp.org
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


Ludovic Petit, CISSP, CTFS

Chapter Leader OWASP France

OWASP Global Connections Committee

Mobile: +33 (0) 611 726 164

E-mail: ludovic.petit at owasp.org

LinkedIn: http://www.linkedin.com/in/lpetit


Homepage: https://www.owasp.org/index.php/France

Mailing list: https://lists.owasp.org/mailman/listinfo/owasp-france
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120126/1a9500e4/attachment-0001.html>

More information about the OWASP-Leaders mailing list