[Owasp-portland] Next FLOSSHack - Tentative Date

Tim tim.morgan at owasp.org
Thu Nov 29 18:34:40 UTC 2012


Hi everyone,

I contacted the developers of ResourceSpace, since David had been
wanting to target this software for a while.  They responded quickly,
and here's part of the response:

"The software has been through several commercial penetration tests
now, funded by large corporations that use the software. However, as
you no doubt know it is never possible to give a 100% guarantee that
the code is secure."


While I agree there's almost always more security issues to be found,
I'm starting to think maybe this isn't the best target for the next
FLOSSHack.  The software is maintained by a for-profit company (who
could pay for auditing) and they've already had it audited multiple
times.  If there were no other options, certainly it's not *bad* to
target this one, but right now I'm thinking OpenMRS or one of the OSU
projects might be better.

What do the rest of you think?

tim


More information about the Owasp-portland mailing list