[Owasp-leaders] owasp-informal

Jim Manico jim.manico at owasp.org
Sat Feb 2 14:23:00 UTC 2013


Dinis,

We are going to try this experiment first. This is an opt-in experiment. We
understand you do not agree, but please give us room to try.

--
Jim Manico
@Manicode
(808) 652-3805

On Feb 2, 2013, at 6:04 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

If it is opt-in is not going to work

It should be opt-out so that the ones who don't want to get it can remove
themselves.

Dinis Cruz

On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:

I agree it should be opt-in. I am planning on setting up that list in about
an hour when I am back from dropping of my son at a birthday party.

-- Matt's phone
On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:

> Dinis, Jim, I can add all members of the leaders list to the new informal
> list,
> this is technical no problem.
>
> But I'm not sure if everyone wants to be subscribed to a new list, it
> would be
> better if each human opts in first.
> Or should we ask to opt out for the new list?
> Any ideas how to manage that?
>
> Achim
>
>
> Am 02.02.2013 13:47, schrieb Dinis Cruz:
> > For that to work you need to subscribe all members of the OWASP-leaders
> into the OWASP-informal
> >
> > The reason these threads exist is because of the value of the leader's
> shared knowledge
> >
> > Dinis Cruz
> >
> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
> >
> >> Ok let's do this.
> >>
> >> We setup owasp-informal.
> >>
> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
> >>
> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news
> only?
> >> 2) Those who want to chit chat off-topic please migrate to
> owasp-informal?
> >> 3) Simply banning Dennis Groves from leaders alone will help. ;)
> Dennis, can I make you admin of owasp-informal ?
> >>
> >> Aloha,
> >> --
> >> Jim Manico
> >> @Manicode
> >> (808) 652-3805
> >>
> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
> >>
> >>> Remember when we had a plan to make two leaders list, one for free
> discussions and one for decision making?
> >>>
> >>> I think there's a Gaussian Hole where our plans go :D
> >>> -Abbas
> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org>
> wrote:
> >>>
> >>>> Best part is I will be using this in meeting for the government.
> >>>>
> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org>
> wrote:
> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
> >>>>>
> >>>>>> It's truly amazing what we've turned this thread into. :)
> >>>>>> Despite various formal or informal definitions, I believe that
> "marketing" wise it's better to talk about the top10 risks rather than the
> top10 vulnerabilities.
> >>>>>
> >>>>> I can't agree with Konstantinos more!!! Business executives don't
> have one fuck to give about vulnerabilities; but you start talking about
> 'risk' to their business and they are all ears. It is about the relevance
> to the companies we are trying to assist; not about what it 'technically'
> is that matters…
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Can help get heard by executives while the rest will easily think
> that practically risks are [a result of] technical vulnerabilities.
> >>>>>>
> >>>>>> Kostas
> >>>>>>
> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
> >>>>>>
> >>>>>>> It's a payload delivery system.
> >>>>>>>
> >>>>>>> Eoin Keary
> >>>>>>> Owasp Global Board
> >>>>>>> +353 87 977 2988
> >>>>>>>
> >>>>>>>
> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
> >>>>>>>
> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or
> vulnerability.
> >>>>>>>>
> >>>>>>>> An attack would be something like "Site Defacement using XSS".
> >>>>>>>>
> >>>>>>>> Aloha,
> >>>>>>>> Jim
> >>>>>>>>
> >>>>>>>>> Roughly. XSS is used as
> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
> >>>>>>>>>> Nope. Risk is impact x probability
> >>>>>>>>>> Vulns = xss SQLI etc
> >>>>>>>>>>
> >>>>>>>>>> Eoin Keary
> >>>>>>>>>> Owasp Global Board
> >>>>>>>>>> +353 87 977 2988
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards
> for 2013
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <
> dennis.groves at owasp.org> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Hello OWASP,
> >>>>>>>>>>>>
> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is
> just pure awesome!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this
> week at a local security event. He expressed a great deal of gratitude and
> thanked us for all the amazing work the community has produced.
> >>>>>>>>>>>>
> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business
> cards since the OWASP top 10 was published, but he didn't have any with
> him, so I gave him mine and promised to send me his card when he got home.
> >>>>>>>>>>>>
> >>>>>>>>>>>> And since they are digital, I just had to share this with the
> list. He said OWASP helped his micro-business enormously because his
> clients were not able to ignore his advice anymore because 'the worlds
> security experts' were advocating the same practices.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for
> people & I hope you do too.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Dennis
> >>>>>>>>>>>>
> >>>>>>>>>>>> Dennis Groves, MSc
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/4ddcaad7/attachment.html>


More information about the OWASP-Leaders mailing list