[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Eoin eoin.keary at owasp.org
Thu Jun 7 23:43:51 UTC 2012


I am happy to for you to do that Jim. Or obviously you can not review ur own submission. Happy to have Dinis also.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 8 Jun 2012, at 00:06, Jim Manico <jim.manico at owasp.org> wrote:

> Yes I will take your reboot money. This should be easy since I'm also on
> the reboot review board! :)
> 
> But seriously, the cheat sheet series could use funding for marketing
> and awareness. We can turn these into a book, for example, for broader
> distribution at conferences and the like.
> 
> How about you take me off the reboot review board for better objectivity
> and I'll submit the CS series? We could put someone else on it, maybe
> Dinis Cruz?
> 
> Cheers,
> -- 
> Jim Manico
> 
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> 
> jim at owasp.org
> www.owasp.org
> 
> 
> 
> 
> 
>> Why is the cheat sheet not in the reboot list yet!! We could fund awareness, publication and pr efforts!!
>> Jim??
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 7 Jun 2012, at 21:54, Andy Lewis <alewis at owasp.org> wrote:
>> 
>>> Hi Jim - right now it looks to me like we provide good general
>>> guidance and references to implementation in specific
>>> languages/frameworks.  My intention was to 1) promote awareness, and
>>> 2) solicit additional references for additional specific languages or
>>> frameworks to make a great cheat sheet even better.
>>> All the best,
>>> Andy
>>> 
>>> On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>>> What changes to the password storage cheat sheet do you have in mind?
>>>> I maintain that and other pages in the cheat sheet series.
>>>> 
>>>> --
>>>> Jim Manico
>>>> (808) 652-3805
>>>> 
>>>> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>>>> 
>>>>> Nearly all of my LinkedIn groups have some hysterical mention of the
>>>>> LinkedIn password hash leak.
>>>>> Few of them mention the fact that the hashes were unsalted.
>>>>> 
>>>>> OWASP has answers.  Please join me in promoting those answers by
>>>>> "Liking" my posts about salt or publishing your own.
>>>>> 
>>>>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>>>> 
>>>>> <Discussion Field 1>
>>>>> It's easy to point and laugh at LinkedIn for failing to salt our
>>>>> passwords, but it's also a good time to remind people about how easy
>>>>> OWASP has made hashing with salt for some languages:
>>>>> </Discussion Field 1>
>>>>> 
>>>>> <Discussion Field 2>
>>>>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>>>>> php, and .net.
>>>>> 
>>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>>>>> 
>>>>> Anybody aware of any others?  Now's a good time to update the cheat
>>>>> sheet references on OWASP's wiki.
>>>>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>>>>> </Discussion Field 2>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 


More information about the OWASP-Leaders mailing list