[Owasp-testing] WARNING: Dummies & Managers Ahead (aka my 2cents for you...)

Mark Roxberry mark.roxberry at mpi.us.com
Wed Oct 18 13:50:03 EDT 2006


I don't want to prolong this anymore, but I'd recommend that we enforce that
it be a very brief description (I'd say a bullet item - powerpoint stuff).
You'll lose the reader if he/she's an idiot anyway ;)

 

Regards,

 

Mark

 

  _____  

From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Wednesday, October 18, 2006 1:42 PM
To: Matteo G.P. Flora
Cc: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] WARNING: Dummies & Managers Ahead (aka my
2cents for you...)

 

HI Matteo,

If the majority of the team wish to add the "idiots guide" (this makes me
smile), then so be it, cool.

 

I think we should be carefull that we dont reinvent  the wheel or repeat
definitions that we already have on the site. We can simply add a URL to a
section on the OWASP site to the same information.?

 

Matteo (Meucci), as technical AoC lead, its your call, if thats  ok with
everyone?

 

Eoin

 



 

On 18/10/06, Matteo G.P. Flora <mf at matteoflora.com> wrote: 

On 10/18/06, Eoin <eoinkeary at gmail.com> wrote:
...
> I think the  agreement already is to stick to the "how to test"
information 
> and leave the theory and background other section of the site which
already
> exist.

Hi Eoin and thanx for the answer,

sorry for being blunt, but I humbly think this way you'll just loose
80% of the audience. 
The world isnt' made by pentest-geniouses and while I don't suggest to
explain "what a cookie is" I strongly suggest to give the idiots a
chance...

"That's, of course, just my 2eurocents, but you can't suppose everyone 
will know everything and all the document risks to be setted in a
corner for reference only by managers. And this means it will be
setted in a corner by decision makers. And this means less and less
adoption... 

That's, of course, just my opinion having to handle to tenths of
organizations that choose ISO27001 over OSSTTMM for VA only because
thay understand the former and not the latter...

This said it's not a religious belief on my side and I may be (and 
probabily am) wrong...

Think about how many people know laws... And what's the problem of laws?

"The former article XXX of YYY is changed according to YYY and XXX
while articole WWW will modify TTT to be real at EEE on ZZZ." 



My 2eurocents as always and I'll not pursue this more.

MgpF

--
Matteo G.P. Flora | mf at matteoflora.com | www.MatteoFlora.com
<http://www.MatteoFlora.com> 
Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
Privacy & Security Consultant | Forensic Examiner | SEO Expert
Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com




-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html 
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20061018/3cc34a7c/attachment-0002.html 


More information about the Owasp-testing mailing list