[Owasp-leaders] Proposal [Feedback Requested] : This I Believe (Security)

Fabio Cerullo fcerullo at owasp.org
Mon Aug 19 09:23:25 UTC 2013


+1 John...count with me.

I believe we could use the OWASP blogpost site for these series?

http://owasp.blogspot.ie/

Fabio

On Monday, August 19, 2013, psiinon wrote:

> I think its a great idea!
>
> I'm a big fan of your Year of Security for Java series, John, and I really
> hope this happens as I think it will make fascinating reading.
> For the record, I Believe pentesters should learn more about Development
> and QA and vice versa ;)
>
> Cheers,
>
> Simon
>
>
>
> On Sun, Aug 18, 2013 at 4:56 AM, John Melton <jtmelton at gmail.com<javascript:_e({}, 'cvml', 'jtmelton at gmail.com');>
> > wrote:
>
>> Leaders,
>>
>> [tl;dr]
>> I am considering coordinating a short-term series of essays posted on the
>> owasp site about broad application security topics, and want your feedback
>> on whether the idea would be interesting to the community.
>>
>> [longer version]
>> I have long enjoyed the This I Believe (thisibelieve.org) series. For
>> those not familiar, the idea is that someone writes about a topic they have
>> a strong belief in, using short essay form.
>>
>> I believe an adaptation of this basic concept could produce value for our
>> community. Much of the communication I see flowing through our industry
>> could be viewed as dealing with the low-hanging fruit. I think expanding
>> and elevating our conversation around security could impact us in various
>> ways.
>>
>> Some possible benefits I hope to see are:
>>
>> - Greater awareness of related fields or obscure specialties within our
>> field
>> - Application of solutions from other disciplines
>> - Greater awareness of existing solutions from academia vs. industry and
>> related gaps
>> - Introduction of new ideas and new-found awareness of old ideas
>> - Drive interesting discussions amongst our community
>> - Follow-on implementations of valuable solutions
>> - Big ideas to solve hard problems
>>
>> However, I do realize that the central goal of this idea is not to
>> produce actionable documentation or code, and many of you as such may not
>> find it valuable. I propose a 3-step process:
>>
>> *Step 1. Receive feedback from the community about whether or not this
>> is a good idea. This is what I need now. Feel free to respond to the group
>> or me directly (2 weeks). *
>>
>> Step 2. If the general feedback is positive, I'll send out another
>> request for ideas for people you would like to see write articles. I will
>> then collect these and probably illicit a community vote to rank the
>> requested authors. I will then send out requests to those authors to see if
>> they would be willing to participate. (2-4 weeks)
>>
>> Step 3. Setup a schedule for the participating authors to post on a
>> roughly monthly basis. My thought is that this would run maybe 6-12 months,
>> but we could go longer or shorter depending on interest and participation.
>>
>> For now, I'd like to get feedback for step 1. However, as with any
>> project, help is always needed and much appreciated. If any of this sounds
>> like fun to you and you'd like to help out with leading the project, let me
>> know - I'd be grateful.
>>
>> Thanks,
>> John Melton
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <javascript:_e({}, 'cvml',
>> 'OWASP-Leaders at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130819/74a0e840/attachment.html>


More information about the OWASP-Leaders mailing list