[Global_industry_committee] Fwd: The Microsoft SDL Pro Network

Colin Watson colin.watson at owasp.org
Tue Nov 3 17:48:26 EST 2009


Pravir's initial thoughts below... do we think there are any benefits
to OWASP?  Wider recognition?

Note: Pravir is not on the GIC list, so I'm happy to compose a reply
to him, once we have some more discussion here.


---------- Forwarded message ----------
From: Pravir Chandra <chandra at owasp.org>
Date: 2009/11/3
Subject: Re: [Global_industry_committee] The Microsoft SDL Pro Network
To: Colin Watson <colin.watson at owasp.org>
Cc: Global_industry_committee <Global_industry_committee at lists.owasp.org>

I need to do a little digging since IIRC, the MS SDL Pro network is
purely a marketing program launched by MS to get more business and
credibility for their ACE consulting team that focuses on security
(and on converting customers to full-blown MS shops). This, I'm
clearly against and I think it's not in OWASP's best interest to
The real key here is that being part of the 'network' means you have
to replicate the MS party line and it's not a two-way discussion
oriented working group. For instance, click on any of the "partners"
listed here:
They all reproduce the MS party line identically, and I'm pretty sure
they aren't allowed to deviate. These 'early adopter' companies got
signed up in hopes of getting business from existing MS shops since
they all drink from the same kool-aid jug. We, as OWASP, aren't in the
business of getting business, so that part doesn't exactly make sense
to me, especially since it isn't a "working group" structure at all.
What did you guys see as the benefits of trying to join?
On Mon, Nov 2, 2009 at 4:53 AM, Colin Watson <colin.watson at owasp.org> wrote:
> Hello Pravir
> The question of whether OWASP should/could become a member of the
> Microsoft SDL Pro Network was raised on the GIC mailing list, and I
> have since spoken with the person responsible for promoting the
> network (subsequent briefing email below). As CLASP and Open SAMM
> project leader, we wondered what your views were on this, before we
> seek wider discussion in the OWASP community.
> Regards
> Colin

More information about the Global_industry_committee mailing list