[Owasp-leaders] Are we helping Hackers or helping Application security?

Josh Sokol josh.sokol at owasp.org
Fri May 20 04:30:08 UTC 2016


While I agree with the sentiment that I've heard from others about ZAP
being just a tool that a person can use for good or bad, one thing that
Johanna says (via Mark Curphey) here does strike a bit of a chord with me.
I've always looked at OWASP projects as a bunch of disparate,
uncoordinated, people working in silos.  On the positive side, this
approach enables our volunteers to follow their passion and work on the
things that excite them.  On the negative side, it is the reason why people
have a very difficult time separating the wheat from the chaff in the world
of OWASP projects.  At the end of the day, this is why we've created
buckets like "incubator", "lab", and "flagship" to try to put a label on
maturity across our sea of projects.  I feel that one of the things that
the OWASP Foundation lacks is a full-time CTO type of position.  Someone
who can look at OWASP like a business, analyze the spaces that we play in
(building, breaking, and defending), identify the areas where there aren't
good open source tools, and then drive efforts across a larger subset of
our volunteers to close those gaps.  They should be considering things like
code quality and security and ensuring that efforts are spent writing
according to standards and best practices.  Personally, I would like to see
the current opening for a "Senior Technical Project Coordinator" morph into
this role and handle things like OWASP's strategy for our IT resources
alongside these project responsibilities.  Ultimately, if 100 developers
want to develop 100 projects under the OWASP umbrella, then I think that
there should still be a place for them to do that, but you can only move
the ball forward so much acting in a silo.  OWASP's true strength is in our
community and I feel that by collaborating on some more strategic
initiatives, we can have a far bigger impact than what we do today, for the
most part.  Am I way off base here or are there others who would like to
see us move in a bit more strategic of a direction than we have to date?

~josh

On Thu, May 19, 2016 at 9:57 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hey Tony
>
> Respectfully, and that you understand, I'm more than a ZAP fan. I
> contribute/promote this project . Don't get me wrong, ZAP is my favourite
> tool and I just feel like they have used something I care for bad purposes,
> like thieves that steals your car to commit a bank robbery.
>
> I think we need to at least incentive(not only financially) and motivate
> more research into defending applications. Our defender projects help but
> they are far out cry to really make a difference.
>
> I would like to see more energy to promote this and I believe research and
> fostering this sphere can help create great things.
>
> >>then sorry to break it to you that the Catalan police don't give a "PM"
> (spanish) or "F" about your F.
>
> Well the catalan police does care the hacker has leaked all private
> personal data of the police team, this is serious.
> http://ccaa.elpais.com/ccaa/2016/05/18/catalunya/1463551156_428987.html
> " Además, SME está atendiendo a los policías perjudicados a través de sus
> delegados sindicales y del teléfono fijo del sindicato. Los *mossos* temen
> el uso que se pueda hacer de sus datos privados en los círculos
> antipoliciales"
>
> PM? Puta Madre? Pura Mierda?  joder, a la policía si le importa un cono,
> tal vez no mi F pero saben que no pueden hacer nada...ni sobre ellos que
> están maldiciendo a Phineas...😂 sino el video todavía estuviera
> accesible en YouTube
>
> Ahi que *bonito* se ve este video en todo su esplendor mostrando como se
> usa OWASP ZAP hackeando a la policia catalana...
>
> I feel torn when the video opened and showed this...
>
> https://drive.google.com/file/d/0B28S4R_cON7JMVNnNl9FbnQ4djg/view?usp=sharing
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160519/0a709674/attachment.html>


More information about the OWASP-Leaders mailing list