mailing list archives
RE: Home - Web Application Security Consortium
From: "Arian J. Evans" <arian () anachronic com>
Date: Tue, 29 Jun 2004 22:08:53 -0500
So you were agreeing with me in your response?
How WASC going to play with OWASP? Time will tell, but in my opinion
the more web application security awareness the better. The fundamental
hurtle we have in the industry is education, not the lack of available
solutions. Once the problem is known and understood, applying solutions
is often easy.
I guess it strikes me as odd since OWASP is so well known; clients that
don't understand any of the concepts you mentioned or know who SPI/Whitehats
are frequently know of OWASP. And have downloaded the Top 10.
It seems strange not to have used that vehicle for awareness, since it is
already generating awareness and effectively educating many people. I
fail to see how yet another consortium will help education.
But it is a free world; you undoubtedly have your reasons and I don't like
people putting their nose into my business, so...
I have no vested interested one way or the other in OWASP. My concern
is more around a vendor FUD/hype vehicle, as you probably detected.
I think I hit all the points, hope this helps.
Thanks for explaining. Looking forward to the output of your collective efforts.
Disappointed it's not a community effort, but I also understand how slow
and unfruitful collective community efforts can be.