Hey Michael -- This sounds right up my ally. I'll jump on the list and post some more info over there.
Jacob On Tuesday, January 14, 2014, Michael Coates <michael.coa...@owasp.org> wrote: > Django Developers, > > Hello! Over at OWASP I've started a framework security project. Our goal > is to capture the security posture, options and capabilities of different > frameworks. Through this we can educate developers on how to enable > security controls in the framework and also work with frameworks to gain > adoption of any missing capabilities. > > When I was leading the security team at Mozilla we worked with Django a > ton. You guys have always been on the leading edge of framework security. > It was an easy choice to start with Django for the OWASP framework security > project. > > Would any of you be interested in helping out with our project? > > Ways to help: > 1. Information gathering - we're putting together a standard list of > security controls in frameworks and django's support (we'll move to other > frameworks with this model). You can provide info here: > https://docs.google.com/a/owasp.org/spreadsheet/ccc?key= > 0AhSfMVkfLvsldEltRUEwMkUydVVrMkNyVW1vbGxLaXc#gid=0 > > - Please suggest additional security controls we should have in column A > - We also need to capture if Django supports the different controls, the > version added, default options, etc > > 2. Assistance with adding missing controls > This will come later, but if we find any missing controls it would be > great to understand the best way to work together to get them added. > > 3. Join the mailing list > https://lists.owasp.org/mailman/listinfo/owasp_framework_security_project > > Any thoughts or ideas are welcomed. We're in the beginning and will > continue to flush out the project as we go. > > > > Thanks! > > -- > Michael Coates > @_mwc > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com<javascript:_e({}, > 'cvml', > 'django-developers%2bunsubscr...@googlegroups.com');>. > To post to this group, send email to > django-developers@googlegroups.com<javascript:_e({}, 'cvml', > 'django-developers@googlegroups.com');> > . > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/d5305915-8298-465a-bc8a-ec2df73b3587%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAK8PqJHeKNahO2qrfnUE4drog6N%2BbAOdGQj%3D6tZzobsiQQQh%2BA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
