Re: The Original Web Security Mailing List

[Jeremiah Grossman <jeremiah () whitehatsec com>]

comments inline:

On Monday, May 9, 2005, at 03:53  PM, Arian J. Evans wrote:

> I would like to point out that there is an existing list with a large 
> membership
> for this topic located at webappsec () securityfocus com.

While I'm not sure of the actual size of webappsec@sf list, the traffic 
has been limited and slow just the same for quite some time.  But as 
you probably know, there is top-notch WebAppSec conversation occurring 
all over. Just not in a public-list forum where it would be of 
exceptional value to a larger audience. WASC, through a network members 
and contributors, felt we could increase community discussion by 
gathering a large contingent of organizations and leading experts to 
cover a larger array of web application security topics.


> If you are dealing with application security related compromise issues,
> webapp or otherwise, I'd include the sf list at a minimum (in addition 
> to
> questions about any of the topics below).

If subscribers feel the need to cross-post amongst the two lists, they 
should feel free to do so. Several lists such as secprog and sc-l are 
similarly focused and coexist nicely.

> webappsec () securityfocus com is the home of the OWASP (www.owasp.org)
> mailing list which addresses the same topics listed below. WASC (below)
> is a new organization predominantly organized by web application 
> "security"
> product-vendors. The OWASP organization is predominantly organized by
> consulting services vendors.

Your definition of OWASP (as a participant) may be true enough, but is 
certainly not accurate for WASC. Today WASC includes a wide variety of 
contributing industry practitioners (enterprise and government) and 
vendors (scanners, firewalls, service providers, consultants, etc.) 
Member and contributor numbers have expanded exceptionally fast during 
our first year to include developers, quality assurance, and security 
professionals.


> Definitely worth utilizing both lists and keeping
> in mind potential for bias (e.g.-for or against automated widgets) on 
> both lists.

The moderation of our list will have no bias for or against any 
particular kind product or methodology. Our goal is open dialog amongst 
the subscribers and conclusions drawn by the reader. We want to be as 
hands-off as possible as this enables the best information exchange.


> Since most of this list's traffic is L3/L4 I'm not sure how helpful 
> either list
> will be for the Intrusion topic, but if the subject of another Santy 
> type worm
> comes up there's peoples on both those lists with strong appsec 
> knowledge.
>
> -ae
>
> > -----Original Message-----
> > From: intrusions-bounces () lists sans org
> > [mailto:intrusions-bounces () lists sans org]On Behalf Of
> > contact () webappsec org
> > Sent: Sunday, May 08, 2005 4:18 PM
> > To: intrusions () lists sans org
> > Cc: contact () webappsec org
> > Subject: [Intrusions] Announcement: The Web Security Mailing List
> >
> >
> > The Web Application Security Consortium (WASC) is proud to
> > present 'The Web Security Mailing List'.
> >
> > What is The Web Security Mailing List?
> > The Web Security Mailing List is an open information forum
> > for discussing topics relevant to
> > web security. Topics include, but are not limited to,
> > industry news and technical discussions
> > surrounding web applications, proxies, honeypots, new attack
> > types, methodologies, application
> > firewalls, discoveries, experiences, web servers, application
> > servers, database security, tools,
> > solutions, and others.
> >
> >
> > To post a message send an email to: websecurity () webappsec org
> >
> > Subscribe by sending email to: websecurity-subscribe () webappsec org
> >
> > Unsubscribe by sending email to:
> > websecurity-unsubscribe () webappsec org
> >
> >
> > Regards,
> >
> > - Robert Auger
> >
> > contact_at_webappsec.org
> > http://www.webappsec.org
> >
> >
> > --------------------------------------------------------------
> > ----------------------
> > The Web Security Mailing List Charter
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives
> > http://www.webappsec.org/lists/websecurity/archive/
> >
> >
> > _______________________________________________
> > Intrusions mailing list
> > Intrusions () lists sans org
> > http://www.dshield.org/mailman/listinfo/intrusions