[Owasp-leaders] owasp-informal

Achim achim at owasp.org
Sat Feb 2 13:44:47 UTC 2013


Dinis, Jim, I can add all members of the leaders list to the new informal list,
this is technical no problem. 

But I'm not sure if everyone wants to be subscribed to a new list, it would be
better if each human opts in first.
Or should we ask to opt out for the new list?
Any ideas how to manage that?

Achim


Am 02.02.2013 13:47, schrieb Dinis Cruz:
> For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
> 
> The reason these threads exist is because of the value of the leader's shared knowledge
> 
> Dinis Cruz
> 
> On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
> 
>> Ok let's do this.
>>
>> We setup owasp-informal.
>>
>> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>
>> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>
>>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>>>
>>> I think there's a Gaussian Hole where our plans go :D 
>>> -Abbas
>>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>>>
>>>> Best part is I will be using this in meeting for the government.
>>>>
>>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>>>>
>>>>>> It's truly amazing what we've turned this thread into. :)
>>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>>>>>
>>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>>>>>
>>>>>
>>>>>
>>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>>>>>>
>>>>>> Kostas
>>>>>>
>>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>>>>>
>>>>>>> It's a payload delivery system.
>>>>>>>
>>>>>>> Eoin Keary
>>>>>>> Owasp Global Board
>>>>>>> +353 87 977 2988
>>>>>>>
>>>>>>>
>>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>>>
>>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>>>>>>>
>>>>>>>> An attack would be something like "Site Defacement using XSS".
>>>>>>>>
>>>>>>>> Aloha,
>>>>>>>> Jim
>>>>>>>>
>>>>>>>>> Roughly. XSS is used as
>>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>>>>>>> Nope. Risk is impact x probability
>>>>>>>>>> Vulns = xss SQLI etc
>>>>>>>>>>
>>>>>>>>>> Eoin Keary
>>>>>>>>>> Owasp Global Board
>>>>>>>>>> +353 87 977 2988
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello OWASP,
>>>>>>>>>>>>
>>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>>>>>>>>>>
>>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>>>>>>>>>>
>>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>>>>>>>>>>
>>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>>>>>>>>>>
>>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>>>>>>>>>>
>>>>>>>>>>>> Dennis
>>>>>>>>>>>>
>>>>>>>>>>>> Dennis Groves, MSc
>


More information about the OWASP-Leaders mailing list