[Owasp-leaders] professionalizing the cybersecurity workforce //OWASP certification

Bev Corwin bev.corwin at owasp.org
Fri Aug 8 19:17:14 UTC 2014


Generally, I'm suspicious of most professional associations and
certifications, in general, due mostly to many shortcomings, educational
value, conflicts of interests, etc. Seems that OWASP could possibly help
more by building pathways, road maps, and sharing "things that worked" for
professional development, possibly including any / all other training that
is out there, old stuff w/ new stuff, combine with mentoring, some kind of
professional guidance, or sponsorship, perhaps. But I mostly worry about
the trailblazing opportunities that get lost when industries rely too much
on certifications, often ends up doing more harm than good. Perhaps OWASP
could provide some flexible frameworks?. But would not recommend
reproducing models that do not work. Best wishes.

Bev



On Fri, Aug 8, 2014 at 2:16 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org>
wrote:

> Seeing the negative preconception in us towards certification business, my
> guess would be to make a baby step towards the seemingly existing problem
> of lack of appsec certification of professionals. A smaller move which does
> not convey the negative aspects.
>
> The taxonomy of trust concept may fit this lightweight approach. (If I
> understand the concept right.)
>
> In the beginning we probably can sign not experiences but knowledge of
> OWASP projects. Say Josh is approved to know ASVS V2 and Proactive controls.
>
> Some points on benefits side:
> - We step forward in letting people demonstrate their appsec skills.
> - The pki process is geeky, this can help our publicity and image.
> - The pki process brings an aspect of game into the boring certification
> field, which humans like, so it will attract interest.
> - Making our projects subjects of certification will promote the projects
> included in the taxonomy.
> - etc
>
> An option could be to organize our projects into packages of experience
> (certification). For example ASVS, CISO guide, Proactive controls, 10 and
> such may constitute the AppSec management package. See the other possible
> packages in the new website preview (as target groups, see Johanna's letter
> of Jul 28): coder, tester, analyst, etc. Some groups may need subpackages,
> eg. OWASP projects which proper knowledge fits Java devs' needs.
>
> The packages can have an abbreviated designation, eg. Management
> [experience] package as OWASP MX14.* Making the year part of the code,
> pushes to renew your knowledge periodically.
>
> In the future we can establish (3?) different levels of experience,
> designated say by colors MX16-black for deep knowledge or MX16-green for
> the basic level.
>
> Say the green level knowledge of T10 requires the person to name 6 of 10
> elements and fulfill a couple of other simple formal tests. This is what we
> can start with now. What we know afraid of is the black level
> certification, let it be off the scope today. But today we should be happy
> to motivate people to achieve green level.
>
> * One having the CISA and ASS on his card now can extend it with MX14.
>
>
>
> On Fri, Aug 8, 2014 at 7:07 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> One other thought....these two ideas are not mutually exclusive.  You
>> could technically do both a "taxonomy of trust" and a certification.
>>
>> ~josh
>>
>>
>> On Fri, Aug 8, 2014 at 10:03 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> I really like this idea Bev.  What if OWASP created a PKI system where
>>> any security professional could request a key pair.  Then, we could provide
>>> a mechanism for individuals to validate skills and experience for other
>>> individuals by "signing" their listed experiences.  Kind of like LinkedIn,
>>> but actually meaningful.  We could provide the ability to "look up" people
>>> in the database based on name, skill set, etc.  Some off-the-cuff thoughts,
>>> but this "taxonomy of trust" (as Bev puts it) sounds far more valuable than
>>> an actual certification in my opinion.
>>>
>>> ~josh
>>>
>>>
>>> On Fri, Aug 8, 2014 at 5:38 AM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>>
>>>> My two cents: Personally not a fan of "certifications" of anything, but
>>>> a "taxonomy of trust" might be interesting.
>>>>
>>>> Bev
>>>>
>>>>
>>>> On Fri, Aug 8, 2014 at 6:14 AM, Andrew Muller <andrew.muller at owasp.org>
>>>> wrote:
>>>>
>>>>> Who says we're easily distracted?! ;)
>>>>>
>>>>> Is the discussion dead or does the community think that certification
>>>>> of organisations/processes is a worthwhile pursuit and does the Board think
>>>>> they can lead it?
>>>>>
>>>>>
>>>>> On Thu, Aug 7, 2014 at 11:20 AM, Donald <don.gooden at gmail.com> wrote:
>>>>>
>>>>>>  You guys are funny...
