[Owasp-leaders] On "Insufficient Attack Protection", and the role of OWASP...

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Wed Apr 12 09:19:01 UTC 2017


I agree to change the name from "Insufficient Attack Protection" but not to
Improper Trust Modeling".

I suggest to change it to "Insufficient Attack Detection and Response".


On Wed, Apr 12, 2017 at 7:24 AM, Norman Yue <norman.yue at owasp.org> wrote:

> Hey folks,
> Greetings from sunny Sydney - I hope this email finds you well. I
> apologise for spamming owasp-leaders with this, but I think this is
> important enough that this warrants the attention of the international
> leadership community.
> Traditionally, we have been a trusted source of information with regards
> to web application information security, providing both tools and technical
> reference information to developers and application security professionals,
> to help secure the Internet for everyone.
> Today, "Insufficient Attack Protection" is actually being considered for
> inclusion in an OWASP Top Ten list.
> (Constructively, I think this should be replaced with something like
> "improper trust modelling", and we push the Google BeyondCorp line of
> thinking https://research.google.com/pubs/pub43231.html - the polar
> opposite to "buy a waf").
> Words do not express my burning rage, and my disappointment that no-one
> else appears to feel the same way (I read through the owasp-topten list
> before posting this). Do people still care about the future of this
> community, and how OWASP is perceived throughout the information security
> industry?
> With best regards,
> Norm
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Azzeddine RAMRAMI
+33 6 65 48 90 04.
OWASP CSRFGuard Project Leader
OWASP Leader (Morocco Chapter)
Cognitive Security Expert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170412/9e366d3b/attachment.html>

More information about the OWASP-Leaders mailing list