[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Jim Manico jim.manico at owasp.org
Thu Jun 7 23:06:50 UTC 2012

Yes I will take your reboot money. This should be easy since I'm also on
the reboot review board! :)

But seriously, the cheat sheet series could use funding for marketing
and awareness. We can turn these into a book, for example, for broader
distribution at conferences and the like.

How about you take me off the reboot review board for better objectivity
and I'll submit the CS series? We could put someone else on it, maybe
Dinis Cruz?

Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org

> Why is the cheat sheet not in the reboot list yet!! We could fund awareness, publication and pr efforts!!
> Jim??
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 7 Jun 2012, at 21:54, Andy Lewis <alewis at owasp.org> wrote:
>> Hi Jim - right now it looks to me like we provide good general
>> guidance and references to implementation in specific
>> languages/frameworks.  My intention was to 1) promote awareness, and
>> 2) solicit additional references for additional specific languages or
>> frameworks to make a great cheat sheet even better.
>> All the best,
>> Andy
>> On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> What changes to the password storage cheat sheet do you have in mind?
>>> I maintain that and other pages in the cheat sheet series.
>>> --
>>> Jim Manico
>>> (808) 652-3805
>>> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>>>> Nearly all of my LinkedIn groups have some hysterical mention of the
>>>> LinkedIn password hash leak.
>>>> Few of them mention the fact that the hashes were unsalted.
>>>> OWASP has answers.  Please join me in promoting those answers by
>>>> "Liking" my posts about salt or publishing your own.
>>>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>>> <Discussion Field 1>
>>>> It's easy to point and laugh at LinkedIn for failing to salt our
>>>> passwords, but it's also a good time to remind people about how easy
>>>> OWASP has made hashing with salt for some languages:
>>>> </Discussion Field 1>
>>>> <Discussion Field 2>
>>>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>>>> php, and .net.
>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>>>> Anybody aware of any others?  Now's a good time to update the cheat
>>>> sheet references on OWASP's wiki.
>>>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>>>> </Discussion Field 2>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list