[Owasp-dotnet] Fwd: OWASP, Evangelism and Ounce

Dinis Cruz dinis at ddplus.net
Thu Apr 19 09:57:48 EDT 2007 

Just FYI

---------- Forwarded message ----------
From: Dinis Cruz <dinis at ddplus.net>
Date: Apr 19, 2007 2:43 PM
Subject: OWASP, Evangelism and Ounce
To: owasp-leaders at lists.owasp.org

Hi, today I would like to make an  announcement about a change in my
professional live which should have very  positive site effects on my
contributions to the community (and hopefully to  the state of the
security of the applications we all use.

I basically  decided to accept a very generous (and flexible) offer by
OunceLabs (http://www.ouncelabs.com) to (as a contractor and  special
advisor) help with the development of their product and on  their
technical consultancy services.

As you know I value my  independence and integrity very highly and am
happy to say that the contract  with Ounce will still allow me to work on
other projects (i.e. I am only  committed to Ounce a certain number of
days per month). Basically I am  replacing my current recurring contact
with a global bank with a recurring  contract with source code security
scanner vendor.

This changes  nothing on my current OWASP responsibilities and
commitment. If anything it  will increase it since Ounce benefits
enormously with OWASP's growth,  maturity and reach.

I am still 100% committed to OWASP values, and please  let me know (and
hit me on the head) if I go off on weird  tangents.

One of the reasons I chose to accept Ounce's proposal was  the
opportunity to work and help to develop the next generation of  source
code scanners (especially in the .NET area). As you know I do  have
strong views on how they should work, what they should do and where  they
should be used, and it is my plans to document and blog about it as  much
as possible.

Of course that when I speak with my OWASP hat I will  have to be
independent which means that I will not make those posts  'under-
cover marketing messages' or anti-Fortify (the main competitor)  rants.

This will also be an opportunity to start defining better how  OWASP
materials should be referenced since OunceLabs is one of the  companies
that currently 'abuses' OWASP's top 10 (them and every other web  app
scanner). So I view as one of my responsibilities to sort this mess  out
and really clarify what (using the Top 10 as an example) can and  can't
be detected using XYZ tool/technique.

This means that OWASP's  board will now be made of 1 member from a vendor
organization (me) and 3 from  a training/consulting company (Jeff, Andrew
and Dave (all from Aspect)). Side  Note, it would be interesting to do a
similar analysis about our project and  chapter leaders.

As committed as always to OWASP,

Dinis  Cruz
Chief OWASP Evangelist
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-dotnet/attachments/20070419/34149cdc/attachment.html

More information about the Owasp-dotnet mailing list