Web Application Security Mailing List - Charter V1.0

Objective
Whilst the webappsec list is an open and free discussion forum, in order to make the list fair and accessible to all while maintaining relevancy, we have developed this list charter. This charter sets out the lists operating rules for both posting and moderating.

Information about subscribing, unsubscribing and the archives can be found at the end of this charter.

Background
The Web Application Security mailing list hosted at securityfocus.com was founded in late 1999. It was originally named "www-mobile-code" and renamed to "webappsec" in 2001 to reflect the real intent and scope. The list is moderated by David Ahmad (david_ahmad@symantec.com).

What is appropriate content?
The list is an open discussion forum for most things related to web application security. Appropriate posts would fall into the following three main categories:

News
Specific news stories about web application security technology, standards, issues, architectures or related topics.

Technical Discussions
Technical discussions abut specific areas of web application security. These may include design, development, deployment, testing or management.

Announcements
Whitepapers that deal with web application security or closely related topics maybe posted. Papers that require a user to register before downloading or receiving the paper must NOT be posted and will be rejected.

Guidelines for Posting

Guidelines for Moderating
The moderator has sole and full discretion over what is appropriate content and what is not. We reserve the right to reject any message however in general all posts will be approved as long as they post within the bounds of this charter.

Conflict Resolution
From time to time people may feel that a post was either approved that shouldn't have been or a post was not approved that should have been. The appropriate way to deal with all moderation and list management issues is to:

1. Refer to this charter.
2. If you still feel a mistake has been made then you should mail the moderator (david_ahmad@symantec.com) offline, explain your concerns and discuss the issue.
3. If you still a mistake has been made you should send the offline email discussion thread with the moderator along with your reasons why you feel this is not appropriate to Alfred Huger (alfred_huger@symantec.com) and copy the moderator.

If you are ever unsure if you should post or feel there is a justified reason why you are posting outside of the charters scope, you can mail the moderator for advice prior to posting.

List Management

How do I subscribe?
Send an e-mail message to webappsec-subscribe@securityfocus.com. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.

How do I unsubscribe?
Send an e-mail message to webappsec-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

How do I disable mail delivery temporarily?
Unsubscribe from the list and resubscribe to start receiving mailing list traffic again.

Is the list available in a digest format?
Yes.

How do I subscribe to the digest?
Send an e-mail message to webappsec-digest-subscribe@securityfocus.com. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.

How do I unsubscribe from the digest?
Send an e-mail message to webappsec-digest-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer.

I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from which you are sending commands to the list from. Either send email from the appropriate address or email listadmin@securityfocus.com to be unsubscribed manually.

Can you add a tag like "[webappsec]" to the subject line of each message? Not at this time. How can I tell whether I am subscribed to the list?
Send an e-mail message to webappsec-query@securityfocus.com. If you want to test whether you are subscribed to the digest send an e-mail message to webappsec-digest-query@securityfocus.com.


Privacy Statement
Copyright 2006, SecurityFocus