[Owasp-leaders] My expectation is that nobody is reading my @owasp.org emails
eoin.keary at owasp.org
Tue Jul 1 09:53:27 UTC 2014
I've never heard of board members being responsible for access control or any other operational control for that matter.
If there are suggestions for improvement I'm sure they can be auctioned by our fabulous staff and volunteers.
We don't have a full time IAM manager but if it is a big bone of contention I'd say it would be a great idea to address and I'd support such a move. I'd suggest we start with our tech hosting provider and go from there..
Owasp Global Board
+353 87 977 2988
On 1 Jul 2014, at 12:43, Jim Manico <jim.manico at owasp.org> wrote:
> I am not the leading expert on access control, for that I would read NIST special publication 800-162 on ABAC and similar documents.
> If you have any questions about our technical policies, drop Matt Tesauro a note.
> Well wishes,
> Jim Manico
> (808) 652-3805
> On Jul 1, 2014, at 5:05 PM, Dennis Groves <dennis.groves at owasp.org> wrote:
>> Hey Jim,
>> I know you have no access, by design (good security!)
>> What I am questioning - is how can an organization not follow the world leading experts advice (you)!) in such fundamental matters? surely if OWASP can not do it, how can we exert anybody else to follow our advice?
>> I think is embarrassing at best - why is it we can not implement your best practices? You after all are the leading expert! - if OWASP can not your advice, how can we expect others to do the same?
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders