[Owasp-leaders] Plan approach - help fix platforms devs use
daniel.harvey at owasp.org
Mon Nov 23 18:09:00 UTC 2015
If we look at this from an owasp project perspective. I know we don't
encourage endorsing products. But I believe we should be in a position to
provide something such as an OWASP Verified label that can be used for
these platforms we are going to put in this work on. I think the project
should set requirements that should allow platforms to be evaluated to meet
a certain level before before being provided this label. I think this
label will also encourage platforms to consider working with us more.
Just some of my thoughts of how we can projectize this based on the current
On Mon, Nov 23, 2015 at 12:39 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> Hi Tim
> Based on your last email
> You mentioned: "The changes can be simple and subtle, but we have to
> convince the owners of those platforms to do it"
> I think we should set a concrete plan here. How can we achieve this?
> You said"* I have some ideas on that, but I **think it is going to
> require a significant initiative that I can't Tale on alone. Does this
> resonate with anyone?*
> Yes we could indeed, I'm willing to support this one. "*It should be easy
> enough to approach smaller projects and frameworks, but in order to make
> the most difference, I think we need to engage the ***big* development
> platform maintainers.* "
> Agree and for that purpose I think we can organise and invite everyone to
> a webinar, virtual meeting to begin with and grow this into a more serious
> meeting. We need to identify the Project managers/leaders at this
> frameworks projects.
> I like in small and realistic steps so we could begin inviting small
> framework leaders to a webinar meeting such as
> - NodeJS==> this one is relative new in the scene but growing and full
> of security issues
> - MongoDB==>same
> - Fill in here
> Lets try to start small with small framers but definitely quite important
> in the way they are being used now
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders