[Owasp-leaders] My expectation is that nobody is reading my @owasp.org emails

(P7N) Jason Johnson jason.Johnson at p7n.net
Tue Jul 1 12:02:04 UTC 2014


I do this at work with employees off all kinds good bad whatever. Its all the same processes. We mark the email with the (org) or relative job area they are in. If they leave there access is dropped to guest and removed from the org unit or group. In this case google docs. Never is there a case of ownership. This is done for everyone. Is OWASP different with its employees? Is Samantha a member still?

Jason

On July 1, 2014 4:53:27 AM CDT, Eoin Keary <eoin.keary at owasp.org> wrote:
>I've never heard of board members being responsible for access control
>or any other operational control for that matter. 
>If there are suggestions for improvement I'm sure they can be auctioned
>by our fabulous staff and volunteers. 
>
>We don't have a full time IAM manager but if it is a big bone of
>contention I'd say it would be a great idea to address and I'd support
>such a move. I'd suggest we start with our tech hosting provider and go
>from there..
>
>-ek
>
>
>Eoin Keary
>Owasp Global Board
>+353 87 977 2988
>
>
>On 1 Jul 2014, at 12:43, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Dennis,
>> 
>> I am not the leading expert on access control, for that I would read
>NIST special publication 800-162 on ABAC and similar documents. 
>> 
>> http://csrc.nist.gov/publications/drafts/800-162/sp800_162_draft.pdf
>> 
>> If you have any questions about our technical policies, drop Matt
>Tesauro a note.
>> 
>> Well wishes,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>> On Jul 1, 2014, at 5:05 PM, Dennis Groves <dennis.groves at owasp.org>
>wrote:
>> 
>>> Hey Jim,
>>> 
>>> I know you have no access, by design (good security!) 
>>> 
>>> What I am questioning - is how can an organization not follow the
>world leading experts advice (you)!) in such fundamental matters?
>surely if OWASP can not do it, how can we exert anybody else to follow
>our advice? 
>>> 
>>> I think is embarrassing at best - why is it we can not implement
>your best practices? You after all are the leading expert! - if OWASP
>can not  your advice, how can we expect others to do the same?
>>> 
>>> Dennis
>>>>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 
Sent from Kaiten Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140701/6da0760f/attachment.html>


More information about the OWASP-Leaders mailing list