[Owasp-leaders] My expectation is that nobody is reading my @owasp.org emails

Jim Manico jim.manico at owasp.org
Tue Jul 1 09:43:11 UTC 2014


Dennis,

I am not the leading expert on access control, for that I would read NIST
special publication 800-162 on ABAC and similar documents.

http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf

If you have any questions about our technical policies, drop Matt Tesauro a
note.

Well wishes,
--
Jim Manico
@Manicode
(808) 652-3805

On Jul 1, 2014, at 5:05 PM, Dennis Groves <dennis.groves at owasp.org> wrote:

Hey Jim,

I know you have no access, by design (good security!)

What I am questioning - is how can an organization not follow the world
leading experts advice (you)!) in such fundamental matters? surely if OWASP
can not do it, how can we exert anybody else to follow our advice?

I think is embarrassing at best - why is it we can not implement your best
practices? You after all are the leading expert! - if OWASP can not  your
advice, how can we expect others to do the same?

Dennis
​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140701/8f61b9c7/attachment.html>


More information about the OWASP-Leaders mailing list