[Owasp-leaders] (on O2 Platform) Re: Fwd: Getting in touch with the leader ?

Dinis Cruz dinis.cruz at owasp.org
Fri May 17 11:37:49 UTC 2013


(changing the title to reflect the new thread on the O2 Platform)

Hey Andrew, thanks a lot for your feedback, and please see my comments below


On 16 May 2013 13:41, vanderaj vanderaj <vanderaj at owasp.org> wrote:

> Dinis,
>
> I know what you mean about the lack of O2 feedback. So I'm going to
> give you a tiny bit, and hopefully it will help rather than hinder the
> discussion.
>

and I really appreciate you taking the time :)


> I think the main constructive criticism I can help you with for O2 is
> the UX is almost certainly best represented as "Dinis Cruz's best
> 13487 ideas in a single app with a fair few extra options just to make
> sure they are there, plus magic lemur juice".
>

I agree :) in fact one of my core objectives for O2 was that it would be
become my preferred tool, which I would use every day and where I would be
the most productive.

I do believe that it is very important for the developers to use their tool
every day, and part of the reason why the rate of innovation in O2 hasn't
really slowed down is because I keep using it, and keep improving
its capabilities (in order to make my work/job more effecient)

Note that I am a really '*hard father*' on O2, and will not use it if there
is a better solution or technology. This is always a great sanity check,
since it is also important not to 'force the use' of a tool/technique. In a
way my development moto of O2 is to make O2 the easiest and most productive
way for doing a particular 'security/development related' task.

I also always viewed that the comment '*only dinis can do it ! *' is in
fact a great compliment, since that means that *'it is possible to do it !*'
(vs *'not being possible to do'*). It also allows for evolution to be
measured. For example, a couple years ago I would hear that *'what you
(Dinis) are proposing will not scale because only you (Dinis) can use
it'*and now I've started to hear reports/comments from O2 users that
they are
hearing the same thing :)  ie. they are being told (in some case):   *'what
you are proposing will not scale because only you (XYZ O2 user) can use
it'. *Which is an evolution and means the workflow/system is starting to
work.
*
*
That said, at the moment a lot of those 13488 ideas (I added another one
last night :) ) are now all managed via scripts which are dynamically
compiled and executed (you can see the scripts at
https://github.com/o2platform/O2.Platform.Scripts )

Also the main O2 GUI is much more simpler to use:
http://blog.diniscruz.com/p/owasp-o2-platform.html and there is even a way
to consume it as a VisualStudio
Extension<http://visualstudiogallery.msdn.microsoft.com/295fa0f6-37d1-49a3-b51d-ea4741905dc2>

>
> O2 could really do with some community,


It could do with a *bigger* community :)

there are already a number of great O2 users and some companies actually
using it as part of their SDL (which is pretty cool)


> particularly to untangle the
> hot mess that is the UI.


yap, and that is what that community should really be doing.

The way I look at it, my job is to create powerful APIs and Capabilities
inside the O2 Platform. I also need to create GUIs that work for me.

*The power of O2 is its ability to create targeted/focused GUIs*, and what
is needed is for that 'O2 Community' to do the same (see below for how
these targeted/custom GUIs can be easily packaged and distributed).

Yes this means that O2 is having a slower '*success rate*' than it would
with those simpler GUIs, but its the community that should be building
those simpler GUIs.  My job as O2 core-developer is to create solutions
that allow that workflow and ecosystem to happen  (and to create the
simpler GUIs for me :) ). Remember that it is very dangerous to develop
features for that you think '*a user out there*' will want, its better to
work with real users who have real problems.

That said, we're clearly not there with simpler and widely used O2-created
GUIs, but it's getting closer by the day :)


> I watched a few of the videos, tried it a
> couple of times over the last couple of years when I've had .NET code
> reviews, and honestly, I am moderately sure it can do what I am asking
> of it if only I knew what I'm supposed to do, but I find it's utterly
> impenetrable. I bet many more do too, but I'm not sure many have tried
> it as it's plain scary on first boot.
>

I agree, and it demands quite a lot from its first users.


