<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ks_c_5601-1987">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Malgun Gothic";
        panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Malgun Gothic";
        panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        color:black;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=KO link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span lang=EN-US style='color:black'>Upps¡¦<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'>Sorry Jeff I really don¡¯t
know<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'>I will naver talk about
like that<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'>Forgive me¡¦<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='color:black'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> owasp-leaders-bounces@lists.owasp.org
[mailto:owasp-leaders-bounces@lists.owasp.org] <b>On Behalf Of </b>Jeff
Williams<br>
<b>Sent:</b> Wednesday, December 23, 2009 2:14 AM<br>
<b>To:</b> owasp-leaders@lists.owasp.org; loredana.mancini@business-e.it<br>
<b>Subject:</b> Re: [Owasp-leaders] R: Re: OWASP testing and disclosure levels<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Again, the point is to let organizations communicate their
security testing and disclosure preferences easily.&nbsp; Some companies will
choose to be open and gain the benefit of engaging the security
community.&nbsp; Others will remain closed and continue to ask the world to
blindly trust them.&nbsp; All the questions you ask should be answered by the
standard that these badges represent.<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>--Jeff<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> owasp-leaders-bounces@lists.owasp.org
[mailto:owasp-leaders-bounces@lists.owasp.org] <b>On Behalf Of </b>daniel
cuthbert<br>
<b>Sent:</b> Tuesday, December 22, 2009 10:53 AM<br>
<b>To:</b> loredana.mancini@business-e.it; owasp-leaders@lists.owasp.org<br>
<b>Subject:</b> Re: [Owasp-leaders] R: Re: OWASP testing and disclosure levels<o:p></o:p></span></p>

</div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span lang=EN-US>Badges, we don't need no stinking badges (<a
href="http://www.youtube.com/watch?v=-lj056ao6GE">http://www.youtube.com/watch?v=-lj056ao6GE</a>)<o:p></o:p></span></p>

<div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span lang=EN-US>I love the idea but think there would need
to be some serious consideration when it comes to any business in the UK
allowing this. Not forgetting that amazing bit of legislation that specifies
&quot;it is illegal to make a computer perform a function.....&quot; would
render most testing attempts illegal.&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span lang=EN-US>How would a researcher go about testing the
site? Would they first have to make contact with the site owners and state
their intention or would it be automatically assumed they have permission, if
the badge was shown somewhere on the site?&nbsp;<o:p></o:p></span></p>

</div>

<div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

</div>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

<div>

<p class=MsoNormal><span lang=EN-US>2009/12/22 &lt;<a
href="mailto:loredana.mancini@business-e.it">loredana.mancini@business-e.it</a>&gt;<o:p></o:p></span></p>

<p class=MsoNormal><span lang=EN-US>Hi,<br>
<br>
I am really interested in this project/idea, because my feeling is that it is
something needed, but when speking with industries about these topics lots af
doubts arise and it is not easy for them to accept this vision.<br>
<br>
Very often technical/expert people have to struggle with management, legal,
administrative/ecc. to show the value of these activities and behaviour models.<br>
<br>
Microsoft as well, &nbsp;started from far away to reach this point.....<br>
<br>
So I would like to be involved in this project, please let me know, bye
Loredana<br>
Sent from my BlackBerry¢ç wireless device<o:p></o:p></span></p>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><br>
-----Original Message-----<br>
From: &quot;Jeff Williams&quot; &lt;<a href="mailto:jeff.williams@owasp.org">jeff.williams@owasp.org</a>&gt;<br>
Date: Mon, 21 Dec 2009 21:08:53<br>
To: &lt;<a href="mailto:owasp-leaders@lists.owasp.org">owasp-leaders@lists.owasp.org</a>&gt;<br>
Subject: Re: [Owasp-leaders] OWASP testing and disclosure levels<o:p></o:p></span></p>

</div>

<p class=MsoNormal><span lang=EN-US>_______________________________________________<br>
OWASP-Leaders mailing list<br>
<a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
<br>
_______________________________________________<br>
OWASP-Leaders mailing list<br>
<a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><o:p></o:p></span></p>

</div>

<p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p>

</div>

</div>

</body>

</html>