[Owasp-leaders] [Owasp-community] Bug Hunting at OWASP.org

Frank Catucci frank.catucci at owasp.org
Thu Feb 11 16:02:40 UTC 2016


Ok I was blocked by evil barracudas. So here goes again....in response to Johanna's email...
> 
> All,
> 
> I spoke to Jim briefly about this at AppSec Cali, and I am still willing to assist but I am afraid we are at a crossroads. I still think a bug bounty program is a great idea no matter what scope we start with or progress to. However, the issue of security resources dedicated to this effort needs to be discussed with a very real and tangible outcome and timeline. Whether we decide to pay for these positions and resources or not, the discussion needs to happen. How important is this to OWASP? That's a great starting point IMO....
> 
> Regards,
> 
> Frank
> 
> 
>> On Feb 11, 2016, at 9:49 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>> 
>> Jim
>> 
>> OWASP needs some technical resources urgently, that is clear. This is getting out of hand.
>> 
>> Outside OWASP community , people expect that we practice what we preach. I have been seen a trend in here with rants on twitter about Security issues in OWASP projects and also on the wiki page. They poke fun at us. These issues were reported back in December.
>> 
>> The fact that we have poor resources to manage this makes OWASP vulnerable. I should add this to any 'Top risk-list' OWASP projects are working on :
>> If your company has no resources to fix the security issues, this constitute a high risk to your enterprise.
>> 
>> We are a bunch of security 'experts' peeps preaching security but not executing it,  we have XSS on the same wiki site where we preach 'XSS' security.It is really funny when you look at it.
>> 
>> Agree on Timo that a bug hunting wont help fix issues. We need resources, people working on fixing things.
>> Agree on Kevin that we need a cohesive approach on this issue and not  loosely couple actions that leads nowhere.
>> 
>> I think management needs to make this a priority. 
>> 
>> Cheers
>> 
>> Johanna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160211/f580fa24/attachment.html>


More information about the OWASP-Leaders mailing list