> Can I humbly suggest that you work with some folks who can work with
> you to edit the feature set into progressive disclosure, put some
> metrics into it to work out some (simpler) common workflows, and
> somehow (and I'm not sure this is possible) simplify the use of the
> tool so that mere mortals can use say the 20% of the product that
> would be used 80% of the time? There's a fine, powerful product hiding
> in there somewhere.
>

Again I agree with that, what I need is those '*folks'* who want to work :)

For example, my focus on the O2 Development has been to add solutions and
technologies that will allow that process to happen very smoothly.

Namely the ability to package an O2 script as a 100% stand-alone exe that
can be easily deployed and consumed (take a look at this post : Packaging
an O2 Platform Script as a stand alone tool (in this case the WatiN based
‘IE Script’ tool)<http://blog.diniscruz.com/2013/03/packaging-o2-platform-script-as-stand.html>
for
a detailed explanation of how it works)

This is what I believe you want: *Single focused O2 tools that do one thing
very well, *right?

Here are a number of stand-alone tools that I have created an published:

   - Util - View CheatSheets at devcheatsheet.com v1.0.exe
<http://blog.diniscruz.com/2012/10/util-view-cheatsheets-at.html>
   - Tool - O2 Cmd SpringMVC v1.0.exe - as standalone
exe<http://blog.diniscruz.com/2012/10/tool-o2-cmd-springmvc-v10exe-as.html>

   - Util - O2 Java Tools (IKVM Based)
v1.0<http://blog.diniscruz.com/2012/10/util-o2-java-tools-ikvm-based-v10.html>
   - WinDbg, Cdb, Sun-Of-Strike and Util - Start SoSNet (O2
Version).exe<http://blog.diniscruz.com/2012/11/windbg-cdb-sun-of-strike-and-util-start.html>

   - Util - Cir Viewer (with C# DLL converter)
v1.0<http://blog.diniscruz.com/2012/11/util-cir-viewer-with-c-dll-converter-v10.html>

   - O2 tools to view and script J2EE, Struts and Tiles xml config
files<http://blog.diniscruz.com/2012/11/o2-tools-to-view-and-script-j2ee-struts.html>

   - AppScan Source Findings in Ozasmt files (and O2 tools to View, Filter,
   Join, Stitch and Script
them)<http://blog.diniscruz.com/2012/11/appscan-source-findings-and-o2-tools-to.html>

   - Util - Java Decompiler (JAD based)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-java-decompiler-jad-based-v10exe.html>

   - Util - Windows Handles Viewer (Simple Gui)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-windows-handles-viewer-simple-gui.html>

   - Util - Windows Handles Viewer (Simple GUI with REPL)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-windows-handles-viewer-simple-gui_20.html>
   - Util - Windows Handles - View Handle Screenshot
v1.0.exe<http://blog.diniscruz.com/2012/11/util-windows-handles-view-handle.html>
   - Util - Windows Handles Viewer (with Child Windows)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-windows-handles-viewer-with-child.html>

   - Util - Win32 Window Handle Hijack (simple)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-win32-window-handle-hijack-simple.html>
   - Util - Win32 Window Handle Hijack (4x host panels)
v1.0.exe<http://blog.diniscruz.com/2012/11/util-win32-window-handle-hijack-4x-host.html>

   - REPL GUI for Clojure-CLR (C# port of Lisp’s
Clojure)<http://blog.diniscruz.com/2013/02/repl-gui-for-clojure-clr-c-port-of.html>

   - Tool - View .NET Assembly References
Mappings.exe<http://blog.diniscruz.com/2013/02/tool-view-net-assembly-references.html>

   - Util - Jni4Net - Java BeanShell REPL
v1.0.exe<http://blog.diniscruz.com/2013/03/invoking-java-beanshell-from-net-clr.html>

   - Util - Current Font
Families.exe<http://blog.diniscruz.com/2013/03/util-current-font-familiesexe.html>


Note that these are just examples of the tools that I have blogged about,
you can find a much bigger number of tools here:
https://www.dropbox.com/sh/xu90yd334ig0n7x/FU4ry6zemj/O2Platform%20Tools(feel
free to browse and download the stand-alone exes)

The links above are also examples of '*needs from o2 users*'. I.e. those
where tools that an existing O2 user asked for help with, and my prefered
way to help is to write a blog post with the answer: for example like
this: Finding
a html link with no ID in the middle of a web page using WatiN (via IE
objects and jQuery)<http://blog.diniscruz.com/2013/04/finding-html-link-with-no-id-in-middle.html>


So YES, *O2 really needs simple GUIs, with clear documentation and how-to
guides*.* The technology and capabilities are there now, all we need are
users with specific problems (that could be solved with a variation of one
of the existing tools/scripts)*


> Lastly, you're one of the very few in our OWASP community who likes,
> develops, and uses Microsoft platforms.