>>>>>>
>>>>>> Thanks for the laugh...
>>>>>>
>>>>>> Enjoy it...
>>>>>>
>>>>>> D
>>>>>>  ------------------------------
>>>>>> From: (P7N) Jason Johnson <jason.johnson at p7n.net>
>>>>>> Sent: ‎8/‎6/‎2014 4:33 PM
>>>>>> To: Jim Manico <jim.manico at owasp.org>; Tobias Glemser
>>>>>> <tglemser at secuvera.de>
>>>>>> Cc: owasp-leaders at lists.owasp.org
>>>>>> Subject: Re: [Owasp-leaders] professionalizing the cybersecurity
>>>>>> workforce //OWASP certification
>>>>>>
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA512
>>>>>>
>>>>>> Crap....I need to get that of my Resume
>>>>>>
>>>>>> On August 6, 2014 2:22:05 PM CDT, Jim Manico <jim.manico at owasp.org>
>>>>>> wrote:
>>>>>> >I do not doubt that you are a highly experienced ASS, but yes, the
>>>>>> >cert is indeed a hoax. ;) Next time I'm in Germany I'll buy everyone
>>>>>> >some beer.
>>>>>> >
>>>>>> >Aloha,
>>>>>> >-
>>>>>> >Jim Manico
>>>>>> >@Manicode
>>>>>> >(808) 652-3805
>>>>>> >
>>>>>> >On Aug 6, 2014, at 11:47 AM, Tobias Glemser <tglemser at secuvera.de>
>>>>>> >wrote:
>>>>>> >
>>>>>> >>> PS: That's the ASS-Cert and it was a hoax. :)
>>>>>> >> Sir! You're saying the "certified ASS" I've got proudly printed on
>>>>>> my
>>>>>> >> business cards is a fake :-0? Can't be real.. :)
>>>>>> >>
>>>>>> >> I guess the next beer is on you my Hawaiian friend.
>>>>>> >>
>>>>>> >> Tobias
>>>>>> >>
>>>>>> >>> -----Ursprüngliche Nachricht-----
>>>>>> >>> Von: Jim Manico [mailto:jim.manico at owasp.org]
>>>>>> >>> Gesendet: Mittwoch, 6. August 2014 18:26
>>>>>> >>> An: Tobias Glemser
>>>>>> >>> Cc: owasp-leaders at lists.owasp.org
>>>>>> >>> Betreff: Re: [Owasp-leaders] professionalizing the cybersecurity
>>>>>> >workforce
>>>>>> >>> //
>>>>>> >>> OWASP certification [ Z1 UNGESICHERT ]
>>>>>> >>>
>>>>>> >>>> Always keep in mind: In 2012 we already had a "Certified
>>>>>> >Application
>>>>>> >>>> Security Specialist" promoted at AppSecDC
>>>>>> >>>
>>>>>> >>> PS: That's the ASS-Cert and it was a hoax. :)
>>>>>> >>>
>>>>>> >>> Aloha,
>>>>>> >>> --
>>>>>> >>> Jim Manico
>>>>>> >>> @Manicode
>>>>>> >>> (808) 652-3805
>>>>>> >>>
>>>>>> >>>>> On Aug 6, 2014, at 8:33 AM, Tobias Glemser
>>>>>> ><tobias.glemser at owasp.org>
>>>>>> >>>> wrote:
>>>>>> >>>>
>>>>>> >>>> Hi there,
>>>>>> >>>>
>>>>>> >>>> I fully understand the "why is there no OWASP Sticker, pardon me,
>>>>>> >>>> OWASP Certificate"-question arises year after year. But to quote
>>>>>> >Jim
>>>>>> >>>>
>>>>>> >>>>> 1) Votes among our community have always said "no" to
>>>>>> >certification
>>>>>> >>>> As a community driven organization _this_ is the most relevant
>>>>>> >thing to
>>>>>> >>>> keep
>>>>>> >>> in mind in any discussion. If the participants think we should
>>>>>> >re-think
>>>>>> >>> the topic,
>>>>>> >>> because things change over time: Keep on going.
