[Owasp-leaders] Security 101 Mailing List?
kate.hartmann at owasp.org
Thu Jan 26 14:21:37 UTC 2012
We have a link to "community forums" from the main page of the wiki that
goes to an established ning site. http://myowasp.ning.com/
Could we leverage this somehow?
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Ludovic Petit
Sent: Thursday, January 26, 2012 5:53 AM
To: Michael Coates
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Security 101 Mailing List?
Great idea, even if indeed users are likely to have many answers from many
However and even in this perspective, I think it will be a good thing
because it will show users the benefit of the community for the subject
being treated. So as such, good for spreading the Voice of OWASP.
Last but not least, I agree and understand your final comment about "dumb'
questions and "Did you Google it?",
but in my view and as I often say on a daily basis, there is no "dumb"
questions, only wrong answers.
Maybe could we foster the idea for a 'banner' in such mailing list, to make
users more confident in their questions and queries ;-)
On Thu, Jan 26, 2012 at 12:26 AM, Michael Coates <michael.coates at owasp.org>
I recently gave a security presentation to a group of developers in the
health care startup scene. There was great turnout and they really loved
Webgoat (delivered via OWASP BWA). As I left the presentation I pointed
them at a variety of OWASP links - top 10, cheat sheets, secure coding
guidelines - but I felt that it was a missed opportunity to really engage
the group that had so much to gain from OWASP.
What are people's thoughts about establishing a OWASP-Security-101 mailing
list? The idea would be to have this be a public list where developers
would ask basic/intro web security questions. We (OWASP leaders) would then
direct people to available OWASP resources or answer the questions directly.
This idea would create an ecosystem with developers that are not security
experts per se (e.g. getting past the echo chamber). In addition, this will
quickly identify gaps in OWASP resources ( 5 questions about topic X and we
have no OWASP page on that topic).
The goal here isn't to replace something like stack overflow, but instead to
create an inviting space within OWASP where we can integrate more developers
and publicize/enhance OWASP tools, resources, etc.
One important thing for this new list would be that it's a safe place to ask
"dumb" questions. I think we could really distinguish ourselves here since
many people are nervous about jumping into a more technical mailing list and
just getting the "Did you google it?" type answer.
michael.coates at owasp.org
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
Ludovic Petit, CISSP, CTFS
Chapter Leader OWASP France
OWASP Global Connections Committee
Mobile: +33 (0) 611 726 164
E-mail: ludovic.petit at owasp.org
Mailing list: https://lists.owasp.org/mailman/listinfo/owasp-france
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders