Thursday, 4 October 2012

OWASP and Privacy issues, we need to be involved

Following the original post of https://www.owasp.org/index.php/User_Privacy_Protection_Cheat_Sheet and an owasp-leaders thread on 'OWASP should not have a political voice', I wrote this:




Well we can't ignore reality. That CS (CheatSheet) raises a lot of good points and provides very valuable information to devs who want to support their users that way.

I don't think that the solution for OWASP is to curate the content based on political sensitives (since they vary around the world).

The solution is surely to present the multiple points of view (maybe even on different CS) and cross-link them. Why don't we have a CS on 'User Privacy protections accepted by governments" or "User Privacy for the user that has nothing to hide"

Privacy is very important topic , but due to trying to be 'politically correct' OWASP has failed to be involved. I'm glad this is starting to change, the politics are coming to WebAppSec so we need to accept that, and present technically correct analysis and guidance on 'hot' topics

And remember that the beauty of OWASP's open and Wiki-driven model is that if you don't like something, you can create a better one next door, and with time, the best one will gain the limelight/credibility/reputation (which is why 'Reddit like threads' are SO important for OWASP)


Edit: Here is a reddit page for this CheatSheet