>>>>>> >>>>
>>>>>> >>>> Always keep in mind: In 2012 we already had a "Certified
>>>>>> >Application
>>>>>> >>>> Security Specialist" promoted at AppSecDC See
>>>>>> >>>>
>>>>>> >
>>>>>> http://lists.owasp.org/pipermail/owasp-leaders/2012-April/007071.html
>>>>>> >>>>
>>>>>> >>>> Tobias
>>>>>> >>>>
>>>>>> >>>>> -----Ursprüngliche Nachricht-----
>>>>>> >>>>> Von: owasp-leaders-bounces at lists.owasp.org [mailto:
>>>>>> owasp-leaders-
>>>>>> >>>>> bounces at lists.owasp.org] Im Auftrag von Gary Robinson
>>>>>> >>>>> Gesendet: Mittwoch, 6. August 2014 17:17
>>>>>> >>>>> An: Andrew Muller
>>>>>> >>>>> Cc: owasp-leaders at lists.owasp.org; conklinl at hotmail.com; Timur
>>>>>> 'x'
>>>>>> >>>>> Khrotko
>>>>>> >>>>> (owasp)
>>>>>> >>>>> Betreff: Re: [Owasp-leaders] professionalizing the cybersecurity
>>>>>> >>>>> workforce // OWASP certification [ Z1 UNGESICHERT ]
>>>>>> >>>>>
>>>>>> >>>>> Hi,
>>>>>> >>>>>
>>>>>> >>>>> Good point on ISO 27034, and I see we have a project 'OWASP ISO
>>>>>> >IEC
>>>>>> >>>>> 27034 Application Security Controls' (hadn't seen before).
>>>>>> Would
>>>>>> >be
>>>>>> >>>>> good to see this catch on.
>>>>>> >>>>>
>>>>>> >>>>> Gary
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>> Gary D. Robinson, CISSP
>>>>>> >>>>>
>>>>>> >>>>> On 6 Aug 2014, at 14:06, Andrew Muller <andrew.muller at owasp.org
>>>>>> >
>>>>>> >>> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>   Microsoft and ISO kinda beat OWASP to the punch on this one
>>>>>> with
>>>>>> >>>>> 27034.
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>   On Wed, Aug 6, 2014 at 10:56 PM, Gary Robinson
>>>>>> >>>>> <gary.robinson at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>       Yea instead of cert'ing people or code, can we certify
>>>>>> >>>>> companies SDLCs for security? Just like a company is certified
>>>>>> for
>>>>>> >>>>> ISO 9001 or others? Would be great to see things like "Acme is
>>>>>> >OWASP
>>>>>> >>>>> certified for their secure development processes".
>>>>>> >>>>>
>>>>>> >>>>>       If BSIMM or OpenSAMM are anything to go by then education
>>>>>> of
>>>>>> >>>>> employees will be part of that company SDLC cert.
>>>>>> >>>>>
>>>>>> >>>>>       Gary
>>>>>> >>>>>
>>>>>> >>>>>       Gary D. Robinson, CISSP
>>>>>> >>>>>
>>>>>> >>>>>       On 6 Aug 2014, at 11:36, Andrew Muller
>>>>>> >>>>> <andrew.muller at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>           OWASP is good at writing guidance (code review guide)
>>>>>> >and
>>>>>> >>>>> standards (ASVS), so I don't think we should pollute the brand
>>>>>> >with
>>>>>> >>>>> certifications. We could possibly look at certifying
>>>>>> organisations
>>>>>> >>>>> compliance with these standards but even this stinks of conflict
>>>>>> >and
>>>>>> >>>>> erosion of the OWASP brand.
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>           My 2c
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>           On Wed, Aug 6, 2014 at 6:09 PM, Eoin Keary
>>>>>> >>>>> <eoin.keary at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>               Id love to do something like this but I'm unsure
>>>>>> if
>>>>>> >>>>> getting students to test production code would warrant any type
>>>>>> of
>>>>>> >>>>> robust certification. To certify code / help ensure it is
>>>>>> secure,
>>>>>> >we
>>>>>> >>>>> really need to build security in rather than just test.
>>>>>> >>>>>               Certification would have to be a combination of
>>>>>> >design
>>>>>> >>>>> review, source code analysis and testing. Similar to asvs level
>>>>>> 4?
>>>>>> >>>>>               This would take tons of work and require a
>>>>>> dedicated
>>>>>> >>>>> experienced assessment team.
