[Owasp-leaders] owasp-informal

Jim Manico jim.manico at owasp.org
Sat Feb 2 14:43:08 UTC 2013


A very reasonable argument, John. Let me talk to our temp IT director and
get back to you on this. Thank you. :)

--
Jim Manico
@Manicode
(808) 652-3805

On Feb 2, 2013, at 6:29 AM, John Wilander <john.wilander at owasp.org> wrote:

Regardless of whether we create s new list or not we cannot discuss it as
an all-else-equal issue. Surgically moving a part of what's now the leaders
list is impossible. I did a split for the developer outreach list and it
basically killed the discussions.

The leaders list is what it is. People surely have found ways to manage it,
perhaps by filters or categorization. I for instance read Dennis' first
"Great Story" email, left the thread, and then joined again when I saw it
had sparked lots of attention. So if we don't plan on changing any behavior
here we can just leave it as is.

But let's say we want to change our behavior or the effectiveness of the
list(s).

If the problem is that we want to discuss and chat more than today we might
consider a separate list such as owap-informal (or owasp-infernal). I
believe auto-subscribing all leaders to it is OK. That way the laggards are
on the list instead of off the list. The feisty ones will always take
action anyway.

If the problem is that important OWASP news goes unnoticed because of the
noise on the leaders list I'd prefer creating an owasp-news list and
auto-subscribe all leaders to it. Then we could loosen up on the leaders
list. This is my preferred choice since people already have a strategy
(filters etc) for the leaders list.

   Regards, John

-- 
My music http://www.johnwilander.com
Twitter https://twitter.com/johnwilander
CV or Résumé http://johnwilander.se

2 feb 2013 kl. 15:03 skrev Dinis Cruz <dinis.cruz at owasp.org>:

If it is opt-in is not going to work

It should be opt-out so that the ones who don't want to get it can remove
themselves.

Dinis Cruz

On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:

I agree it should be opt-in. I am planning on setting up that list in about
an hour when I am back from dropping of my son at a birthday party.

-- Matt's phone
On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:

> Dinis, Jim, I can add all members of the leaders list to the new informal
> list,
> this is technical no problem.
>
> But I'm not sure if everyone wants to be subscribed to a new list, it
> would be
> better if each human opts in first.
> Or should we ask to opt out for the new list?
> Any ideas how to manage that?
>
> Achim
>
>
> Am 02.02.2013 13:47, schrieb Dinis Cruz:
> > For that to work you need to subscribe all members of the OWASP-leaders
> into the OWASP-informal
> >
> > The reason these threads exist is because of the value of the leader's
> shared knowledge
> >
> > Dinis Cruz
> >
> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
> >
> >> Ok let's do this.
> >>
> >> We setup owasp-informal.
> >>
> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
> >>
> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news
> only?
> >> 2) Those who want to chit chat off-topic please migrate to
> owasp-informal?
> >> 3) Simply banning Dennis Groves from leaders alone will help. ;)
> Dennis, can I make you admin of owasp-informal ?
> >>
> >> Aloha,
> >> --
> >> Jim Manico
> >> @Manicode
> >> (808) 652-3805
> >>
> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
> >>
> >>> Remember when we had a plan to make two leaders list, one for free
> discussions and one for decision making?
> >>>
> >>> I think there's a Gaussian Hole where our plans go :D
> >>> -Abbas
> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org>
> wrote:
> >>>
> >>>> Best part is I will be using this in meeting for the government.
> >>>>
> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org>
> wrote:
> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
> >>>>>
> >>>>>> It's truly amazing what we've turned this thread into. :)
> >>>>>> Despite various formal or informal definitions, I believe that
> "marketing" wise it's better to talk about the top10 risks rather than the
> top10 vulnerabilities.
> >>>>>
> >>>>> I can't agree with Konstantinos more!!! Business executives don't
> have one fuck to give about vulnerabilities; but you start talking about
> 'risk' to their business and they are all ears. It is about the relevance
> to the companies we are trying to assist; not about what it 'technically'
> is that matters…
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Can help get heard by executives while the rest will easily think
> that practically risks are [a result of] technical vulnerabilities.
> >>>>>>
> >>>>>> Kostas
> >>>>>>
> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
> >>>>>>
> >>>>>>> It's a payload delivery system.
> >>>>>>>
> >>>>>>> Eoin Keary
> >>>>>>> Owasp Global Board
> >>>>>>> +353 87 977 2988
> >>>>>>>
> >>>>>>>
> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
> >>>>>>>
> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or
> vulnerability.
> >>>>>>>>
> >>>>>>>> An attack would be something like "Site Defacement using XSS".
> >>>>>>>>
> >>>>>>>> Aloha,
> >>>>>>>> Jim
> >>>>>>>>
> >>>>>>>>> Roughly. XSS is used as
> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
> >>>>>>>>>> Nope. Risk is impact x probability
> >>>>>>>>>> Vulns = xss SQLI etc
> >>>>>>>>>>
> >>>>>>>>>> Eoin Keary
> >>>>>>>>>> Owasp Global Board
> >>>>>>>>>> +353 87 977 2988
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards
> for 2013
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <
> dennis.groves at owasp.org> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Hello OWASP,
> >>>>>>>>>>>>
> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is
> just pure awesome!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this
> week at a local security event. He expressed a great deal of gratitude and
> thanked us for all the amazing work the community has produced.
> >>>>>>>>>>>>
> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business
> cards since the OWASP top 10 was published, but he didn't have any with
> him, so I gave him mine and promised to send me his card when he got home.
> >>>>>>>>>>>>
> >>>>>>>>>>>> And since they are digital, I just had to share this with the
> list. He said OWASP helped his micro-business enormously because his
> clients were not able to ignore his advice anymore because 'the worlds
> security experts' were advocating the same practices.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for
> people & I hope you do too.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Dennis
> >>>>>>>>>>>>
> >>>>>>>>>>>> Dennis Groves, MSc
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/3c237fec/attachment-0001.html>


More information about the OWASP-Leaders mailing list