Yeah, sometimes that can be quietly lonely :(

I wrote about that today on: Where Is .NET Headed? and the cost for
Microsoft of ignoring the O2
Platform<http://blog.diniscruz.com/2013/05/where-is-net-headed-and-cost-for.html>
,
do you think I was to hard on Steve B and Microsoft?


> That platform is a critical
> commercial niche,


Nice and non-controversial comment :)


> but I doubt more than a handful of us could
> participate in developing O2 unless it could be made to run under Mono
> as well. Is there any chance of that?
>

well, as you have found out (by your comment on my blog) that is also an
area that I have made quite a lot improvements in the O2 Platform :)

There is an mono branch of the main APIs: *
https://github.com/o2platform/O2.FluentSharp/tree/Mono_Branch* (which
compile ok in MonoDevelop in OSx) and here are a number of OSX related
posts:

   - Download of O2 Platform Stand-alone-tools that run on
OSx<http://blog.diniscruz.com/2013/03/download-of-o2-platform-stand-alone.html>

   - Running O2 Platform's main C# REPL script on OSX (wasn't working
   before)<http://blog.diniscruz.com/2013/03/running-o2-platforms-main-c-repl-script.html>

   - Problem running O2's Exe on OSX 10.8 , fixed using
XQuartz<http://blog.diniscruz.com/2013/03/problem-running-o2s-exe-on-osx-108.html>

   - Installing Mono and MonoDevelop/Xamarin on
OSx<http://blog.diniscruz.com/2013/03/installing-mono-and-monodevelopxamarin.html>
   - O2's Findings Viewer on OSx viewing AppScan Source
file<http://blog.diniscruz.com/2012/09/o2s-findings-viewer-on-osx-viewing.html>

   - O2 in OSx - Running TextBased C# REPL
tool<http://blog.diniscruz.com/2012/09/o2-in-osx-running-textbased-c-repl-tool.html>



Btw, on the topic of interoperability also checkout how O2 can now talk
with ZAP Proxy: Using Jni4Net (Part 2) - Controling OWASP ZAP remotely (via
Java BeanShell REPL in
.Net)<http://blog.diniscruz.com/2012/11/using-jni4net-part-2-controling-owasp.html>
(or any other Java windows app or Jar)

Wrapping up, *the key to using O2 is to start with a problem that you want
to solve,* and also having the realisation that O2 today is *designed to
WORK *, not *Designed to be Easy to 'start using'*
*
*
Which means that if you *try to use O2 today, you WILL get lost and wont be
able to get the most of out it.*

What is needed is for those *'trying to use O2'* users (like you Andrew in
the past) to have enough faith in O2 to be able to ask for help and work
through the creation of the solution they want/need.

It wont be easy, but the rewards are worth it :)

My job as O2 main developer is to make that path as fast and effective as
possible.

The job of those O2 users is to create tools for them and for their users :)

That is how (in my view) O2 will scale and survive in the long term

Finally, if you are still reading this, I am always more than happy to
provide remote training on O2 via remote desktop tools like Join.me, all
you need to do is ask :)

