[Owasp-leaders] Proposal [Feedback Requested] : This I Believe (Security)

Dennis Groves dennis.groves at owasp.org
Sun Aug 18 09:43:43 UTC 2013


My *BIG* concern is that this could easily turn into a 'faith-based' 
security platform.

I can only support this if people talk about what they believe and it is 
supported by science. Security science that is freely available and 
reproducible.

*Infosec has enough snake-oil, we need science.*


Dennis

On 17 Aug 2013, at 20:56, John Melton wrote:

> Leaders,
>
> [tl;dr]
> I am considering coordinating a short-term series of essays posted on 
> the
> owasp site about broad application security topics, and want your 
> feedback
> on whether the idea would be interesting to the community.
>
> [longer version]
> I have long enjoyed the This I Believe (thisibelieve.org) series. For 
> those
> not familiar, the idea is that someone writes about a topic they have 
> a
> strong belief in, using short essay form.
>
> I believe an adaptation of this basic concept could produce value for 
> our
> community. Much of the communication I see flowing through our 
> industry
> could be viewed as dealing with the low-hanging fruit. I think 
> expanding
> and elevating our conversation around security could impact us in 
> various
> ways.
>
> Some possible benefits I hope to see are:
>
> - Greater awareness of related fields or obscure specialties within 
> our
> field
> - Application of solutions from other disciplines
> - Greater awareness of existing solutions from academia vs. industry 
> and
> related gaps
> - Introduction of new ideas and new-found awareness of old ideas
> - Drive interesting discussions amongst our community
> - Follow-on implementations of valuable solutions
> - Big ideas to solve hard problems
>
> However, I do realize that the central goal of this idea is not to 
> produce
> actionable documentation or code, and many of you as such may not find 
> it
> valuable. I propose a 3-step process:
>
> *Step 1. Receive feedback from the community about whether or not this 
> is a
> good idea. This is what I need now. Feel free to respond to the group 
> or me
> directly (2 weeks). *
>
> Step 2. If the general feedback is positive, I'll send out another 
> request
> for ideas for people you would like to see write articles. I will then
> collect these and probably illicit a community vote to rank the 
> requested
> authors. I will then send out requests to those authors to see if they
> would be willing to participate. (2-4 weeks)
>
> Step 3. Setup a schedule for the participating authors to post on a 
> roughly
> monthly basis. My thought is that this would run maybe 6-12 months, 
> but we
> could go longer or shorter depending on interest and participation.
>
> For now, I'd like to get feedback for step 1. However, as with any 
> project,
> help is always needed and much appreciated. If any of this sounds like 
> fun
> to you and you'd like to help out with leading the project, let me 
> know -
> I'd be grateful.
>
> Thanks,
> John Melton
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

     Unless someone like you...cares a whole awful lot...
     nothing is going to get better...It's not."
                                             -- The Lorax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130818/f3abdfdb/attachment.html>


More information about the OWASP-Leaders mailing list