[Owasp-leaders] owasp-informal

Konstantinos Papapanagiotou konstantinos at owasp.org
Sun Feb 3 18:56:51 UTC 2013


Agree. If we split the leaders list, we'll just end up with 2 leaders lists.

Kostas

On 3 Φεβ 2013, at 14:40, Eoin <eoin.keary at owasp.org> wrote:

> What is important and what is less important? Free and open discussion is what's opens paths to both.
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> 
> On 2 Feb 2013, at 14:34, Abbas Naderi <abbas.naderi at owasp.org> wrote:
> 
>> I think the main idea behind clearing the OWASP-LEADERS list is to have more important stuff discussion here, and reach decisions. We are mostly here to decide, than to discuss.
>> 
>> That way all the things that need action can be discussed and decided here, and anything else goes to informal list.
>> 
>> BTW it would be better to name it owasp-leaders-informal IMHO.
>> -Abbas
>> On ۱۴ بهمن ۱۳۹۱, at ۱۷:۵۹, John Wilander <john.wilander at owasp.org> wrote:
>> 
>>> Regardless of whether we create s new list or not we cannot discuss it as an all-else-equal issue. Surgically moving a part of what's now the leaders list is impossible. I did a split for the developer outreach list and it basically killed the discussions.
>>> 
>>> The leaders list is what it is. People surely have found ways to manage it, perhaps by filters or categorization. I for instance read Dennis' first "Great Story" email, left the thread, and then joined again when I saw it had sparked lots of attention. So if we don't plan on changing any behavior here we can just leave it as is.
>>> 
>>> But let's say we want to change our behavior or the effectiveness of the list(s).
>>> 
>>> If the problem is that we want to discuss and chat more than today we might consider a separate list such as owap-informal (or owasp-infernal). I believe auto-subscribing all leaders to it is OK. That way the laggards are on the list instead of off the list. The feisty ones will always take action anyway.
>>> 
>>> If the problem is that important OWASP news goes unnoticed because of the noise on the leaders list I'd prefer creating an owasp-news list and auto-subscribe all leaders to it. Then we could loosen up on the leaders list. This is my preferred choice since people already have a strategy (filters etc) for the leaders list.
>>> 
>>>    Regards, John
>>> 
>>> -- 
>>> My music http://www.johnwilander.com
>>> Twitter https://twitter.com/johnwilander
>>> CV or Résumé http://johnwilander.se
>>> 
>>> 2 feb 2013 kl. 15:03 skrev Dinis Cruz <dinis.cruz at owasp.org>:
>>> 
>>>> If it is opt-in is not going to work
>>>> 
>>>> It should be opt-out so that the ones who don't want to get it can remove themselves.
>>>> 
>>>> Dinis Cruz
>>>> 
>>>> On 2 Feb 2013, at 13:53, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>>> 
>>>>> I agree it should be opt-in. I am planning on setting up that list in about an hour when I am back from dropping of my son at a birthday party.
>>>>> 
>>>>> -- Matt's phone
>>>>> 
>>>>> On Feb 2, 2013 7:45 AM, "Achim" <achim at owasp.org> wrote:
>>>>>> Dinis, Jim, I can add all members of the leaders list to the new informal list,
>>>>>> this is technical no problem.
>>>>>> 
>>>>>> But I'm not sure if everyone wants to be subscribed to a new list, it would be
>>>>>> better if each human opts in first.
>>>>>> Or should we ask to opt out for the new list?
>>>>>> Any ideas how to manage that?
>>>>>> 
>>>>>> Achim
>>>>>> 
>>>>>> 
>>>>>> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>>>>>> > For that to work you need to subscribe all members of the OWASP-leaders into the OWASP-informal
>>>>>> >
>>>>>> > The reason these threads exist is because of the value of the leader's shared knowledge
>>>>>> >
>>>>>> > Dinis Cruz
>>>>>> >
>>>>>> > On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>> >
>>>>>> >> Ok let's do this.
>>>>>> >>
>>>>>> >> We setup owasp-informal.
>>>>>> >>
>>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>>>>> >>
>>>>>> >> 1) May I suggest we tighten down the use of owasp-leaders to OWASP news only?
>>>>>> >> 2) Those who want to chit chat off-topic please migrate to owasp-informal?
>>>>>> >> 3) Simply banning Dennis Groves from leaders alone will help. ;) Dennis, can I make you admin of owasp-informal ?
>>>>>> >>
>>>>>> >> Aloha,
>>>>>> >> --
>>>>>> >> Jim Manico
>>>>>> >> @Manicode
>>>>>> >> (808) 652-3805
>>>>>> >>
>>>>>> >> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>>>>> >>
>>>>>> >>> Remember when we had a plan to make two leaders list, one for free discussions and one for decision making?
>>>>>> >>>
>>>>>> >>> I think there's a Gaussian Hole where our plans go :D
>>>>>> >>> -Abbas
>>>>>> >>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson <jason.johnson at owasp.org> wrote:
>>>>>> >>>
>>>>>> >>>> Best part is I will be using this in meeting for the government.
>>>>>> >>>>
>>>>>> >>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>>> >>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>>>>> >>>>>
>>>>>> >>>>>> It's truly amazing what we've turned this thread into. :)
>>>>>> >>>>>> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities.
>>>>>> >>>>>
>>>>>> >>>>> I can't agree with Konstantinos more!!! Business executives don't have one fuck to give about vulnerabilities; but you start talking about 'risk' to their business and they are all ears. It is about the relevance to the companies we are trying to assist; not about what it 'technically' is that matters…
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>> Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
>>>>>> >>>>>>
>>>>>> >>>>>> Kostas
>>>>>> >>>>>>
>>>>>> >>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>>>>> >>>>>>
>>>>>> >>>>>>> It's a payload delivery system.
>>>>>> >>>>>>>
>>>>>> >>>>>>> Eoin Keary
>>>>>> >>>>>>> Owasp Global Board
>>>>>> >>>>>>> +353 87 977 2988
>>>>>> >>>>>>>
>>>>>> >>>>>>>
>>>>>> >>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>>>>>> >>>>>>>
>>>>>> >>>>>>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>>>>> >>>>>>>>
>>>>>> >>>>>>>> An attack would be something like "Site Defacement using XSS".
>>>>>> >>>>>>>>
>>>>>> >>>>>>>> Aloha,
>>>>>> >>>>>>>> Jim
>>>>>> >>>>>>>>
>>>>>> >>>>>>>>> Roughly. XSS is used as
>>>>>> >>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>>>>> >>>>>>>>>
>>>>>> >>>>>>>>>
>>>>>> >>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>>> >>>>>>>>>> Nope. Risk is impact x probability
>>>>>> >>>>>>>>>> Vulns = xss SQLI etc
>>>>>> >>>>>>>>>>
>>>>>> >>>>>>>>>> Eoin Keary
>>>>>> >>>>>>>>>> Owasp Global Board
>>>>>> >>>>>>>>>> +353 87 977 2988
>>>>>> >>>>>>>>>>
>>>>>> >>>>>>>>>>
>>>>>> >>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>>> >>>>>>>>>>
>>>>>> >>>>>>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>>>> >>>>>>>>>>>
>>>>>> >>>>>>>>>>>
>>>>>> >>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>>> >>>>>>>>>>>
>>>>>> >>>>>>>>>>>> Hello OWASP,
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> Dennis
>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>> Dennis Groves, MSc
>>>>>> >
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130203/d0e21856/attachment-0001.html>


More information about the OWASP-Leaders mailing list