Saturday, 16 March 2013

Where to have AppSec Q&A threads (what about Reddit?)

Note: I wrote this a while back but somehow was stuck on my 'Drafts' folder (but the question is still relevant in March 2013)


So it looks like StackExchange Security is not going to work for WebAppSec and OWASP (since this question is exactly the type of question we should would like to see there How to implement url encryption on .xsl page using OWASP ESAPI?  and that has been closed)) . That said, there are a couple good Q&A on the OWASP tag: http://security.stackexchange.com/questions/tagged/owasp

/div>
And yes we have the Security 101 maling list but that is not really working (look at the traffic) and, practically mailman sucks for this kind of things since we really need something with a threaded/social discussion environment (like StackExchange or Reddit)

So what about Reddit? I really like its GUI/Workflow, already use it quite a lot and we already have a nice home there: http://reddit.com/r/owasp

For example I just posted this question there: http://www.reddit.com/r/owasp/comments/10ayls/secure_spring_frameworkuser_management/ (and in Security StackExchange)... let's see what happens :)

For this to work we need to make sure that owasp reddit community gets some viewing and that there is a way to create regular updates on what is going on in there.

What do you think?