[Owasp-leaders] On "Insufficient Attack Protection", and the role of OWASP...

Norman Yue norman.yue at owasp.org
Wed Apr 12 05:24:56 UTC 2017

Hey folks,

Greetings from sunny Sydney - I hope this email finds you well. I apologise
for spamming owasp-leaders with this, but I think this is important enough
that this warrants the attention of the international leadership community.

Traditionally, we have been a trusted source of information with regards to
web application information security, providing both tools and technical
reference information to developers and application security professionals,
to help secure the Internet for everyone.

Today, "Insufficient Attack Protection" is actually being considered for
inclusion in an OWASP Top Ten list.

(Constructively, I think this should be replaced with something like
"improper trust modelling", and we push the Google BeyondCorp line of
thinking https://research.google.com/pubs/pub43231.html - the polar
opposite to "buy a waf").

Words do not express my burning rage, and my disappointment that no-one
else appears to feel the same way (I read through the owasp-topten list
before posting this). Do people still care about the future of this
community, and how OWASP is perceived throughout the information security

With best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170412/1fd56d0c/attachment.html>

More information about the OWASP-Leaders mailing list