[Owasp-leaders] Proposal [Feedback Requested] : This I Believe (Security)

psiinon psiinon at gmail.com
Mon Aug 19 09:01:44 UTC 2013


I think its a great idea!

I'm a big fan of your Year of Security for Java series, John, and I really
hope this happens as I think it will make fascinating reading.
For the record, I Believe pentesters should learn more about Development
and QA and vice versa ;)

Cheers,

Simon



On Sun, Aug 18, 2013 at 4:56 AM, John Melton <jtmelton at gmail.com> wrote:

> Leaders,
>
> [tl;dr]
> I am considering coordinating a short-term series of essays posted on the
> owasp site about broad application security topics, and want your feedback
> on whether the idea would be interesting to the community.
>
> [longer version]
> I have long enjoyed the This I Believe (thisibelieve.org) series. For
> those not familiar, the idea is that someone writes about a topic they have
> a strong belief in, using short essay form.
>
> I believe an adaptation of this basic concept could produce value for our
> community. Much of the communication I see flowing through our industry
> could be viewed as dealing with the low-hanging fruit. I think expanding
> and elevating our conversation around security could impact us in various
> ways.
>
> Some possible benefits I hope to see are:
>
> - Greater awareness of related fields or obscure specialties within our
> field
> - Application of solutions from other disciplines
> - Greater awareness of existing solutions from academia vs. industry and
> related gaps
> - Introduction of new ideas and new-found awareness of old ideas
> - Drive interesting discussions amongst our community
> - Follow-on implementations of valuable solutions
> - Big ideas to solve hard problems
>
> However, I do realize that the central goal of this idea is not to produce
> actionable documentation or code, and many of you as such may not find it
> valuable. I propose a 3-step process:
>
> *Step 1. Receive feedback from the community about whether or not this is
> a good idea. This is what I need now. Feel free to respond to the group or
> me directly (2 weeks). *
>
> Step 2. If the general feedback is positive, I'll send out another request
> for ideas for people you would like to see write articles. I will then
> collect these and probably illicit a community vote to rank the requested
> authors. I will then send out requests to those authors to see if they
> would be willing to participate. (2-4 weeks)
>
> Step 3. Setup a schedule for the participating authors to post on a
> roughly monthly basis. My thought is that this would run maybe 6-12 months,
> but we could go longer or shorter depending on interest and participation.
>
> For now, I'd like to get feedback for step 1. However, as with any
> project, help is always needed and much appreciated. If any of this sounds
> like fun to you and you'd like to help out with leading the project, let me
> know - I'd be grateful.
>
> Thanks,
> John Melton
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130819/1fd517ee/attachment-0001.html>


More information about the OWASP-Leaders mailing list