>>>>>> >>>>>
>>>>>> >>>>>               -ek
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>               Eoin Keary
>>>>>> >>>>>               Owasp Global Board
>>>>>> >>>>>               +353 87 977 2988
>>>>>> >>>>> <tel:%2B353%2087%20977%202988>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>               On 6 Aug 2014, at 02:41, Larry Conklin
>>>>>> >>>>> <larry.conklin at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>                   Hi Jim I would also like to see us move into
>>>>>> >>>>> certification but instead of certifying people. I think we
>>>>>> should
>>>>>> >>>>> consider software. A certification like what Underwriters
>>>>>> >>>>> Laboratories offers with  their "Seal of Approval". We could
>>>>>> start
>>>>>> >>>>> small certifying software scanners. We can offer a free
>>>>>> >>>>> application(s) with known vulnerabilities that vendors can run
>>>>>> >their
>>>>>> >>>>> code against to measure how well their scanner finds and reports
>>>>>> >the
>>>>>> >>>>> known vulnerabilities. Testing would be C++, Java, C#, PHP,
>>>>>> Ruby,
>>>>>> >and
>>>>>> >>>>> Javascript. We could also allow members to run their open source
>>>>>> >and
>>>>>> >>>>> third party application against our code base to we could
>>>>>> collect
>>>>>> >>>>> comprehensive measurement of the effectiveness of each vendor
>>>>>> >scanner
>>>>>> >>>>> (both open source and third party) and make this available to
>>>>>> >>>>> everyone who is considering buying a scanner or a SAS service to
>>>>>> >scan
>>>>>> >>> software. The last thing we could do would be to offer our own
>>>>>> "seal
>>>>>> >of
>>>>>> >>> approval" if the vendor allowed us to independently test their
>>>>>> code.
>>>>>> >>>>> This would also be a great summer of code for some students. We
>>>>>> >don't
>>>>>> >>>>> need to start big we just need to start. I have never seen an
>>>>>> >>>>> independent study of FindBugs  that is not part of a research
>>>>>> >paper
>>>>>> >>>>> and compares other tools. Just my two cents.  Hope you all miss
>>>>>> >the
>>>>>> >>>>> majority
>>>>>> >>> of the hurricanes.  Stay safe!
>>>>>> >>>>> Larry
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>                   On Tue, Aug 5, 2014 at 6:43 PM, Jim Manico
>>>>>> >>>>> <jim.manico at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>                       I personally think OWASP should go full
>>>>>> boar
>>>>>> >>>>> into AppSec professional certification, but there are real
>>>>>> >obstacles
>>>>>> >>>>> preventing it from happening right now.
>>>>>> >>>>>
>>>>>> >>>>>                       1) Votes among our community have always
>>>>>> >said
>>>>>> >>>>> "no" to certification
>>>>>> >>>>>
>>>>>> >>>>>                       2) The operational overhead with
>>>>>> >certification
>>>>>> >>>>> is very significant, and we are in the process of rebooting
>>>>>> >>>>> operations with Virtual, our new HR firm
>>>>>> >>>>>
>>>>>> >>>>>                       3) We would be forced to keep exam
>>>>>> questions
>>>>>> >>>>> in secret which is against our bylaws
>>>>>> >>>>>
>>>>>> >>>>>                       I think that if Virtual succeeds in
>>>>>> maturing
>>>>>> >>>>> operations as I hope and pray that they do, we might be able to
>>>>>> >>>>> reconsider. But right now I feel we need to put our energies
>>>>>> into
>>>>>> >>>>> current efforts.
>>>>>> >>>>>
>>>>>> >>>>>                       Respectfully,
>>>>>> >>>>>                       --
>>>>>> >>>>>                       Jim Manico
>>>>>> >>>>>                       @Manicode
>>>>>> >>>>>                       (808) 652-3805 <tel:%28808%29%20652-3805>
>>>>>> >>>>>
>>>>>> >>>>>                       On Aug 5, 2014, at 2:24 PM, "Timur 'x'
>>>>>> >Khrotko
>>>>>> >>>>> (owasp)" <timur at owasp.org> wrote:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>                           See the item from the SANS newsletter
>>>>>> >>>>> below. (For my taste the last two sentences in it are more
>>>>>> >important
>>>>>> >>>>> in principle, and in my perspective the main topic of US
>>>>>> national
>>>>>> >>>>> association is obviously ... abstract.) The question is what do
>>>>>> >you
>>>>>> >>>>> think about OWASP engaging in AppSec specialists' certification?
>>>>>> >>>>> (Probably the question is not new, and we do not follow ISACA
>>>>>> >>>>> deliberately, then please send me a link to some discussion
>>>>>> about
>>>>>> >>>>> it.) Wouldn't it be nice to create a methodology to train and
>>>>>> >examine
>>>>>> >>>>> the AppSec professionals in domains where we supply knowledge
>>>>>> and
>>>>>> >>>>> tools (dev, test and ... management)?! (I guess it can make our
>>>>>> >brand
>>>>>> >>>>> more interesting for the AppSec crowd, bring more money and make
>>>>>> >>> dissemination of our tools easier).
