[Owasp-leaders] Misunderstanding in Media about OWASP projects

Dinis Cruz dinis.cruz at owasp.org
Sun May 14 11:13:30 UTC 2017

Nicely put Johanna

Actually the Summit now has a full track dedicated to the Owasp Top 10 2017
<http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017> with the
following Working Sessions:

   - Data behind Owasp Top 10 2017
   - A10 - Underprotected APIs
   - A7 - Insufficient Attack Protection
   - What Should be Added to the Top 10
   - Implications of Owasp Top 10 2017
   - Is the Owasp Top 10 Data Collection Open
   - Sign Ceremony for Owasp Top 10 2017

If you have any comments, or data, or ideas for the Owasp Top 10 2017,
please actively participate on this Working Sessions.

As you can see, the objective is to reach an agreement by the end Summit,
so if you don't raise your voice and ideas now (with data and documentation
to back it up), don't complain later.

Now is the time to act. If you want to make a difference in what the Owasp
Top 10 2017 will look like, the Owasp Top 10 2017
<http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017> Track is the
place to do it.

And if you are not able to make it to Summit in London (even if just for
one day), you can participate remotely

On the topic of Media handling, I completely agree that it is an issue we
need to tackle. On the Security Playbooks
<http://owaspsummit.org/Working-Sessions/Security-Playbooks/> track we now
have an Media Handling Playbook
Session which could be expanded to cover* 'how to provide accurate
information to media'*


On 14 May 2017 at 12:00, johanna curiel curiel <johanna.curiel at owasp.org>

> The article on DarkReading states:
> *"OWASP is now stating that companies need to have some sort of WAF or
> RASP technology to detect, respond, and patch. This is going to be a
> controversial one as it's a mitigation to a vulnerability and not a
> vulnerability in itself,"*
> *This statement is wrong.*
> Please, is not OWASP as foundation saying this. Project leaders are
> autonomous on deciding how to manage their projects, OWASP  foundation only
> supervises that Project leaders behave within a code of conduct and
> guidelines.
> OWASP is a community and stands for OPEN  therefore if you do not agree
> with something JOIN US and come discuss it. You have as a contributor all
> the power to influence the outcome of every single project and the Top 10
> is one of them
> Join the discussion and the list, even better , come to the OWASP SUMMIT
> 2017 in London
> http://owaspsummit.org/Working-Sessions/Owasp-Top-10-
> 2017/Data-behind-OWASP-Top-10-2017.html
> where Dave & Team will be there to discuss more about it
> http://www.darkreading.com/application-security/owasp-
> top-10-update-long-overdue-or-same-old-same-old/d/d-id/
> 1328608?piddl_msgid=326967#msg_326967
> --
> Johanna Curiel
> OWASP Volunteer
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170514/4afb4c0c/attachment.html>

More information about the OWASP-Leaders mailing list