[Global_membership_committee] Checkmarx & OWASP - barter-in-trade posibilities
Martin Knobloch
martin.knobloch at owasp.org
Tue Mar 20 14:14:07 UTC 2012
Hi Moni, Asaphs,
As we, Moni and myself, just discussed during the phone call, hereby the
considerations about the possibilities of a barter deal between OWASP and
Checkmarx.
*First of all, the appropriate contact to negotiate a barter-in-trade
arrangement with OWASP is the OWASP Membership Committee! *
Therefore, I have added the Membership Committee to this email!.
*About the context:*
Asaphs (from Checkmarx) suggested a barter-in-trade arrangement with OWASP
in an email to Kelly:
They were discussing the potential use of Checkmarx software for some of
OWASP training seminars relating to source code analysis.
In general, he considerations (during the email thread following up on this
email) is, OWASP should not trade a 5k membership for a course
However, as Checkmarx does offer a SaaS for code scanning, I suggested to
Moni this would be a much higher value for OWASP and more likely been
accepted as a barter-in-trade arrangement.
*About the code scanning:*
Previously OWASP had an agreement to scan all OWASP owned sources for
free. This is done and maintained by the "OWASP Source Code Review OWASP
Projects Project" (
https://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project
)
As Fortify has been acquired by HP, this had stopped being continued. For
Checkmarx, this would be a great opportunity to step in, continuing this
project with Checkmarx tooling!
If Checkmarx is willing to offer the SaaS code scan to OWASP owned source
code, the terms and conditions have to be defined!
(just some point out of my head)
1. how to offer this service to OWASP
2. assign contacts about this service from Checkmarx and OWASP
3. ...
As I am busy with the OWASP Student chapter Program, this would be a great
opportunity for Students to get experienced with practical code scanning.
Would Checkmarx agree to having OWASP related students executing the code
review for OWASP on OWASP source code only, under supervision of a more
senior OWASP member?
To have an idea about what to expect, see the OWASP tool projects at:
https://www.owasp.org/index.php/Category:OWASP_Project
NOTE: All source code of OWASP is open and free available, as all in OWASP
the results of the code scans will be open and public available!
I hope this helps!
Cheers,
-Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_membership_committee/attachments/20120320/5e623507/attachment.html>
More information about the Global_membership_committee
mailing list