[Owasp-leaders] Should OWASP make a statement on the Security of the Internet and Pervasive Monitoring?

Jason Li jason.li at owasp.org
Thu Nov 14 01:11:33 UTC 2013


Josh,

I agree that OWASP should be encouraging community activity - but that
doesn't negate Martin's point about the Wiki exposure.

Whether we realize it, people outside of OWASP refer to the OWASP web site
as an authoritative source for all things OWASP. With the way we have
things set up now, outsiders are not going to have the understanding and
institutional knowledge to differentiate between scratch-space material and
official information. Case in point, there's a recent thread on the
security101 list where a user asks about conflicting advice on two of
OWASP's wiki pages. People are taking whatever is on the wiki - vetted or
not - as OWASP gospel.

Given Martin's long time support and contributions to OWASP, I doubt that
his intention was to quash Tobias' effort. He's merely observing that
everything on the wiki represents the voice of OWASP. And we need to
protect that voice to some degree.

The Board recently adopted a Social Media Policy to protect the official
"voice" of OWASP on Twitter, blogs, etc. I think the next natural evolution
of that policy is to eventually establish some templates, standards, or
markers of some sort - or perhaps somehow partition the wiki to
differentiate between "official" OWASP communications and the wiki
infrastructure we provide to enable and foster community ideas.

Just my humble opinion.

-Jason


On Wed, Nov 13, 2013 at 5:11 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Martin,
>
> I am extremely disappointed in your efforts to stifle Tobias' efforts
> before he even got started.  Everyone at OWASP should be encouraged to come
> up with innovative ideas and ways to drive our mission forward without fear
> of being bullied into submission.  And by immediately telling Tobias that
> the wiki is not the right place for this discussion you are actually
> violating the "openness" part of OWASP's core mission.  In my opinion,
> discussion of topics like this should be done in full visibility of the
> world at large.  This is not a political statement, but rather, one that is
> tandem to OWASP's core mission of making application security more
> visible.  Subversion of this process by any party, government or otherwise,
> should not be tolerated.  I agree fully with Tobias that guidance on this
> subject is in line with our mission and is worth our time and efforts.  Did
> you even read what he wrote before you dismissed it?
>
> ~josh
>
>
> On Wed, Nov 13, 2013 at 3:47 PM, <netherlands at owasp.org> wrote:
>
>> Hi Tobias,
>>
>> Before the question if OWASP should make a statement or not, by putting
>> it on the OWASP Wiki, you already did. In my opinion this is very
>> unfortunate!
>>
>> Second, I do not think OWASP as an non-political institution should make
>> a statement in this matter. Even more as the subject itself is off OWASP
>> topics and area.
>>
>> My 2 cents,
>>
>> Cheers,
>> -martin
>>
>> Sent from my BlackBerry® smartphone
>>
>> -----Original Message-----
>> From: Tobias <tobias.gondrom at owasp.org>
>> Sender: owasp-leaders-bounces at lists.owasp.org
>> Date: Wed, 13 Nov 2013 21:28:18
>> To: <owasp-leaders at lists.owasp.org>
>> Subject: [Owasp-leaders] Should OWASP make a statement on the Security of
>>  the Internet and Pervasive Monitoring?
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/ed400560/attachment.html>


More information about the OWASP-Leaders mailing list