One last item - we are going to close the survey at the end of the month (Monday, March 31st) so you still have 5 days left.

From: Ryan Barnett
Sent: Wednesday, March 26, 2008 11:12 AM
To: ''
Subject: RE: ModSecurity User Survey - Reminder

Hello everyone,
I just wanted to send out one more note to remind people to try and fill out the ModSecurity User Survey -
It only takes a few minutes and the information that you provide is tremendously useful.  You want to a good example?  In one of the questions, we ask "How can we make ModSecurity better? What functionality do you feel is missing?"  The responses to these questions are important on two fronts -
1) You, the community, are providing valuable insight into webappsec issues you are facing and where ModSecurity is not currently able to address.  This information will be useful for the future development path of ModSecurity as we map out feature requests.
2) On the flip side, there are many requests for features that ModSecurity actually already has!  What this is telling us is that we need to create better documentation on some of these features that are either not well known or perhaps are simply more complex to implement or configure correctly.
Thanks again for time,

From: Ryan Barnett
Sent: Friday, February 22, 2008 10:59 AM
Subject: ModSecurity User Survey

Greetings everyone,

Since we just released a very significant update to ModSecurity yesterday with the 2.5 version, I wanted to send this note out the list.  The 2.5 release is important as it has included many features that were identified by the user community.  This highlights the need for us (Breach) to have a full understanding of how people are using ModSecurity and any challenges you all are facing.  With this in mind, we have put together the first ModSecurity User Survey -


I urge you to please take about 5 minutes and fill out the survey.  With this information, we will be able to map out areas where we need to focus research and development to both the ModSecurity code itself, but also with the rule sets and supporting tools.


Thanks for your time everyone.


Ryan C. Barnett
ModSecurity Community Manager

Breach Security: Director of Training

Web Application Security Consortium (WASC) Member

CIS Apache Benchmark Project Lead


Author: Preventing Web Attacks with Apache