[Owasp-portland] Next FLOSSHack - Tentative Date

Tim tim.morgan at owasp.org
Thu Nov 29 18:34:40 UTC 2012

Hi everyone,

I contacted the developers of ResourceSpace, since David had been
wanting to target this software for a while.  They responded quickly,
and here's part of the response:

"The software has been through several commercial penetration tests
now, funded by large corporations that use the software. However, as
you no doubt know it is never possible to give a 100% guarantee that
the code is secure."

While I agree there's almost always more security issues to be found,
I'm starting to think maybe this isn't the best target for the next
FLOSSHack.  The software is maintained by a for-profit company (who
could pay for auditing) and they've already had it audited multiple
times.  If there were no other options, certainly it's not *bad* to
target this one, but right now I'm thinking OpenMRS or one of the OSU
projects might be better.

What do the rest of you think?


More information about the Owasp-portland mailing list