[Owasp-portland] Next FLOSSHack - Tentative Date
tim.morgan at owasp.org
Thu Nov 29 18:34:40 UTC 2012
I contacted the developers of ResourceSpace, since David had been
wanting to target this software for a while. They responded quickly,
and here's part of the response:
"The software has been through several commercial penetration tests
now, funded by large corporations that use the software. However, as
you no doubt know it is never possible to give a 100% guarantee that
the code is secure."
While I agree there's almost always more security issues to be found,
I'm starting to think maybe this isn't the best target for the next
FLOSSHack. The software is maintained by a for-profit company (who
could pay for auditing) and they've already had it audited multiple
times. If there were no other options, certainly it's not *bad* to
target this one, but right now I'm thinking OpenMRS or one of the OSU
projects might be better.
What do the rest of you think?
More information about the Owasp-portland