[Owasp-leaders] owasp-informal

Dinis Cruz dinis.cruz at owasp.org
Sat Feb 2 14:23:53 UTC 2013


Of course you have the room to try, I have no power at OWASP to stop it :)

I just have my ideas, opinion and energy :)

Dinis Cruz

On 2 Feb 2013, at 14:23, Jim Manico <jim.manico at owasp.org> wrote:

> Dinis,
> 
> We are going to try this experiment first. This is an opt-in experiment. We understand you do not agree, but please give us room to try.
> 
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Feb 2, 2013, at 6:04 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> 
>> If it is opt-in is not going to work
>> 
>> It should be opt-out so that the ones who don't want to get it can remove themselves.
>> 
>> Dinis Cruz
>> 
>> On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>> 
>>> I agree it should be opt-in. I am planning on setting up that list in about an hour when I am back from dropping of my son at a birthday party.
>>> 
>>> -- Matt's phone
>>> 
>>> On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:
>>>> Dinis, Jim, I can add all members of the leaders list to the new informal list,
>>>> this is technical no problem.
>>>> 
>>>> But I'm not sure if everyone wants to be subscribed to a new list, it would be
>>>> better if each human opts in first.
>>>> Or should we ask to opt out for the new list?
>>>> Any ideas how to manage that?
>>>> 
>>>> Achim
>>>> 
>>>> 
>>>> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>>>> > For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
>>>> >
>>>> > The reason these threads exist is because of the value of the leader's shared knowledge
>>>> >
>>>> > Dinis Cruz
>>>> >
>>>> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>>>> >
>>>> >> Ok let's do this.
>>>> >>
>>>> >> We setup owasp-informal.
>>>> >>
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>>> >>
>>>> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>>>> >> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>>>> >> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>>>> >>
>>>> >> Aloha,
>>>> >> --
>>>> >> Jim Manico
>>>> >> @Manicode
>>>> >> (808) 652-3805
>>>> >>
>>>> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>>> >>
>>>> >>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>>>> >>>
>>>> >>> I think there's a Gaussian Hole where our plans go :D
>>>> >>> -Abbas
>>>> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>>>> >>>
>>>> >>>> Best part is I will be using this in meeting for the government.
>>>> >>>>
>>>> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>>> >>>>>
>>>> >>>>>> It's truly amazing what we've turned this thread into. :)
>>>> >>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>>>> >>>>>
>>>> >>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>>>> >>>>>>
>>>> >>>>>> Kostas
>>>> >>>>>>
>>>> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>>> >>>>>>
>>>> >>>>>>> It's a payload delivery system.
>>>> >>>>>>>
>>>> >>>>>>> Eoin Keary
>>>> >>>>>>> Owasp Global Board
>>>> >>>>>>> +353 87 977 2988
>>>> >>>>>>>
>>>> >>>>>>>
>>>> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>>> >>>>>>>
>>>> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>>> >>>>>>>>
>>>> >>>>>>>> An attack would be something like "Site Defacement using XSS".
>>>> >>>>>>>>
>>>> >>>>>>>> Aloha,
>>>> >>>>>>>> Jim
>>>> >>>>>>>>
>>>> >>>>>>>>> Roughly. XSS is used as
>>>> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>>> >>>>>>>>>
>>>> >>>>>>>>>
>>>> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>> >>>>>>>>>> Nope. Risk is impact x probability
>>>> >>>>>>>>>> Vulns = xss SQLI etc
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> Eoin Keary
>>>> >>>>>>>>>> Owasp Global Board
>>>> >>>>>>>>>> +353 87 977 2988
>>>> >>>>>>>>>>
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>> >>>>>>>>>>
>>>> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>> Hello OWASP,
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Dennis
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Dennis Groves, MSc
>>>> >
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/cc262b15/attachment-0001.html>


More information about the OWASP-Leaders mailing list