[Owasp-leaders] Security 101 Mailing List?

Kate Hartmann kate.hartmann at owasp.org
Thu Jan 26 14:21:37 UTC 2012

We have a link to "community forums" from the main page of the wiki that
goes to an established ning site.  http://myowasp.ning.com/


Could we leverage this somehow?


Kate Hartmann

Operations Director


 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1


From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Ludovic Petit
Sent: Thursday, January 26, 2012 5:53 AM
To: Michael Coates
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Security 101 Mailing List?


Great idea, even if  indeed users are likely to have many answers from many
of us.

However and even in this perspective, I think it will be a good thing
because it will show users the benefit of the community for the subject
being treated. So as such, good for spreading the Voice of OWASP.


Last but not least, I agree and understand your final comment about "dumb'
questions and "Did you Google it?", 

but in my view and as I often say on a daily basis, there is no "dumb"
questions, only wrong answers.


Maybe could we foster the idea for a 'banner' in such mailing list, to make
users more confident in their questions and queries ;-)



On Thu, Jan 26, 2012 at 12:26 AM, Michael Coates <michael.coates at owasp.org>

I recently gave a security presentation to a group of developers in the
health care startup scene.  There was great turnout and they really loved
Webgoat (delivered via OWASP BWA).  As I left the presentation I pointed
them at a variety of OWASP links - top 10, cheat sheets, secure coding
guidelines - but I felt that it was a missed opportunity to really engage
the group that had so much to gain from OWASP.

What are people's thoughts about establishing a OWASP-Security-101 mailing
list?  The idea would be to have this be a public list where developers
would ask basic/intro web security questions.  We (OWASP leaders) would then
direct people to available OWASP resources or answer the questions directly.

This idea would create an ecosystem with developers that are not security
experts per se (e.g. getting past the echo chamber). In addition, this will
quickly identify gaps in OWASP resources ( 5 questions about topic X and we
have no OWASP page on that topic).

The goal here isn't to replace something like stack overflow, but instead to
create an inviting space within OWASP where we can integrate more developers
and publicize/enhance OWASP tools, resources, etc.

One important thing for this new list would be that it's a safe place to ask
"dumb" questions.  I think we could really distinguish ourselves here since
many people are nervous about jumping into a more technical mailing list and
just getting the "Did you google it?" type answer.

Thoughts?  OWASP-Security-101?

Michael Coates
michael.coates at owasp.org

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org



Ludovic Petit, CISSP, CTFS

Chapter Leader OWASP France

OWASP Global Connections Committee


Mobile: +33 (0) 611 726 164

E-mail: ludovic.petit at owasp.org

LinkedIn: http://www.linkedin.com/in/lpetit


Homepage: https://www.owasp.org/index.php/France

Mailing list: https://lists.owasp.org/mailman/listinfo/owasp-france



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120126/76dbc5ea/attachment-0001.html>

More information about the OWASP-Leaders mailing list