[Global_industry_committee] Fwd: The Microsoft SDL Pro Network

Pravir Chandra chandra at owasp.org
Wed Nov 4 09:18:02 EST 2009


I like the goals, but my gut tells me that joining the SDL Pro network isn't
the right way to get influence with MS. The guys that define the process are
separate from the SDL Network. In my past experience, even trying to make
those inroads is tough since MS is really dedicated to figuring out all the
right answers for their organization by themselves (which makes sense to
me).

I think we'd probably be better off referencing the SDL from OWASP docs and
such, but I doubt they'll return the favor. Has anyone seen MS ever
reference an OWASP resource? How about MS referencing any external resource?
I'm actually honestly asking since I've never seen it and it would be cool
to see how it's been done in the past.

p.

On Wed, Nov 4, 2009 at 3:17 AM, Eoin <eoin.keary at owasp.org> wrote:

> We may be able to achieve an influence role within the group?
> Also demonstrate that SDL does not revolve around Msft, there are other
> groups promoting this.
> OWASP has been promoting Secure SDLC for 6 years now since the dev and code
> review guides were born.
> At the end of the day the SDL group is for promoting Msft SDL and
> developing an industry surrounding it.
> Eoin
>
>
>
>
> 2009/11/3 Colin Watson <colin.watson at owasp.org>
>
> Christian
>>
>> Pravir's initial thoughts below... do we think there are any benefits
>> to OWASP?  Wider recognition?
>>
>> Note: Pravir is not on the GIC list, so I'm happy to compose a reply
>> to him, once we have some more discussion here.
>>
>> Colin
>>
>>
>> ---------- Forwarded message ----------
>> From: Pravir Chandra <chandra at owasp.org>
>> Date: 2009/11/3
>> Subject: Re: [Global_industry_committee] The Microsoft SDL Pro Network
>> To: Colin Watson <colin.watson at owasp.org>
>> Cc: Global_industry_committee <Global_industry_committee at lists.owasp.org>
>>
>>
>> I need to do a little digging since IIRC, the MS SDL Pro network is
>> purely a marketing program launched by MS to get more business and
>> credibility for their ACE consulting team that focuses on security
>> (and on converting customers to full-blown MS shops). This, I'm
>> clearly against and I think it's not in OWASP's best interest to
>> participate.
>> The real key here is that being part of the 'network' means you have
>> to replicate the MS party line and it's not a two-way discussion
>> oriented working group. For instance, click on any of the "partners"
>> listed here:
>> http://msdn.microsoft.com/en-us/security/dd219581.aspx
>> They all reproduce the MS party line identically, and I'm pretty sure
>> they aren't allowed to deviate. These 'early adopter' companies got
>> signed up in hopes of getting business from existing MS shops since
>> they all drink from the same kool-aid jug. We, as OWASP, aren't in the
>> business of getting business, so that part doesn't exactly make sense
>> to me, especially since it isn't a "working group" structure at all.
>> What did you guys see as the benefits of trying to join?
>> p.
>> On Mon, Nov 2, 2009 at 4:53 AM, Colin Watson <colin.watson at owasp.org>
>> wrote:
>> >
>> > Hello Pravir
>> >
>> > The question of whether OWASP should/could become a member of the
>> > Microsoft SDL Pro Network was raised on the GIC mailing list, and I
>> > have since spoken with the person responsible for promoting the
>> > network (subsequent briefing email below). As CLASP and Open SAMM
>> > project leader, we wondered what your views were on this, before we
>> > seek wider discussion in the OWASP community.
>> >
>> > Regards
>> >
>> > Colin
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>
>
>
>
> --
> Eoin Keary
>
> OWASP Code Review Guide Lead Author
> OWASP Ireland Chapter Lead
> OWASP Global Committee Member (Industry)
>
> http://asg.ie/
> https://twitter.com/EoinKeary
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20091104/bfd17d31/attachment-0001.html 


More information about the Global_industry_committee mailing list