[Owasp-leaders] Fwd: OWASP Certification - PureIQ

Juan C Calderon johnccr at yahoo.com
Sat Jan 23 23:25:01 EST 2010 

I agree with Stephen

Jim, there is at least 3 Red Hat Certifications offered by Brainbench[1], RedHat one is the most recognized, but there is no limitations in others offering certifications on RedHat's Open Software. It is just that if brainbench and Redhat both offer the certification, you will tend to go for readhat one as might be better or more "official". 

The name of the certification is "PureIQ Certified OWASP Professional" [2] which I think is fine, it is the
shorter name "OWASP (PCOP) Certification" that I don't like as it looks misleading to me. To be in compliance with OWASP brand rules[3], they should include the "OWASP does not endorse, blah, blah...." legend and modify their Exam description as "This exam tests a candidate's knowledge and skills necessary to understand and support the OWASP" is not accurate,  By having this certification I don't think you support OWASP explicitly.

My perception is there is no clear path to follow nor very clear guidelines on this topic. So my personal suggestion will be that we create a "Ombuds Person" figure on the board that can be in charge of 1) defining a clear posture (based on comunity feedback, OWASP values and mission) on developing certification and other materials based in OWASP materials, 2) address any concerns related to OWASP Brand usage, 3) keep record and publish all the concerns, follow ups and resolutions to the OWASP community. All this in the best interest of both people willing to promote OWASP and OWASP itself. So working togheter is the best way in my opinion and this person might help external people understand the correct usage of OWASP brand and allow those blanks to be filled out in the right way.

What do you think?

Regards,
Juan Carlos

1. http://www.brainbench.com/xml/bb/individuals/individuals.xml (enter Red Hat and press ENTER)
2. http://www.pureiq.com/eng/owasp-pcop-certification 

3. http://www.owasp.org/index.php/OWASP_brand_usage_rules



________________________________
From: Jim Manico <jim.manico at owasp.org>
To: owasp-leaders at lists.owasp.org
Sent: Sat, January 23, 2010 6:26:51 PM
Subject: Re: [Owasp-leaders] Fwd: OWASP Certification - PureIQ

 I think we have no choice but to either build our own "OWASP
certification series", or sanction others to do it.

If we sanction others to do it (best path, I think) then we should
provide approval+quality control services (up front) and charge a
reasonable royalty fee.

PureIQ is neither a supporting member of OWASP, nor did they inquire
first. I think that what they did was very much out of integrity.

I do not see a lot of folks offering Red Hat certification programs.
There is really one official Red Hat certificate program http://www.redhat.com/certification/ . Now, many folks offer training to pass those certs - that's the part
that really is wide open. So I think anyone can offer training for OWASP
exam preparation, but only a limited number of orgs should provide
official OWASP certification.

- Jim


The distinction is important, but it clearly gave the impression of 
>being an OWASP certification, not an PureIQ certification.
>
>-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
>Principal Security Consultant
>
>
>Stephen de Vries wrote:
>
>Correct me if I'm wrong, but I don't think third parties require permission to use a trademark that way.  Anyone can offer a Redhat, Solaris, XYZ cert without paying royalties or reaching any kind of arrangement with those companies.
>>So there's nothing out of the ordinary about what PureIQ are doing, they're offering a _PureIQ certification_ of OWASP material, not an OWASP certification.  What could be more interesting for us is to allow them to offer _The OWASP Certification_ with an official stamp of approval if it meets the grade.
>>
>>Stephen  
>>
>>
>>On Jan 23, 2010, at 7:50 PM, Jeremy Epstein wrote:
>>
>>
>>
>>I'm with Ralph on this.  Seems to me they're hoping to keep selling
>>>using the OWASP trademark while a deal is negotiated - even if it's in
>>>good faith, they need to stop using the OWASP term now, and then
>>>discuss.
>>>
>>>On Sat, Jan 23, 2010 at 1:32 PM, Ralph Durkee <rd at rd1.net> wrote:
>>>
>>>
>>>As much as I would like to see an OWASP certification. We should stick with
>>>>our decision for now and ask them not to use the OWASP name without
>>>>approval. If they want to submit a propsal we should consider it later in
>>>>the year.
>>>>Rehashing this more than 1/yr is probably too much.
>>>>Also I am very concerned that they would take this course without engaging
>>>>OWASP. Doesn't refect well on how they do business.
>>>>
>>>>-- Ralph
>>>>On Jan 23, 2010, at 5:20 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>>>>
>>>>Hi leaders,
>>>>Please see below an olive branch from the PureIQ guys.
>>>>Any comments before I/Jeff/Dave responds?
>>>>Question: Which OWASP committee/project should be managing this?
>>>>Dinis Cruz
>>>>
>>>>
>>>>---------- Forwarded message ----------
>>>>From: John Murray <john at pureiq.com>
>>>>Date: 22 January 2010 21:36
>>>>Subject: OWASP Certification - PureIQ
>>>>To: dinis.cruz at owasp.org
>>>>Cc: John Murray <john at pureiq.com>, dave.wichers at owasp.org,
>>>>jeff.williams at owasp.org
>>>>
>>>>
>>>>Good afternoon M. Cruz,
>>>>
>>>>
>>>>
>>>>I would like to take this opportunity to introduce myself.  I’m John Murray,
>>>>the VP of Business Development unit at PureIQ.
>>>>
>>>>
>>>>
>>>>I was reading in your message board a comment related to our OWASP
>>>>Certification.
>>>>
>>>>
>>>>
>>>>We are a neutral certification provider and we had developed this
>>>>certification to fill a gap in the industry since there is no OWASP
>>>>certification to evaluate consultant competencies in the area.
>>>>
>>>>
>>>>
>>>>PureIQ will be more than happy to collaborate and work closely with OWASP
>>>>for further development and contributions.  We have everything in place to
>>>>provide top quality testing (platform, software, testing centers, &
>>>>infrastructure) for OWASP.
>>>>
>>>>
>>>>
>>>>Also, one of the suggestions in the board was to evaluate our certification
>>>>in an upcoming OWASP conference at no cost for the experts.
>>>>
>>>>PureIQ is open to this suggestion or any constructive dialog.
>>>>
>>>>
>>>>
>>>>Please let me know your initial thoughts.
>>>>
>>>>
>>>>
>>>>John Murray
>>>>
>>>>Business Development Manager, PureIQ
>>>>
>>>>john at pureiq.com
>>>>
>>>>
>>>>
>>>>Toll free: 1-800-381-0822
>>>>
>>>>Canada/Montreal: 1-450-907-0822
>>>>
>>>>Fax: 1-888-316-9909
>>>>
>>>>
>>>>
>>>>Visit us online at www.pureiq.com
>>>>
>>>>_______________________________________________
>>>>OWASP-Leaders mailing list
>>>>OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>_______________________________________________
>>>>OWASP-Leaders mailing list
>>>>OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders 
>>>>
>>>>      
>>>>        
>>>_______________________________________________
>>>OWASP-Leaders mailing list
>>>OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders 
>>>      
>>_______________________________________________
>>OWASP-Leaders mailing list
>>OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders 
>>  
>>    
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-leaders 


-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100123/73dd02c4/attachment-0001.html

More information about the OWASP-Leaders mailing list