[Owasp-leaders] A great story

Dennis Groves dennis.groves at owasp.org
Fri Feb 1 23:37:06 UTC 2013


On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:

> It's truly amazing what we've turned this thread into. :)
> Despite various formal or informal definitions, I believe that 
> "marketing" wise it's better to talk about the top10 risks rather than 
> the top10 vulnerabilities.

I can't agree with Konstantinos more!!! Business executives don't have 
one fuck to give about vulnerabilities; but you start talking about 
'risk' to their business and they are all ears. It is about the 
relevance to the companies we are trying to assist; not about what it 
'technically' is that matters…



> Can help get heard by executives while the rest will easily think that 
> practically risks are [a result of] technical vulnerabilities.
>
> Kostas
>
> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>
>> It's a payload delivery system.
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> I do not think of XSS as an attack, XSS is a weakness or 
>>> vulnerability.
>>>
>>> An attack would be something like "Site Defacement using XSS".
>>>
>>> Aloha,
>>> Jim
>>>
>>>> Roughly. XSS is used as
>>>> xss = weakness, vulnerability, attack (and some more)
>>>>
>>>>
>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>> Nope. Risk is impact x probability
>>>>> Vulns = xss SQLI etc
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>>
>>>>>
>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>>
>>>>>> Considering its risks not vulns., hope he updates his cards for 
>>>>>> 2013
>>>>>>
>>>>>>
>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" 
>>>>>> <dennis.groves at owasp.org> wrote:
>>>>>>
>>>>>>> Hello OWASP,
>>>>>>>
>>>>>>> I couldn't resist posting this to the list! I think that is just 
>>>>>>> pure awesome!
>>>>>>>
>>>>>>> I ran across this sole proprietor of this security firm this 
>>>>>>> week at a local security event. He expressed a great deal of 
>>>>>>> gratitude and thanked us for all the amazing work the community 
>>>>>>> has produced.
>>>>>>>
>>>>>>> He said he had the OWASP top 10 on the back of his business 
>>>>>>> cards since the OWASP top 10 was published, but he didn't have 
>>>>>>> any with him, so I gave him mine and promised to send me his 
>>>>>>> card when he got home.
>>>>>>>
>>>>>>> And since they are digital, I just had to share this with the 
>>>>>>> list. He said OWASP helped his micro-business enormously because 
>>>>>>> his clients were not able to ignore his advice anymore because 
>>>>>>> 'the worlds security experts' were advocating the same 
>>>>>>> practices.
>>>>>>>
>>>>>>> Anyhow, I love stories about how OWASP made a difference for 
>>>>>>> people & I hope you do too.
>>>>>>>
>>>>>>> Dennis
>>>>>>>
>>>>>>> Dennis Groves, MSc
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).


More information about the OWASP-Leaders mailing list