Actually, it would show we are arrogant and cavalier about security - which are about the worst things you can be in the eyes of an enterprise customer.
People who are serious about security TEST the security of their software in a professional, systematic way. They get experts in the field and folks who really know what they are doing to make sure nothing in their code or deployment is opening up websites to attack or possible compromise of data. The whole "opening your software to hackers" thing is a stunt - a stunt with very little if any upside, and a huge potential downside. If someone brings your server to its knees with a Denial of Service attack or a weakness in the OS you are running on, you can complain from now until eternity that it wasn't "fair" but the only coverage you are going to get is "Plone gets hacked." If no one is able to hack the site, its not really something worthy of coverage, now is it? Afterall, we are already well known as having one of the best security records of any CMS. If Plone had previously been weak on security, and had gotten its act together, this might make sense. But in reality -- where Plone is a VERY secure system with a long-term record of protecting sites and data -- this kind of circus stunt is not a good idea. Mark Mark A Corum User Interface Designer | Online Marketer | Certified ScrumMaster markcorum on AOL, Googletalk, MSN, Skype, Meebo, TokBox, Facebook, Twitter and Yahoo; "Light up the darkness." - Bob Marley "Quis custodiet ipsos custodes?" (Who watches the watchmen?) - Juvenales, Satires "No matter where you go ... there you are." - Buckaroo Banzai On Thu, Nov 26, 2009 at 4:06 PM, Dylan Jay <d...@pretaweb.com> wrote: > Worst case is really bad publicity. But then is it? > If it got hacked we'd patch it immediatly and patch most systems out there > and we'd explain how that system works in advance. Basically use it to > explain how open source increases security and speed of patches. > It would also show that we take security seriously. > > Dylan Jay > Technical solution manager > PretaWeb 99552830 > > On 27/11/2009, at 2:09 AM, Norman Fournier <nor...@normanfournier.com> > wrote: > >> Hello, >> >> Worst case scenario. What if we are wrong? >> >> Some smart punk hacks the plone and posts the hack or hints somewhere. How >> many Macs can we afford to give away? How long can we afford to pay lawyers >> to fight spurious claims in court? >> >> A risk analysis should be air-tight before any contest is publicized. Even >> the smallest give-aways are fraught with legal complications which is why >> contest legal copy takes so much space on an entry form. >> >> For me, I am not liking this idea at all. I think there may be more >> positive ways for plone to get this message across without exposing the >> software to a million punk hackers with a goad like both Screw Plone and Win >> a Mac at the same time! >> >> My $.02. >> >> Norman >> >> On 2009-11-25, at 10:28 PM, Nate Aune wrote: >> >>> I think it's a great idea. Set up a server (perhaps using the >>> Hardening Plone howto below) and let the games begin! >>> http://plone.org/documentation/how-to/securing-plone/ >>> >>> Nate >>> >>> On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke >>> <juhase...@googlemail.com> wrote: >>>> >>>> Hi all, >>>> >>>> what do you think about a hacking contest? We setup a plain plone site >>>> and who ever hacks it first wins a mac or a playstation or whatever. >>>> >>>> All exploits must be documented of course so that we can fix them. >>>> >>>> We promote Plone as a secure system and can document it with the CVE >>>> entries but often people say, yeah, but there are a lot less installations >>>> of Plone than there are of PHP-systems, so you cannot compare the figures. >>>> >>>> So lets challenge the hackers! >>>> >>>> This could be an online event with a great publicity effect may be in >>>> the run-up to the World Plone Day. >>>> >>>> What do you think? >>>> juh >>>> >>>> Jan Ulrich Hasecke >>>> (DZUG e.V.) >>>> >>>> -- >>>> DZUG e.V. (Deutschsprachige Zope User Group) >>>> www.dzug.org >>>> www.zope.de >>>> >>>> >>>> _______________________________________________ >>>> Evangelism mailing list >>>> Evangelism@lists.plone.org >>>> http://lists.plone.org/mailman/listinfo/evangelism >>>> >>>> >>> >>> >>> >>> -- >>> Nate Aune - na...@jazkarta.com >>> http://www.jazkarta.com >>> http://card.ly/natea >>> +1 (617) 517-4953 >>> >>> _______________________________________________ >>> Evangelism mailing list >>> Evangelism@lists.plone.org >>> http://lists.plone.org/mailman/listinfo/evangelism >> >> >> _______________________________________________ >> Evangelism mailing list >> Evangelism@lists.plone.org >> http://lists.plone.org/mailman/listinfo/evangelism > > _______________________________________________ > Evangelism mailing list > Evangelism@lists.plone.org > http://lists.plone.org/mailman/listinfo/evangelism > _______________________________________________ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
