[Owasp-leaders] Security 101 Mailing List?

Michael Coates michael.coates at owasp.org
Fri Jan 27 17:23:14 UTC 2012


Simon summarized it nicely, I think we've got a few different options and we can try them out and see how they work.

So, friendly reminder to anyone that may have forgotten, we've got a nice security channel going at http://security.stackexchange.com/ (try filtering on tag "app sec" http://security.stackexchange.com/questions/tagged/appsec)

And I'll get the security101 at list.owasp.org mail list setup shortly


Let's give a variety of approaches a shot and see how we can keep reaching out to others and building the community too.

Michael Coates
OWASP
michael.coates at owasp.org



On Jan 27, 2012, at 3:50 AM, psiinon wrote:

> Hi Dennis,
> 
> Absolutely.
> 
> Going back to Michael's original question, and the subsequent proposals to do more with Stack Overflow etc ...
> Why not try both?
> 
> We should be responding to Stock Overflow questions and the like, but I still think a security101 OWASP list might help as well.
> Why dont we try it out and see which approach is the most effective, or if the combination actually works better?
> 
> I realise its spreading our focus more, but there are quite a few of us - people will gravitate to which ever one they think works best and if one option withers and dies then so be it.
> 
> Cheers,
> 
> Simon
> 
> On Fri, Jan 27, 2012 at 10:38 AM, Dennis Groves, MSc <dennis.groves at owasp.org> wrote:
> Hi Simon,
> 
> I understand; as a chapter leader myself. I believe we are uniquely situated as chapter leaders - we are already reaching out as chapter leaders. We champion OWASP all the time, growing and maturing our chapters.
> 
> However, it doesn't take long to realise that the same level of outreach is not being taken by the chapter members in many cases. While your chapter may be unique - I find that many chapters are quite passive; people come to hear the experts - and they don't get involved much beyond 'listening.'
> 
> I think we need to understand why this is happening and address it. I want people to leave chapter meetings to leave empowered to do something for OWASP; to know exactly how they can get involved and be part of all the exciting activity. I want those people to go about their lives and be empowered to become 'the security guy' in their spheres of influence; and perhaps even start chapters of their own!
> 
> But chapters are not the only outreach - people are looking for 'security answers' in a whole lot of places, and many have not yet heard of OWASP; because they do not even know their problem has a name to google for. I have even worked with clients who have brought me designs that include XSS as a feature! They not only haven't heard the good word; they have rediscovered XSS for themselves and thought it a feature!
> 
> Chapters are good, and chapters are outreach - but clearly, much work remains to be done. And much of what needs to be done is enabling and empowering our members to be that outreach to other communities; and indeed to be the 'security guy' in the communities from witch they have come.
> 
> 
> Dennis
> 
> 
> 
> 
> On 27 Jan 2012, at 9:55, psiinon wrote:
> 
> I completely agree that we should be reaching out to other communities.
> But dont think that you cant do that via OWASP chapter meetings as well.
> In Manchester we have a fairly even split between the builders, breakers
> and defenders, and a large proportion of 'newbies'.
> At the last meeting I asked what sessions people would like us to present,
> and it was clear that many people wanted talks on 'the basics'.
> For next weeks meeting we have 2 talks, I'm talking about the OWASP top ten
> and Dominic Chell is talking about evaluating iOS applications.
> All 60 places have been taken and I'm trying to make some more available as
> there are more people who really want to attend.
> 
> Cheers,
> 
> Simon
> 
> On Thu, Jan 26, 2012 at 7:43 PM, Dennis Groves <dennis.groves at owasp.org>wrote:
> 
> On 26 Jan 2012, at 19:16, Jim Manico wrote:
> 
> What if a developer could confidently know that the best place in the
> 
> world to turn for input validation is OWASP?
> 
> I feel we serve the developer community better if "we go to them"
> instead of requiring them "to come to us".
> 
> 
> Indeed Jim, your are touching upon a very important and critical idea.
> In fact, Dinis & I were just talking about this on the phone.
> 
> This is exactly what is required; we need more evangelism as Guy Kawasaki
> would say.
> In fact OWASP needs to encourage and enable OWASP members to work
> externally with others.
> 
> If we don't leave the OWASP community, we get blue blooded, our ideas
> become stale, and indeed, we fail to be the Open inclusive community we
> strive to be; and we become insular and exclusive. We fail for all the same
> reasons that communities before OWASP failed… Even if we were to find the
> magical security answer among ourselves, it would be worthless unless we
> shared. :-)
> 
> Reaching out and helping others (not waiting for them to come to us),
> co-operating, communicating and being friendly and helpful. That is totally
> where it is at.
> 
> 
> Cheers,
> 
> Dennis
> 
> 
> 
> ______________________________**_________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> 
> 
> -- 
> Vote for ZAP as the Toolsmith Tool of The
> Year<http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html>
> 
> 
> 
> -- 
> Vote for ZAP as the Toolsmith Tool of The Year
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120127/3f4838ce/attachment.html>


More information about the OWASP-Leaders mailing list