[Owasp-leaders] owasp-informal

Tom Brennan tomb at owasp.org
Sat Feb 2 14:36:16 UTC 2013


There is a lot of lists.. 

https://lists.owasp.org/mailman/listinfo

Imho If we are taking action on adding another list then we need to step back and also clarify the purpose of the distro propose the following logical layout

1. OWASP-All 
(Nest group for global alerts and all groups are nested)  - exists today workflow process needs documentation for operations
Purpose: outgoing announcements to the community

2. OWASP-Leaders
(A nested group of owasp-chapter leaders that have agreed to the chapter handbook managed by Kate and nested group of owasp projects maintained by Samantha) the core of active community members. Topics range from
Purpose: core issues and straw-man discussions and nursery rhymes.
2a OWASP-Chapters sub list 
2b OWASP-Projects
sub list
* access restricted 

3. (*new*) OWASP-Software Security-General
(Used for general discussion anyone can join the list and discussion is encouraged on any topic software security related.)

A common question from those in the community who do not run a chapter or a project and are not on the owasp-leaders list is where is the general software-security list of OWASP that they can join and participate in?  Does OWASP have a dedicated IRC.  

Some people seem to like the owasp LinkedIn discussion group (over 12,000 people on that btw) http://www.linkedin.com/groups/Global-OWASP-Foundation-36874

Many reference the SC-L list (plug for Ken's group http://www.securecoding.org/list/)


Finally reddit has been a favorite location for some folks http://www.reddit.com/r/owasp/ while others prefer and use the forums of OWASP NING 
http://myowasp.ning.com/

My point is rather than create more lists a wiki page that describes the purpose if each to help a community member navigate and list  etiquette is a tsk needed more then another list to segment communications and drive people to search for the blue flower with red thorns.  

OWASP Global committees (that are being replaced by strategic initiatives managed by employees https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus ) each had mailing lists that were never utilized.

Point do a better job with less then more and those that need to learn to press the delete key to emails or apply filters learn to do so.

Tom Brennan 
International Board of Directors
OWASP Foundation
O: 973-202-0122
www.owasp.org

On Feb 2, 2013, at 8:52 AM, "Dennis Groves" <dennis.groves at owasp.org> wrote:

> Its always been my humble opinion that if a new leaders list were to be created - that the new list would become the 'decisions' list; as this list has already degenerated into tangent conversations. However, the new list is going to also degenerate over time; it is human behaviour to connect ideas and travel tangents!
> 
> This is how discoveries are discovered, ideas clarified and difficult problems solved.
> I don't understand what problem a new list solves; aside from Jim not having to listen to me. :)
> 
> Dennis
> 
> On 2 Feb 2013, at 13:44, Achim wrote:
> 
> Dinis, Jim, I can add all members of the leaders list to the new informal list,
> this is technical no problem.
> 
> But I'm not sure if everyone wants to be subscribed to a new list, it would be
> better if each human opts in first.
> Or should we ask to opt out for the new list?
> Any ideas how to manage that?
> 
> Achim
> 
> Am 02.02.2013 13:47, schrieb Dinis Cruz:
> 
> For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
> 
> The reason these threads exist is because of the value of the leader's shared knowledge
> 
> Dinis Cruz
> 
> On 2 Feb 2013, at 10:50, Jim Manico jim.manico at owasp.org wrote:
> 
> Ok let's do this.
> 
> We setup owasp-informal.
> 
> https://lists.owasp.org/mailman/listinfo/owasp-informal
> 
> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
> 
> Aloha,
> 
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Feb 1, 2013, at 11:42 PM, Abbas Naderi abbas.E at owasp.org wrote:
> 
> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
> 
> I think there's a Gaussian Hole where our plans go :D
> -Abbas
> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson jason.johnson at owasp.org wrote:
> 
> Best part is I will be using this in meeting for the government.
> 
> On Feb 1, 2013 5:37 PM, "Dennis Groves" dennis.groves at owasp.org wrote:
> 
> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
> 
> It's truly amazing what we've turned this thread into. :)
> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
> 
> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
> 
> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
> 
> Kostas
> 
> On 2 Φεβ 2013, at 0:48, Eoin eoin.keary at owasp.org wrote:
> 
> It's a payload delivery system.
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> On 1 Feb 2013, at 22:33, Jim Manico jim.manico at owasp.org wrote:
> 
> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
> 
> An attack would be something like "Site Defacement using XSS".
> 
> Aloha,
> Jim
> 
> Roughly. XSS is used as
> xss = weakness, vulnerability, attack (and some more)
> 
> Am 01.02.2013 22:23, schrieb Eoin:
> 
> Nope. Risk is impact x probability
> Vulns = xss SQLI etc
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> On 1 Feb 2013, at 20:43, Tom Brennan tomb at owasp.org wrote:
> 
> Considering its risks not vulns., hope he updates his cards for 2013
> 
> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" dennis.groves at owasp.org wrote:
> 
> Hello OWASP,
> 
> I couldn't resist posting this to the list! I think that is just pure awesome!
> 
> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
> 
> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
> 
> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
> 
> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
> 
> Dennis
> 
> Dennis Groves, MSc
> 
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> Dennis Groves, MSc
> Email me or schedule a meeting.
> 
> This email is licensed under a CC BY-ND 3.0 license.
> 
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument instead!
> Stand up for your freedom to install free software.
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/29925319/attachment.html>


More information about the OWASP-Leaders mailing list