Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry

[robert@xxxxxxxxxxxxx]

> I think that there is a third way (and many others), and that was the
> original purpose in starting OWASP, and I am quite sure that is the
> reason behind WASC as well. This "third" way is education. I am

Education was the purpose for WASC and ensuring that all created content is free for everyone. We sell no services nor advertising
and are entirely run by volunteers who have brought their expert knowledge free of charge (again we thank you guys). We are not sponsored by any company 
(product, nor services, nor other) and site/list administration/hosting comes out of my pocket at a loss. Speaking of which
anyone in the silicon valley area know of a fairly cheap colo provider? (send reply offline)

In regards to the article there is one project run by the guys at attrition.org that many of you may not have heard of called
Vulnerability Information Managers (VIM) http://www.attrition.org/mailman/listinfo/vim . The goal of this project is to debate and identify 
fake or incorrect vulnerabilities (more goals listed at the url above) and work with companies such as securityfocus to ensure
that the vulnerabilities posted are accurate. There are many venues for good in the security industry, however the points in Marcus's
article do reflect a shift in then, verses now. 
 
Regards,
- Robert Auger
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]