Thanks for reading

Dinis



> thanks,
> Andrew
>
> On Thu, May 16, 2013 at 9:36 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> > easy there Chris, Jim is making valid points and although I am a big fan
> of
> > the ESAPI concept (and have written about it here,  here and here) it is
> not
> > as healthy as it was a while back.
> >
> > As a fellow OWASP leader that is also working hard on an OWASP project,
> it
> > is our job to accept and understand the comments made about our
> > efforts/projects.
> >
> > Like I have already mentioned before, I'm jealous about the criticism
> that
> > ESAPI gets, because it means that people care about it :)
> >
> > In the O2 Plaform, even after 192 blog posts and a gazilion of
> innovations,
> > I'm still mainly at the stage  of '... interresting ... but I have no
> idea
> > how to use it? btw where is the documentation' :)
> >
> > In fact, I'm even trying to contribute to ESAPI and AppSensor since I
> last
> > month (with colin) I was able to consume ESAPI from O2. See First
> execution
> > of ESAPI.jar Encoder methods from O2's C# REPL  which is a follow-up
> from my
> > previous attempt: Loading OWASP ESAPI jar and its dependencies from C#
> > (using jni4net)
> >
> > ESAPI is in a hard position and needs help/focus, and I don't think that
> > blaming Jim for voicing his opinion (which I share) is the right way
> about
> > it. In fact, Chris, I would recommend that one of your personal goals for
> > ESAPI in 2013 is to change Jim's mind and get him to recommend ESAPI
> again
> > (and I remember going back a couple years when Jim was the BIGGEST ESAPI
> FAN
> > in world, and I got into a lot of trouble by voicing my concerns about
> > ESAPI)
> >
> > We need more comments and honest feedback at OWASP, that is the only way
> our
> > projects will grow.
> >
> > And yes, the O2 Platform still sucks in lot of ways, but (slowly) there
> are
> > more users actually using it, and I am able to do things with it that I
> > couldn't do a year ago (for example Downloading the entire NuGet package
> > database  or (grab a coffee first) Using AST to programatically create a
> > Proxy class for a WSDL webservice (in this case HacmeBank and Checkmarx
> > ASMX)  or GUI with WebStorm and JsTestDriver controlling 3 Hijacked
> Browser
> > windows (Chrome, Firefox and IE)  ), so I know that O2 is going in the
> right
> > direction :)
> >
> > It's just a long and (mostly) lonely road :)
> >
> > Dinis
> >
> >
> > Dinis Cruz
> >
> > Blog: http://diniscruz.blogspot.com
> > Twitter: http://twitter.com/DinisCruz
> > Web: http://www.owasp.org/index.php/O2
> >
> >
> > On 28 March 2013 19:19, Chris Schmidt <chris.schmidt at owasp.org> wrote:
> >>
> >> I feel a more constructive approach to most of these issues is to
> propose
> >> them in a way that is non-confrontational and proposes solutions.
> >>
> >> 1) The singleton pattern, while a valid approach to solve some problems
> is
> >> overused in the ESAPI project - perhaps adding an option, as Spring
> >> Framework does, to enable the singleton pattern over a default Flyweight
> >> or Factory pattern would be a better approach to object distribution in
> >> ESAPI.
> >>
> >> 2) There are quite a few open bugs in the ESAPI project that *I* feel
> are
> >> important - so I have up voted and commented on them with potential
> ideas
> >> that could help resolve the problems.
> >>
> >> 3) I noticed that there hasn't been a lot of commit activity on the
> >> project since last July - I feel this is an important project so I have
> >> leveraged my voice as a prominent member of the OWASP community to see
> if
> >> I can get some additional volunteers to help you guys address the issues
> >> that I mentioned above.
> >>
> >> We are an open organization of volunteers and there are a lot of
> projects
> >> under the OWASP umbrella, there are a select few of us who champion the
> >> OWASP projects cause and we are all busy individuals. Calling anyones
> baby
> >> ugly and not providing constructive feedback for a project within our
> own
> >> organization only hurts our common mission and as such I think it is
> >> important that we all self-moderate our comments with regards to any
> OWASP
> >> project. Healthy debate is healthy and I (and most others within the
> >> organization that I have had the pleasure of meeting and/or working
> with)
> >> openly and warmly accept any and all feedback, but when it is
> constructive
> >> and meaningful it helps all of us.
> >>
