[Owasp-leaders] I want to boost this project (OWASP Security Labeling System Project)

johanna curiel curiel johanna.curiel at owasp.org
Sat Aug 23 20:51:11 UTC 2014


Luis

With regards of who to contact, please you can contact me or Kait-Disney.
We are right now the project task force and soon to be Project review
Committee. More on  that please read attachment.

Owasp is looking for a Project Coordinator and hopefully we will have one
soon.

Bets regards

Johanna


On Sat, Aug 23, 2014 at 4:46 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Luis,
>
> While I like the concept, there are some things I do not understand and I
> would like to clarify.
>
> -The project seems to imply assigning a label to "web applications and
> software(in general)." Does that mean that if a project has a label, are
> your implying that is "Secure"..."This label is* for Software developed
> with a secure life cycle*,* following recommended security coding
> practices*(OWASP TOP TEN, OWASP security principles...) and recommended
> security tools(Zed Attack Proxy, Dependency check...)" ?
>
> -How is the process of assigning a label? How do you judge that a "web app
> or software" can actually receive one? That means you need to review these
> web apps in order to determine that they were developed using a secure life
> cycle for example.Who will be the reviewers of these webapps?
>
> For some reason I assume  that OWASP (as a brand) provides some sort of
> review to these "web apps and software". I honestly find this dangerous for
> OWASP reputation. Even when we can set all sort of disclaimer that we
> cannot "guarantee" that the labeling means the app is actually secure, if a
> breach happened with that app, OWASP will be associated with that security
> breach.
>
> Regards
>
> Johanna
>
>
>
>
> On Sat, Aug 23, 2014 at 4:10 PM, Luis Enriquez <luis.enriquez at owasp.org>
> wrote:
>
>> Dear Community,
>>
>> I have been working on the worked on the OWASP Labeling system Project
>> for the last 5 months. It is a different kind of project as there are some
>> legal issues involved such as security and privacy clauses. I need some
>> feedback of the "old and well known" OWASP members in other to confirm if
>> this is the right orientation.
>>
>> As there is no OWASP Project manager at the moment, and the community is
>> changing the board members, I just don't know who to contact.
>>
>> I still believe it is a good project, and OWASP the right community for
>> developing such idea.
>>
>> https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project
>>
>> best,
>>
>> --
>> Luis Enriquez
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140823/a0126978/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: committee 2-project reviews.pdf
Type: application/pdf
Size: 113716 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140823/a0126978/attachment-0001.pdf>


More information about the OWASP-Leaders mailing list