[Owasp-leaders] owasp-informal

Abbas Naderi abbas.naderi at owasp.org
Sat Feb 2 14:15:02 UTC 2013


Agreed. 
They are already receiving it all, we are allowing them to opt-out of some.
-Abbas
On ۱۴ بهمن ۱۳۹۱, at ۱۷:۳۳, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> If it is opt-in is not going to work
> 
> It should be opt-out so that the ones who don't want to get it can remove themselves.
> 
> Dinis Cruz
> 
> On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> 
>> I agree it should be opt-in. I am planning on setting up that list in about an hour when I am back from dropping of my son at a birthday party.
>> 
>> -- Matt's phone
>> 
>> On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:
>> Dinis, Jim, I can add all members of the leaders list to the new informal list,
>> this is technical no problem.
>> 
>> But I'm not sure if everyone wants to be subscribed to a new list, it would be
>> better if each human opts in first.
>> Or should we ask to opt out for the new list?
>> Any ideas how to manage that?
>> 
>> Achim
>> 
>> 
>> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>> > For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
>> >
>> > The reason these threads exist is because of the value of the leader's shared knowledge
>> >
>> > Dinis Cruz
>> >
>> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>> >
>> >> Ok let's do this.
>> >>
>> >> We setup owasp-informal.
>> >>
>> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
>> >>
>> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>> >> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>> >> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>> >>
>> >> Aloha,
>> >> --
>> >> Jim Manico
>> >> @Manicode
>> >> (808) 652-3805
>> >>
>> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>> >>
>> >>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>> >>>
>> >>> I think there's a Gaussian Hole where our plans go :D
>> >>> -Abbas
>> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>> >>>
>> >>>> Best part is I will be using this in meeting for the government.
>> >>>>
>> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>> >>>>>
>> >>>>>> It's truly amazing what we've turned this thread into. :)
>> >>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>> >>>>>
>> >>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>> >>>>>>
>> >>>>>> Kostas
>> >>>>>>
>> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>> >>>>>>
>> >>>>>>> It's a payload delivery system.
>> >>>>>>>
>> >>>>>>> Eoin Keary
>> >>>>>>> Owasp Global Board
>> >>>>>>> +353 87 977 2988
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>> >>>>>>>
>> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>> >>>>>>>>
>> >>>>>>>> An attack would be something like "Site Defacement using XSS".
>> >>>>>>>>
>> >>>>>>>> Aloha,
>> >>>>>>>> Jim
>> >>>>>>>>
>> >>>>>>>>> Roughly. XSS is used as
>> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>> >>>>>>>>>> Nope. Risk is impact x probability
>> >>>>>>>>>> Vulns = xss SQLI etc
>> >>>>>>>>>>
>> >>>>>>>>>> Eoin Keary
>> >>>>>>>>>> Owasp Global Board
>> >>>>>>>>>> +353 87 977 2988
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>> >>>>>>>>>>
>> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>>> Hello OWASP,
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Dennis
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Dennis Groves, MSc
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/5f8495c6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/5f8495c6/attachment-0001.bin>


More information about the OWASP-Leaders mailing list