>>>>>> >>>>>
>>>>>> >>>>>                           ~timur
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>                            --Study Calls for Cyber Security
>>>>>> >>>>> Professional Organization
>>>>>> >>>>>                           (July 28 & August 1,
>>>>>> >>>>> 2014)
>>>>>> >>>>>                           A study from the Pell Center at Salve
>>>>>> >>>>> Regina University in Rhode Island
>>>>>> >>>>>                           acknowledges that "there are not
>>>>>> enough
>>>>>> >>>>> people equipped with the
>>>>>> >>>>>                           appropriate knowledge, skills, and
>>>>>> >>>>> abilities to protect the information
>>>>>> >>>>>                           infrastructure, improve resilience,
>>>>>> and
>>>>>> >>>>> leverage information technology
>>>>>> >>>>>                           for strategic advantage." The report
>>>>>> >>>>> "proposes the creation of a
>>>>>> >>>>>                           national professional association in
>>>>>> >>>>> cybersecurity to solidify the field
>>>>>> >>>>>                           as a profession, to support
>>>>>> individuals
>>>>>> >>>>> engaged in this profession, to
>>>>>> >>>>>                           establish professional standards,
>>>>>> >>>>> prescribe education and training, and
>>>>>> >>>>>                           ... to support the public good."
>>>>>> >>>>>
>>>>>> >>>>>   http://pellcenter.salvereginablogs.com/cybersecurity-report-
>>>>>> >>>>>
>>>>>> >recommends-path-to-professional-standards-in-cybersecurity-industry/
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >http://www.fiercecio.com/story/pell-study-calls-creation-national-
>>>>>> >>>>> professional-cybersecurity-association/2014-08-01
>>>>>> >>>>>                           Study:
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >http://pel
>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>> Version: APG v1.1.1
>>>>>>
>>>>>> iQJDBAEBCgAtBQJT4o+WJhxKYXNvbiBKb2huc29uIDxqYXNvbi5qb2huc29uQHA3
>>>>>> bi5uZXQ+AAoJEESGuCi6L62Mo60QAJ6CdDNbwkiUDW0sC9xecZpqzOGgw8BdoGx6
>>>>>> owrel22CSFgFnWhHmFfd/cHBQhaYwnNV1WAr92tRiQiwGQUitcvjK7C6FoGDA46V
>>>>>> rLC+6EbpRT7PEGzXBlUD4mBZaWzLENhgRsmtwyuo4XKPWOE9nnR61qMFlPFc0nqI
>>>>>> 5x8d2FEziI0CNNRHdGh311nWRS4I6XOsXj3o94q41PaziBPROV1UYJ0A8cJegn3U
>>>>>> JbmEBR/fNsmX1LfXwjWGDJpS5Wknd0qndioL1/NBw0p7yP6cVR/Yd3UaV+w/gY1t
>>>>>> x+05MwM3mKoPCSo+RJn6lsp3gK58HEx4qFnMd3JHNJGDK1/4oBNC+FoalTy1fqp1
>>>>>> qk35gdo8OoGcJdkeBv5yt0qESrJDyy1jfRYr4/aL3ASFntfNB7QiUeU+dAyhdhb1
>>>>>> Dvxp76kcTHjycoyxJbxeVck1xv+2MjiVEqfjKNxqysU3Q1RaBv54FDFFLDwnW9xy
>>>>>> m1W6v0q/+5QH/d+47CQG1hBJU+s25hGoEWCNQfTDCvq3bHuUszuL0eDhiu2ffTtg
>>>>>> 6z/Tp5kW+Nli/5JqwBjtScEmVgacGvBKb9EQpnv/IZ6mBAh5ax5zz5UeN3Z83ACO
>>>>>> FWjq1bXtskcYpj0mrZ+xFZ/6q60xtBMbfF80SF7gtFU2/mvZOSTs7UmSH4J+C5/x
>>>>>> Eum/vR4p
>>>>>> =8Sf/
>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ____________________
>>>>> *Andrew Muller*
>>>>> Canberra OWASP Chapter Leader
>>>>> OWASP Testing Guide Co-Leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> Email us to enforce secure link with your mail servers (domain).
> This message may contain confidential information - you should handle it
> accordingly.
> Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140808/c2fb4261/attachment-0001.html>


More information about the OWASP-Leaders mailing list