[Global_industry_committee] Fwd: The Microsoft SDL Pro Network

Eoin eoin.keary at owasp.org
Wed Nov 4 06:17:12 EST 2009

We may be able to achieve an influence role within the group?
Also demonstrate that SDL does not revolve around Msft, there are other
groups promoting this.
OWASP has been promoting Secure SDLC for 6 years now since the dev and code
review guides were born.
At the end of the day the SDL group is for promoting Msft SDL and developing
an industry surrounding it.

2009/11/3 Colin Watson <colin.watson at owasp.org>

> Christian
> Pravir's initial thoughts below... do we think there are any benefits
> to OWASP?  Wider recognition?
> Note: Pravir is not on the GIC list, so I'm happy to compose a reply
> to him, once we have some more discussion here.
> Colin
> ---------- Forwarded message ----------
> From: Pravir Chandra <chandra at owasp.org>
> Date: 2009/11/3
> Subject: Re: [Global_industry_committee] The Microsoft SDL Pro Network
> To: Colin Watson <colin.watson at owasp.org>
> Cc: Global_industry_committee <Global_industry_committee at lists.owasp.org>
> I need to do a little digging since IIRC, the MS SDL Pro network is
> purely a marketing program launched by MS to get more business and
> credibility for their ACE consulting team that focuses on security
> (and on converting customers to full-blown MS shops). This, I'm
> clearly against and I think it's not in OWASP's best interest to
> participate.
> The real key here is that being part of the 'network' means you have
> to replicate the MS party line and it's not a two-way discussion
> oriented working group. For instance, click on any of the "partners"
> listed here:
> http://msdn.microsoft.com/en-us/security/dd219581.aspx
> They all reproduce the MS party line identically, and I'm pretty sure
> they aren't allowed to deviate. These 'early adopter' companies got
> signed up in hopes of getting business from existing MS shops since
> they all drink from the same kool-aid jug. We, as OWASP, aren't in the
> business of getting business, so that part doesn't exactly make sense
> to me, especially since it isn't a "working group" structure at all.
> What did you guys see as the benefits of trying to join?
> p.
> On Mon, Nov 2, 2009 at 4:53 AM, Colin Watson <colin.watson at owasp.org>
> wrote:
> >
> > Hello Pravir
> >
> > The question of whether OWASP should/could become a member of the
> > Microsoft SDL Pro Network was raised on the GIC mailing list, and I
> > have since spoken with the person responsible for promoting the
> > network (subsequent briefing email below). As CLASP and Open SAMM
> > project leader, we wondered what your views were on this, before we
> > seek wider discussion in the OWASP community.
> >
> > Regards
> >
> > Colin
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee

Eoin Keary

OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20091104/290b1811/attachment.html 

More information about the Global_industry_committee mailing list