> >> Further, there is an appropriate channel for this conversation and I
> don't
> >> feel that channel is the leaders list. Sebastian asked a valid question
> >> after not getting a response on the ESAPI dev list, and answering his
> >> question then taking this conversation to the dev list would have been
> the
> >> appropriate move.
> >>
> >> I currently wear the mantle of ESAPI leadership and one of my
> >> responsibilities as the leader for one of the most visible OWASP
> projects
> >> is to be aware of how I am performing my own job. I will happily
> >> relinquish my leadership role if anyone feels that I am not adequately
> >> filling the role and will continue to contribute to the project because
> I
> >> believe in the mission of ESAPI. Remember just because you may not see
> the
> >> work going on doesn't mean that work isn't happening. As I said in other
> >> messages - ESAPI is a large and very visible project and making rash
> >> decisions that introduce incompatibilities will not help anyone -
> >> compounded with the fact that we (Kevin and I) are both working on this
> >> while very busy with other responsibilities means that change may not be
> >> happening as quickly as anyone may like it too - but it is happening.
> >>
> >> I will happily continue this conversation in the appropriate channel if
> >> you would like to further discuss it and anyone is welcome to join in to
> >> the conversation on the ESAPI-Dev mailing list if they have ideas,
> >> opinions, or comments in general. Let's keep conversation on the leaders
> >> list on topic for the leaders list.
> >>
> >> </soapbox>
> >>
> >>
> >>
> >> On 3/28/13 12:32 PM, "Jim Manico" <jim.manico at owasp.org> wrote:
> >>
> >> >Chris,
> >> >
> >> >I agree that ESAPI is not dead, and I'm eager to see you and others
> >> >return to actively working on the project.
> >> >
> >> >But I do objectively feel that it's not a release quality project and I
> >> >no longer recommend that organizations use it. I think it's a great
> >> >research project, but other projects trump ESAPI in terms of quality
> and
> >> >activity like I mentioned earlier.
> >> >
> >> >1) The singleton is a fundamental design flaw and needs to be removed
> >> >2) The project has a large number of active bugs, many of these are
> VERY
> >> >significant https://code.google.com/p/owasp-esapi-java/issues/list
> >> >3) There has not been major coding activity on ESAPI for Java since
> July
> >> >2012.
> >> >
> >> >When these things change, I'll change my tune.
> >> >
> >> >- Jim
> >> >
> >> >> Sebastian and all -
> >> >>
> >> >> While we try to monitor what is happening on the list all the time,
> >> >>understandably we all get busy from time to time. That being said, the
> >> >>ESAPI project is far from dead. Sebastian, feel free to contact Jeff
> and
> >> >>Myself off-list and we would be more than happy to address any
> questions
> >> >>that you have! Thanks!
> >> >>
> >> >> ~Chris
> >> >>
> >> >> From: Samantha Groves
> >> >><samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>>
> >> >> Date: Thursday, March 28, 2013 11:10 AM
> >> >> To: Konstantinos Papapanagiotou
> >> >><Konstantinos at owasp.org<mailto:Konstantinos at owasp.org>>
> >> >> Cc: "spyrosgaster at gmail.com<mailto:spyrosgaster at gmail.com>"
> >> >><spyrosgaster at gmail.com<mailto:spyrosgaster at gmail.com>>, Leaders
> >> >><owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>>
> >> >> Subject: Re: [Owasp-leaders] Fwd: Getting in touch with the leader ?
> >> >>
> >> >> Agreed.
> >> >>
> >> >> Can I get a list of names of the individuals actively contributing to
> >> >>this project. I need to update our records.
> >> >>
> >> >> Additionally, I need someone to volunteer to manage requests and
> >> >>questions that come into the ESAPI mailing list. Please message me if
> >> >>you are interested. This person will be responsible for answering
> >> >>questions, and liaising between contributors and the community.
> >> >>
> >> >> Thank you, Leaders.
> >> >>
> >> >> Sam G.
> >> >>
> >> >> On Thu, Mar 28, 2013 at 4:47 PM, Konstantinos Papapanagiotou
> >> >><Konstantinos at owasp.org<mailto:Konstantinos at owasp.org>> wrote:
> >> >> All,
> >> >>
> >> >> Spyros (cc-ed as he's not on the leaders list) is also already
> working
> >> >>on an ESAPI for PHP rewrite and actually a few days ago also tried to
> >> >>get in touch with someone on the ESAPI mailing lists.
> >> >> Since apparently people are working on it we should have some kind of
