[Owasp-leaders] Plan approach - help fix platforms devs use

johanna curiel curiel johanna.curiel at owasp.org
Mon Nov 23 18:27:00 UTC 2015


 I think the project should set requirements that should allow platforms to
be evaluated to meet a certain level before before being provided this
label.  I think this label will also encourage platforms to consider
working with us more.

Daniel, there is an initiative already in place doing that
https://www.coreinfrastructure.org/programs/badge-program
I think we should engage with this kind of initiatives as they are
developing even automated tools for this purpose

regards

Johanna

On Mon, Nov 23, 2015 at 2:09 PM, Daniel Harvey <daniel.harvey at owasp.org>
wrote:

> If we look at this from an owasp project perspective.  I know we don't
> encourage endorsing products.  But I believe we should be in a position to
> provide something such as an OWASP Verified label that can be used for
> these platforms we are going to put in this work on.  I think the project
> should set requirements that should allow platforms to be evaluated to meet
> a certain level before before being provided this label.  I think this
> label will also encourage platforms to consider working with us more.
>
> Just some of my thoughts of how we can projectize this based on the
> current OWASP structure.
>
> On Mon, Nov 23, 2015 at 12:39 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Tim
>>
>> Based on your last email
>> http://lists.owasp.org/pipermail/owasp-leaders/2015-November/015507.html
>>
>> You mentioned: "The changes can be simple and subtle, but we have to
>> convince the owners of those platforms to do it"
>>
>> I think we should set a concrete plan here. How can we achieve this?
>>
>> You said"* I have some ideas on that, but I **think it is going to
>> require a significant initiative that I can't Tale on alone.  Does this
>> resonate with anyone?*
>>
>> Yes we could indeed, I'm willing to support this one. "*It should be
>> easy enough to approach smaller projects and frameworks, but in order to
>> make the most difference, I think we need to engage the ***big*
>> development platform maintainers.* "
>>
>> Agree and for that purpose I think we can organise and invite everyone to
>> a webinar, virtual meeting to begin with and grow this into a more serious
>> meeting. We need to identify the Project managers/leaders at this
>> frameworks projects.
>>
>> I like in small and realistic steps so we could begin inviting small
>> framework leaders to a webinar meeting such as
>>
>>    - NodeJS==> this one is relative new in the scene but growing and
>>    full of security issues
>>    - MongoDB==>same
>>    - Fill in here
>>
>> Lets try to start small with small framers but definitely quite important
>> in the way they are being used now
>>
>> Regards
>>
>> Johanna
>> -
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151123/f8df5f70/attachment.html>


More information about the OWASP-Leaders mailing list