[Owasp-leaders] I want to boost this project (OWASP Security Labeling System Project)

(P7N) Jason Johnson jason.johnson at p7n.net
Sat Aug 23 21:09:36 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This will be a sweet spot for Owasp and code testing. Hmmm who knows maybe even performance testing plans and what to do and what not to do.

On August 23, 2014 3:51:11 PM CDT, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>Luis
>
>With regards of who to contact, please you can contact me or
>Kait-Disney.
>We are right now the project task force and soon to be Project review
>Committee. More on  that please read attachment.
>
>Owasp is looking for a Project Coordinator and hopefully we will have
>one
>soon.
>
>Bets regards
>
>Johanna
>
>
>On Sat, Aug 23, 2014 at 4:46 PM, johanna curiel curiel <
>johanna.curiel at owasp.org> wrote:
>
>> Hi Luis,
>>
>> While I like the concept, there are some things I do not understand
>and I
>> would like to clarify.
>>
>> -The project seems to imply assigning a label to "web applications
>and
>> software(in general)." Does that mean that if a project has a label,
>are
>> your implying that is "Secure"..."This label is* for Software
>developed
>> with a secure life cycle*,* following recommended security coding
>> practices*(OWASP TOP TEN, OWASP security principles...) and
>recommended
>> security tools(Zed Attack Proxy, Dependency check...)" ?
>>
>> -How is the process of assigning a label? How do you judge that a
>"web app
>> or software" can actually receive one? That means you need to review
>these
>> web apps in order to determine that they were developed using a
>secure life
>> cycle for example.Who will be the reviewers of these webapps?
>>
>> For some reason I assume  that OWASP (as a brand) provides some sort
>of
>> review to these "web apps and software". I honestly find this
>dangerous for
>> OWASP reputation. Even when we can set all sort of disclaimer that we
>> cannot "guarantee" that the labeling means the app is actually
>secure, if a
>> breach happened with that app, OWASP will be associated with that
>security
>> breach.
>>
>> Regards
>>
>> Johanna
>>
>>
>>
>>
>> On Sat, Aug 23, 2014 at 4:10 PM, Luis Enriquez
><luis.enriquez at owasp.org>
>> wrote:
>>
>>> Dear Community,
>>>
>>> I have been working on the worked on the OWASP Labeling system
>Project
>>> for the last 5 months. It is a different kind of project as there
>are some
>>> legal issues involved such as security and privacy clauses. I need
>some
>>> feedback of the "old and well known" OWASP members in other to
>confirm if
>>> this is the right orientation.
>>>
>>> As there is no OWASP Project manager at the moment, and the
>community is
>>> changing the board members, I just don't know who to contact.
>>>
>>> I still believe it is a good project, and OWASP the right community
>for
>>> developing such idea.
>>>
>>>
>https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project
>>>
>>> best,
>>>
>>> --
>>> Luis Enriquez
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-leaders

Jason Johnson
cell: 405-875-4413
ProjectSeven Networks™
___

💻because data is beautiful...

🌲please do not print this email.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQJDBAEBCgAtBQJT+QMPJhxKYXNvbiBKb2huc29uIDxqYXNvbi5qb2huc29uQHA3
bi5uZXQ+AAoJEESGuCi6L62MPEcQAJR7C1MlmggPqz8d4JC8AIGkaPr0QfK/7GTf
ip5ifuQsxLH8Q4L9iM+9y944RfO98qExyWoIltQsI/N/YXILnRpi3LA7Dl70cnj7
CPweAjo5o1R/WkWLbpupZOp0uejDuTVM3k6wZQCF/J+WBrlMnk8v5WadK6KrYjED
Wi2JjUR1jW356UJLhoR7MYK9O9GoqX+Yjq1dT8rCw9aXlUlzMUQby/2na+IPD6yB
HUe1B7Nu2HuvNtzJAte6H0C2aiej82hTX9Jbpf6MqNyzBHVCMH3YVGrbndUSGRL1
OrcJSasi7Gpb2K4+08exKyuJ8uV4/F7Q8CnCAuWxg4wL3j5SnrggGQcOSQ7NG+9l
8OQ7kckyyDS8CUsXfCs2Vl82rsXJ677g0Wx3suo9jXeNMJyaBUJM+eq3fa2sUnNK
35Qe359gDEhWgo2L3oQbQ3jD4I8Ap+X36/d86xoXE7DysqjUIve7ywOfEQjplrRN
eAScpIqTz21121K8+PzQRPbSOQq3DkZo67oT+W3uZEzCPcT0gxVYlFDViPPzcZ3K
5pVz3w2sIpp6uD5da3eN2ejvx8L1Vt+oviBCgsIRZg44RLQG5/1PDkY8U/EYNqdM
Ksbuor2fookQlnxdRBYTz4xSRXQ3QUvwcB5TpICITTtrFK53AEKG7jKWlYFaECDL
ufHDcAKz
=GMtt
-----END PGP SIGNATURE-----



More information about the OWASP-Leaders mailing list