[Owasp-leaders] owasp-informal

Eoin eoin.keary at owasp.org
Sun Feb 3 12:40:32 UTC 2013


What is important and what is less important? Free and open discussion is what's opens paths to both.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 2 Feb 2013, at 14:34, Abbas Naderi <abbas.naderi at owasp.org> wrote:

> I think the main idea behind clearing the OWASP-LEADERS list is to have more important stuff discussion here, and reach decisions. We are mostly here to decide, than to discuss.
> 
> That way all the things that need action can be discussed and decided here, and anything else goes to informal list.
> 
> BTW it would be better to name it owasp-leaders-informal IMHO.
> -Abbas
> On ۱۴ بهمن ۱۳۹۱, at ۱۷:۵۹, John Wilander <john.wilander at owasp.org> wrote:
> 
>> Regardless of whether we create s new list or not we cannot discuss it as an all-else-equal issue. Surgically moving a part of what's now the leaders list is impossible. I did a split for the developer outreach list and it basically killed the discussions.
>> 
>> The leaders list is what it is. People surely have found ways to manage it, perhaps by filters or categorization. I for instance read Dennis' first "Great Story" email, left the thread, and then joined again when I saw it had sparked lots of attention. So if we don't plan on changing any behavior here we can just leave it as is.
>> 
>> But let's say we want to change our behavior or the effectiveness of the list(s).
>> 
>> If the problem is that we want to discuss and chat more than today we might consider a separate list such as owap-informal (or owasp-infernal). I believe auto-subscribing all leaders to it is OK. That way the laggards are on the list instead of off the list. The feisty ones will always take action anyway.
>> 
>> If the problem is that important OWASP news goes unnoticed because of the noise on the leaders list I'd prefer creating an owasp-news list and auto-subscribe all leaders to it. Then we could loosen up on the leaders list. This is my preferred choice since people already have a strategy (filters etc) for the leaders list.
>> 
>>    Regards, John
>> 
>> -- 
>> My music http://www.johnwilander.com
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>> 
>> 2 feb 2013 kl. 15:03 skrev Dinis Cruz <dinis.cruz at owasp.org>:
>> 
>>> If it is opt-in is not going to work
>>> 
>>> It should be opt-out so that the ones who don't want to get it can remove themselves.
>>> 
>>> Dinis Cruz
>>> 
>>> On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>> 
>>>> I agree it should be opt-in. I am planning on setting up that list in about an hour when I am back from dropping of my son at a birthday party.
>>>> 
>>>> -- Matt's phone
>>>> 
>>>> On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:
>>>>> Dinis, Jim, I can add all members of the leaders list to the new informal list,
>>>>> this is technical no problem.
>>>>> 
>>>>> But I'm not sure if everyone wants to be subscribed to a new list, it would be
>>>>> better if each human opts in first.
>>>>> Or should we ask to opt out for the new list?
>>>>> Any ideas how to manage that?
>>>>> 
>>>>> Achim
>>>>> 
>>>>> 
>>>>> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>>>>> > For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
>>>>> >
>>>>> > The reason these threads exist is because of the value of the leader's shared knowledge
>>>>> >
>>>>> > Dinis Cruz
>>>>> >
>>>>> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> >
>>>>> >> Ok let's do this.
>>>>> >>
>>>>> >> We setup owasp-informal.
>>>>> >>
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>>>> >>
>>>>> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>>>>> >> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>>>>> >> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>>>>> >>
>>>>> >> Aloha,
>>>>> >> --
>>>>> >> Jim Manico
>>>>> >> @Manicode
>>>>> >> (808) 652-3805
>>>>> >>
>>>>> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>>>> >>
>>>>> >>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>>>>> >>>
>>>>> >>> I think there's a Gaussian Hole where our plans go :D
>>>>> >>> -Abbas
>>>>> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>>>>> >>>
>>>>> >>>> Best part is I will be using this in meeting for the government.
>>>>> >>>>
>>>>> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>>>> >>>>>
>>>>> >>>>>> It's truly amazing what we've turned this thread into. :)
>>>>> >>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>>>>> >>>>>
>>>>> >>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>>>>> >>>>>>
>>>>> >>>>>> Kostas
>>>>> >>>>>>
>>>>> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>>>> >>>>>>
>>>>> >>>>>>> It's a payload delivery system.
>>>>> >>>>>>>
>>>>> >>>>>>> Eoin Keary
>>>>> >>>>>>> Owasp Global Board
>>>>> >>>>>>> +353 87 977 2988
>>>>> >>>>>>>
>>>>> >>>>>>>
>>>>> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> >>>>>>>
>>>>> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>>>> >>>>>>>>
>>>>> >>>>>>>> An attack would be something like "Site Defacement using XSS".
>>>>> >>>>>>>>
>>>>> >>>>>>>> Aloha,
>>>>> >>>>>>>> Jim
>>>>> >>>>>>>>
>>>>> >>>>>>>>> Roughly. XSS is used as
>>>>> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>>>> >>>>>>>>>
>>>>> >>>>>>>>>
>>>>> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>> >>>>>>>>>> Nope. Risk is impact x probability
>>>>> >>>>>>>>>> Vulns = xss SQLI etc
>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>> Eoin Keary
>>>>> >>>>>>>>>> Owasp Global Board
>>>>> >>>>>>>>>> +353 87 977 2988
>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>>> >>>>>>>>>>>
>>>>> >>>>>>>>>>>
>>>>> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>> >>>>>>>>>>>
>>>>> >>>>>>>>>>>> Hello OWASP,
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> Dennis
>>>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>>>> Dennis Groves, MSc
>>>>> >
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130203/93f8c99c/attachment-0001.html>


More information about the OWASP-Leaders mailing list