[Owasp-leaders] owasp-informal

Abbas Naderi abbas.naderi at owasp.org
Sat Feb 2 14:34:24 UTC 2013


I think the main idea behind clearing the OWASP-LEADERS list is to have more important stuff discussion here, and reach decisions. We are mostly here to decide, than to discuss.

That way all the things that need action can be discussed and decided here, and anything else goes to informal list.

BTW it would be better to name it owasp-leaders-informal IMHO.
-Abbas
On ۱۴ بهمن ۱۳۹۱, at ۱۷:۵۹, John Wilander <john.wilander at owasp.org> wrote:

> Regardless of whether we create s new list or not we cannot discuss it as an all-else-equal issue. Surgically moving a part of what's now the leaders list is impossible. I did a split for the developer outreach list and it basically killed the discussions.
> 
> The leaders list is what it is. People surely have found ways to manage it, perhaps by filters or categorization. I for instance read Dennis' first "Great Story" email, left the thread, and then joined again when I saw it had sparked lots of attention. So if we don't plan on changing any behavior here we can just leave it as is.
> 
> But let's say we want to change our behavior or the effectiveness of the list(s).
> 
> If the problem is that we want to discuss and chat more than today we might consider a separate list such as owap-informal (or owasp-infernal). I believe auto-subscribing all leaders to it is OK. That way the laggards are on the list instead of off the list. The feisty ones will always take action anyway.
> 
> If the problem is that important OWASP news goes unnoticed because of the noise on the leaders list I'd prefer creating an owasp-news list and auto-subscribe all leaders to it. Then we could loosen up on the leaders list. This is my preferred choice since people already have a strategy (filters etc) for the leaders list.
> 
>    Regards, John
> 
> -- 
> My music http://www.johnwilander.com
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
> 
> 2 feb 2013 kl. 15:03 skrev Dinis Cruz <dinis.cruz at owasp.org>:
> 
>> If it is opt-in is not going to work
>> 
>> It should be opt-out so that the ones who don't want to get it can remove themselves.
>> 
>> Dinis Cruz
>> 
>> On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>> 
>>> I agree it should be opt-in. I am planning on setting up that list in about an hour when I am back from dropping of my son at a birthday party.
>>> 
>>> -- Matt's phone
>>> 
>>> On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:
>>> Dinis, Jim, I can add all members of the leaders list to the new informal list,
>>> this is technical no problem.
>>> 
>>> But I'm not sure if everyone wants to be subscribed to a new list, it would be
>>> better if each human opts in first.
>>> Or should we ask to opt out for the new list?
>>> Any ideas how to manage that?
>>> 
>>> Achim
>>> 
>>> 
>>> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>>> > For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
>>> >
>>> > The reason these threads exist is because of the value of the leader's shared knowledge
>>> >
>>> > Dinis Cruz
>>> >
>>> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>>> >
>>> >> Ok let's do this.
>>> >>
>>> >> We setup owasp-informal.
>>> >>
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>> >>
>>> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>>> >> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>>> >> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>>> >>
>>> >> Aloha,
>>> >> --
>>> >> Jim Manico
>>> >> @Manicode
>>> >> (808) 652-3805
>>> >>
>>> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>> >>
>>> >>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>>> >>>
>>> >>> I think there's a Gaussian Hole where our plans go :D
>>> >>> -Abbas
>>> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>>> >>>
>>> >>>> Best part is I will be using this in meeting for the government.
>>> >>>>
>>> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>> >>>>>
>>> >>>>>> It's truly amazing what we've turned this thread into. :)
>>> >>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>>> >>>>>
>>> >>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>>> >>>>>>
>>> >>>>>> Kostas
>>> >>>>>>
>>> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>> >>>>>>
>>> >>>>>>> It's a payload delivery system.
>>> >>>>>>>
>>> >>>>>>> Eoin Keary
>>> >>>>>>> Owasp Global Board
>>> >>>>>>> +353 87 977 2988
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>> >>>>>>>
>>> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>> >>>>>>>>
>>> >>>>>>>> An attack would be something like "Site Defacement using XSS".
>>> >>>>>>>>
>>> >>>>>>>> Aloha,
>>> >>>>>>>> Jim
>>> >>>>>>>>
>>> >>>>>>>>> Roughly. XSS is used as
>>> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>> >>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>> >>>>>>>>>> Nope. Risk is impact x probability
>>> >>>>>>>>>> Vulns = xss SQLI etc
>>> >>>>>>>>>>
>>> >>>>>>>>>> Eoin Keary
>>> >>>>>>>>>> Owasp Global Board
>>> >>>>>>>>>> +353 87 977 2988
>>> >>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>> >>>>>>>>>>
>>> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>> Hello OWASP,
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Dennis
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Dennis Groves, MSc
>>> >
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/7887f92b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/7887f92b/attachment-0001.bin>


More information about the OWASP-Leaders mailing list