[Owasp-leaders] I want to boost this project (OWASP Security Labeling System Project)
(P7N) Jason Johnson
jason.johnson at p7n.net
Sat Aug 23 21:09:36 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
This will be a sweet spot for Owasp and code testing. Hmmm who knows maybe even performance testing plans and what to do and what not to do.
On August 23, 2014 3:51:11 PM CDT, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>With regards of who to contact, please you can contact me or
>We are right now the project task force and soon to be Project review
>Committee. More on that please read attachment.
>Owasp is looking for a Project Coordinator and hopefully we will have
>On Sat, Aug 23, 2014 at 4:46 PM, johanna curiel curiel <
>johanna.curiel at owasp.org> wrote:
>> Hi Luis,
>> While I like the concept, there are some things I do not understand
>> would like to clarify.
>> -The project seems to imply assigning a label to "web applications
>> software(in general)." Does that mean that if a project has a label,
>> your implying that is "Secure"..."This label is* for Software
>> with a secure life cycle*,* following recommended security coding
>> practices*(OWASP TOP TEN, OWASP security principles...) and
>> security tools(Zed Attack Proxy, Dependency check...)" ?
>> -How is the process of assigning a label? How do you judge that a
>> or software" can actually receive one? That means you need to review
>> web apps in order to determine that they were developed using a
>> cycle for example.Who will be the reviewers of these webapps?
>> For some reason I assume that OWASP (as a brand) provides some sort
>> review to these "web apps and software". I honestly find this
>> OWASP reputation. Even when we can set all sort of disclaimer that we
>> cannot "guarantee" that the labeling means the app is actually
>secure, if a
>> breach happened with that app, OWASP will be associated with that
>> On Sat, Aug 23, 2014 at 4:10 PM, Luis Enriquez
><luis.enriquez at owasp.org>
>>> Dear Community,
>>> I have been working on the worked on the OWASP Labeling system
>>> for the last 5 months. It is a different kind of project as there
>>> legal issues involved such as security and privacy clauses. I need
>>> feedback of the "old and well known" OWASP members in other to
>>> this is the right orientation.
>>> As there is no OWASP Project manager at the moment, and the
>>> changing the board members, I just don't know who to contact.
>>> I still believe it is a good project, and OWASP the right community
>>> developing such idea.
>>> Luis Enriquez
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
💻because data is beautiful...
🌲please do not print this email.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
-----END PGP SIGNATURE-----
More information about the OWASP-Leaders