[Owasp-leaders] Please answer this 5-question poll.OWASP Security Labeling System Project

Michael Coates michael.coates at owasp.org
Mon Jan 20 19:23:59 UTC 2014


Luis,

Great initiative! I have some feedback on your poll that may help make it
more effective. There is a bit of ambiguity on some of the questions and
clarifying the question may give you some better results.


1) Which OWASP security guides and Projects do you use regularly?
Is this intended to be an exhaustive list? There are other projects that
people may use that aren't listed. Maybe a subnote that says "This does not
represent all OWASP projects but these projects were specifically selected
for this poll"

2) Do you think it is important to publish your software components and
third party code components?(shared libraries, APIs, and so on).
Are you asking if companies should publicly publish the software components
and third party components for their software? Would this apply if the
software they are building is closed source?
Are we asking from the perspective of someone in security at the company or
from a user of the software concerned about security? Clarifying the
question would be helpful.

3) How often do you fix vulnerabilities in your web applications?
Most companies will address vulnerabilities using a risk based approach.
The deployment time to push the changes live will depend on other factors.
This question may be tough for people to answer in it's current wording.





--
Michael Coates
@_mwc



On Mon, Jan 20, 2014 at 9:11 AM, <luis.enriquez at owasp.org> wrote:

> Dear OWASP members. I kindly request you to fill this 5 questions poll.
> Your feedback is very important for the success of this project. Thank you!
> Luis Enriquez
> https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project<https://www.google.com/url?q=https%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Security_Labeling_System_Project&sa=D&sntz=1&usg=AFQjCNGP1Sgp4TknRoFVvs81v8dyXI-Yqw>
> If you have trouble viewing or submitting this form, you can fill it out
> online:
>
> https://docs.google.com/forms/d/1GNnve1SIxf8q5XGWZXJSmeSUzmKIEH5sQPQR3a-TTE8/viewform
>
> OWASP Security Labeling System Project
> Dear OWASP members. I kindly request you to fill this 5 questions poll.
> Your feedback is very important for the success of this project. Thank you!
>
>     (1) Which OWASP security guides and Projects do you use regularly?
>     - OWASP Top Ten project
>       - OWASP security coding principles
>       - OWASP ESAPIs
>       - OWASP Application Security Verification Standard
>       - OpenSAMM Software Assurance Model
>     (2) Do you think it is important to publish your software components
>    and third party code components?(shared libraries, APIs, and so on).
>     - YES
>       - NO
>       - Other:
>     (3) How often do you fix vulnerabilities in your web applications?
>     - hourly
>       - daily
>       - weekly
>       - Other:
>     (4) Would you publish the results of your vulnerability scans to the
>    public?
>     - YES
>       - NO
>       - Other:
>     (5) Which legal issues would you incorporate in your contracts or
>    copyright licenses?
>     - A RISKS OF VULNERABILITIES CLAUSE; determining in which
>       circumstances you would be responsible for the damages caused by software
>       vulnerabilities.
>       - A PRIVACY CLAUSE; certifying that your software does not come by
>       default with any kind of hidden spyware, or backdoors.
>       - A DATA PROTECTION CLAUSE; which clearly informs users about how
>       personal data will be processed(if any).
>       - Other:
>       Never submit passwords through Google Forms.
>
>  Powered by [image: Google Drive] <http://drive.google.com>
> This form was created inside of OWASP Foundation.
> Report Abuse<https://docs.google.com/forms/d/1GNnve1SIxf8q5XGWZXJSmeSUzmKIEH5sQPQR3a-TTE8/reportabuse?source=https://docs.google.com/forms/d/1GNnve1SIxf8q5XGWZXJSmeSUzmKIEH5sQPQR3a-TTE8/viewform?sid%3D362c5766bdef3a58%26token%3D-eyjsEMBAAA.yFU3uFcG6ZB8DpjMXJWx9g.dCjdVm7cCBOsoH4t6NOgDA>- Terms
> of Service <http://www.google.com/accounts/TOS> - Additional Terms<http://www.google.com/google-d-s/terms.html>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140120/b36b13bf/attachment-0001.html>


More information about the OWASP-Leaders mailing list