> >> >>co-ordination.
> >> >>
> >> >> Kostas
> >> >>
> >> >>
> >> >> On Thursday, March 28, 2013, Abbas Naderi wrote:
> >> >> Hello
> >> >> We're doing some PHP security project, which would hopefully result
> in
> >> >>a rewrite of ESAPI. the current ESAPI PHP is 100% against PHP
> >> >>programming values.
> >> >> Thanks
> >> >> -Abbas
> >> >> On ۸ فروردین ۱۳۹۲, at ۱۷:۴۷, Samantha Groves
> >> >><samantha.groves at owasp.org> wrote:
> >> >>
> >> >> Hello All,
> >> >>
> >> >> Chris Schmidt & Kevin Wall are both co-leading this project at the
> >> >>moment. A few months ago, we put together a proposal for funding from
> >> >>the DHS that included a management and technical management roadmap
> that
> >> >>we submitted for funding. We have been waiting for a decision.
> >> >>
> >> >> I have just gotten word from DHS that funding for their programs has
> >> >>now been approved for 2013. The last I heard is that our ESAPI Project
> >> >>proposal was in round two of reviews. In answer to your questions,
> ESAPI
> >> >>is not dead, we were just placed at a halt after our proposal was
> >> >>submitted to DHS.
> >> >>
> >> >> I hope this clears thing up. Let me know if you have questions,
> >> >>concerns, etc.
> >> >>
> >> >> Cheers now, All.
> >> >>
> >> >> SG
> >> >>
> >> >> On Thu, Mar 28, 2013 at 11:27 AM, vanderaj vanderaj
> >> >><vanderaj at owasp.org> wrote:
> >> >> I thought that Chris Schmidt had taken over the helm of ESAPI?
> >> >>
> >> >> thanks,
> >> >> Andrew
> >> >>
> >> >>
> >> >> On Thu, Mar 28, 2013 at 9:11 PM, Sebastien Gioria
> >> >><sebastien.gioria at owasp.org> wrote:
> >> >> No news from anyone ? Is ESAPI dev definitively dead ?
> >> >>
> >> >> I'm in touch with a new potential big corporate member who has
> >> >> integrate ESAPI in his product and have problem. Any value for them
> >> >> before making they membership could be the OWASP capacity to be in
> >> >> touch with the leader of the ESAPI Java.
> >> >>
> >> >> We (France) are in touch with them to Host the First OWASP France Day
> >> >> and many more other opportunity.
> >> >>
> >> >> It's really a big reference for OWASP if we have it.
> >> >>
> >> >> Thanks.
> >> >>
> >> >>
> >> >> ---------- Forwarded message ----------
> >> >> From: Sebastien Gioria <sebastien.gioria at owasp.org>
> >> >> Date: 2013/3/26
> >> >> Subject: Getting in touch with the leader ?
> >> >> To: owasp-esapi-dev <owasp-esapi-dev at owasp.org>
> >> >> Cc : Jeff Williams <jeff.williams at owasp.org>
> >> >>
> >> >>
> >> >> Hi guys,
> >> >>
> >> >> I'm not sure Jeff is always the leader of the JavaEE ESAPI project,
> >> >> and I need to be in touch with the leader of the project for some
> >> >> related presentations and experiences exchange with a big french
> >> >> company.
> >> >>
> >> >> Thanks in advance
> >> >>
> >> >>
> >> >> --
> >> >> OWASP French Chapter Leader
> >> >> GSM: +33 6 70 59 11 44
> >> >>
> >> >>
> >> >> --
> >> >> OWASP French Chapter Leader
> >> >> GSM: +33 6 70 59 11 44
> >> >> _______________________________________________
> >> >> OWASP-Leaders mailing list
> >> >> OWASP-Leaders at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> OWASP-Leaders mailing list
> >> >> OWASP-Leaders at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Samantha Groves, MBA
> >> >> OWASP Project Manager
> >> >>
> >> >> The OWASP Foundation
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >>
> >> >> Samantha Groves, MBA
> >> >>
> >> >> OWASP Project Manager
> >> >>
> >> >>
> >> >> The OWASP Foundation
> >> >>
> >> >> Lisbon, Portugal
> >> >>
> >> >> Email: samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>
> >> >>
> >> >> Skype: samanthahz
> >> >>
> >> >>
> >> >> OWASP Global
> >> >>Projects<https://www.owasp.org/index.php/Category:OWASP_Project>
> >> >>
> >> >> Book a Meeting with Me<http://goo.gl/mZXdZ>
> >> >>
> >> >> OWASP Contact US Form<http://owasp4.owasp.org/contactus.html>
> >> >>
> >> >> New Project Application
> >>
> >> >> >>Form<
> https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZ
> >> >>fWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> OWASP-Leaders mailing list
> >> >> OWASP-Leaders at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >> >>
> >> >
> >> >_______________________________________________
> >> >OWASP-Leaders mailing list
> >> >OWASP-Leaders at lists.owasp.org
> >> >https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130517/9d72bf41/attachment-0001.html>


More information about the OWASP-Leaders mailing list