[Owasp-leaders] I want to boost this project (OWASP Security Labeling System Project)

(P7N) Jason Johnson jason.johnson at p7n.net
Sat Aug 23 21:09:36 UTC 2014

Hash: SHA512

This will be a sweet spot for Owasp and code testing. Hmmm who knows maybe even performance testing plans and what to do and what not to do.

On August 23, 2014 3:51:11 PM CDT, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>With regards of who to contact, please you can contact me or
>We are right now the project task force and soon to be Project review
>Committee. More on  that please read attachment.
>Owasp is looking for a Project Coordinator and hopefully we will have
>Bets regards
>On Sat, Aug 23, 2014 at 4:46 PM, johanna curiel curiel <
>johanna.curiel at owasp.org> wrote:
>> Hi Luis,
>> While I like the concept, there are some things I do not understand
>and I
>> would like to clarify.
>> -The project seems to imply assigning a label to "web applications
>> software(in general)." Does that mean that if a project has a label,
>> your implying that is "Secure"..."This label is* for Software
>> with a secure life cycle*,* following recommended security coding
>> practices*(OWASP TOP TEN, OWASP security principles...) and
>> security tools(Zed Attack Proxy, Dependency check...)" ?
>> -How is the process of assigning a label? How do you judge that a
>"web app
>> or software" can actually receive one? That means you need to review
>> web apps in order to determine that they were developed using a
>secure life
>> cycle for example.Who will be the reviewers of these webapps?
>> For some reason I assume  that OWASP (as a brand) provides some sort
>> review to these "web apps and software". I honestly find this
>dangerous for
>> OWASP reputation. Even when we can set all sort of disclaimer that we
>> cannot "guarantee" that the labeling means the app is actually
>secure, if a
>> breach happened with that app, OWASP will be associated with that
>> breach.
>> Regards
>> Johanna
>> On Sat, Aug 23, 2014 at 4:10 PM, Luis Enriquez
><luis.enriquez at owasp.org>
>> wrote:
>>> Dear Community,
>>> I have been working on the worked on the OWASP Labeling system
>>> for the last 5 months. It is a different kind of project as there
>are some
>>> legal issues involved such as security and privacy clauses. I need
>>> feedback of the "old and well known" OWASP members in other to
>confirm if
>>> this is the right orientation.
>>> As there is no OWASP Project manager at the moment, and the
>community is
>>> changing the board members, I just don't know who to contact.
>>> I still believe it is a good project, and OWASP the right community
>>> developing such idea.
>>> best,
>>> --
>>> Luis Enriquez
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org

Jason Johnson
cell: 405-875-4413
ProjectSeven Networks™

💻because data is beautiful...

🌲please do not print this email.
Version: APG v1.1.1


More information about the OWASP-Leaders mailing list