[Owasp-leaders] Plan approach - help fix platforms devs use
johanna curiel curiel
johanna.curiel at owasp.org
Mon Nov 23 18:27:00 UTC 2015
I think the project should set requirements that should allow platforms to
be evaluated to meet a certain level before before being provided this
label. I think this label will also encourage platforms to consider
working with us more.
Daniel, there is an initiative already in place doing that
I think we should engage with this kind of initiatives as they are
developing even automated tools for this purpose
On Mon, Nov 23, 2015 at 2:09 PM, Daniel Harvey <daniel.harvey at owasp.org>
> If we look at this from an owasp project perspective. I know we don't
> encourage endorsing products. But I believe we should be in a position to
> provide something such as an OWASP Verified label that can be used for
> these platforms we are going to put in this work on. I think the project
> should set requirements that should allow platforms to be evaluated to meet
> a certain level before before being provided this label. I think this
> label will also encourage platforms to consider working with us more.
> Just some of my thoughts of how we can projectize this based on the
> current OWASP structure.
> On Mon, Nov 23, 2015 at 12:39 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Hi Tim
>> Based on your last email
>> You mentioned: "The changes can be simple and subtle, but we have to
>> convince the owners of those platforms to do it"
>> I think we should set a concrete plan here. How can we achieve this?
>> You said"* I have some ideas on that, but I **think it is going to
>> require a significant initiative that I can't Tale on alone. Does this
>> resonate with anyone?*
>> Yes we could indeed, I'm willing to support this one. "*It should be
>> easy enough to approach smaller projects and frameworks, but in order to
>> make the most difference, I think we need to engage the ***big*
>> development platform maintainers.* "
>> Agree and for that purpose I think we can organise and invite everyone to
>> a webinar, virtual meeting to begin with and grow this into a more serious
>> meeting. We need to identify the Project managers/leaders at this
>> frameworks projects.
>> I like in small and realistic steps so we could begin inviting small
>> framework leaders to a webinar meeting such as
>> - NodeJS==> this one is relative new in the scene but growing and
>> full of security issues
>> - MongoDB==>same
>> - Fill in here
>> Lets try to start small with small framers but definitely quite important
>> in the way they are being used now
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders