[Owasp-leaders] Security 101 Mailing List?

psiinon psiinon at gmail.com
Fri Jan 27 11:50:05 UTC 2012

Hi Dennis,


Going back to Michael's original question, and the subsequent proposals to
do more with Stack Overflow etc ...
Why not try both?

We should be responding to Stock Overflow questions and the like, but I
still think a security101 OWASP list might help as well.
Why dont we try it out and see which approach is the most effective, or if
the combination actually works better?

I realise its spreading our focus more, but there are quite a few of us -
people will gravitate to which ever one they think works best and if one
option withers and dies then so be it.



On Fri, Jan 27, 2012 at 10:38 AM, Dennis Groves, MSc <
dennis.groves at owasp.org> wrote:

> Hi Simon,
> I understand; as a chapter leader myself. I believe we are uniquely
> situated as chapter leaders - we are already reaching out as chapter
> leaders. We champion OWASP all the time, growing and maturing our chapters.
> However, it doesn't take long to realise that the same level of outreach
> is not being taken by the chapter members in many cases. While your chapter
> may be unique - I find that many chapters are quite passive; people come to
> hear the experts - and they don't get involved much beyond 'listening.'
> I think we need to understand why this is happening and address it. I want
> people to leave chapter meetings to leave empowered to do something for
> OWASP; to know exactly how they can get involved and be part of all the
> exciting activity. I want those people to go about their lives and be
> empowered to become 'the security guy' in their spheres of influence; and
> perhaps even start chapters of their own!
> But chapters are not the only outreach - people are looking for 'security
> answers' in a whole lot of places, and many have not yet heard of OWASP;
> because they do not even know their problem has a name to google for. I
> have even worked with clients who have brought me designs that include XSS
> as a feature! They not only haven't heard the good word; they have
> rediscovered XSS for themselves and thought it a feature!
> Chapters are good, and chapters are outreach - but clearly, much work
> remains to be done. And much of what needs to be done is enabling and
> empowering our members to be that outreach to other communities; and indeed
> to be the 'security guy' in the communities from witch they have come.
> Dennis
> On 27 Jan 2012, at 9:55, psiinon wrote:
>  I completely agree that we should be reaching out to other communities.
>> But dont think that you cant do that via OWASP chapter meetings as well.
>> In Manchester we have a fairly even split between the builders, breakers
>> and defenders, and a large proportion of 'newbies'.
>> At the last meeting I asked what sessions people would like us to present,
>> and it was clear that many people wanted talks on 'the basics'.
>> For next weeks meeting we have 2 talks, I'm talking about the OWASP top
>> ten
>> and Dominic Chell is talking about evaluating iOS applications.
>> All 60 places have been taken and I'm trying to make some more available
>> as
>> there are more people who really want to attend.
>> Cheers,
>> Simon
>> On Thu, Jan 26, 2012 at 7:43 PM, Dennis Groves <dennis.groves at owasp.org>*
>> *wrote:
>>  On 26 Jan 2012, at 19:16, Jim Manico wrote:
>>> What if a developer could confidently know that the best place in the
>>>>>  world to turn for input validation is OWASP?
>>>> I feel we serve the developer community better if "we go to them"
>>>> instead of requiring them "to come to us".
>>> Indeed Jim, your are touching upon a very important and critical idea.
>>> In fact, Dinis & I were just talking about this on the phone.
>>> This is exactly what is required; we need more evangelism as Guy Kawasaki
>>> would say.
>>> In fact OWASP needs to encourage and enable OWASP members to work
>>> externally with others.
>>> If we don't leave the OWASP community, we get blue blooded, our ideas
>>> become stale, and indeed, we fail to be the Open inclusive community we
>>> strive to be; and we become insular and exclusive. We fail for all the
>>> same
>>> reasons that communities before OWASP failed… Even if we were to find the
>>> magical security answer among ourselves, it would be worthless unless we
>>> shared. :-)
>>> Reaching out and helping others (not waiting for them to come to us),
>>> co-operating, communicating and being friendly and helpful. That is
>>> totally
>>> where it is at.
>>> Cheers,
>>> Dennis
>>> ______________________________****_________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/****mailman/listinfo/owasp-leaders<https://lists.owasp.org/**mailman/listinfo/owasp-leaders>
>>> **<https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>> **>
>> --
>> Vote for ZAP as the Toolsmith Tool of The
>> Year<http://holisticinfosec.**blogspot.com/2011/12/choose-**
>> 2011-toolsmith-tool-of-year.**html<http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html>
>> >

Vote for ZAP as the Toolsmith Tool of The
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120127/00355fc2/attachment.html>

More information about the OWASP-Leaders mailing list