[Global_industry_committee] Fwd: The Microsoft SDL Pro Network

Christian Heinrich christian.heinrich at owasp.org
Sun Nov 8 18:24:21 EST 2009


I assume that Kate (Microsoft) would be willing to consider any
concerns and what influence that OWASP may have i.e. a correlation
between their SDL and CLASP, etc

The downside is that if OWASP does not at least enter into a
discussion now then OWASP would have to accept a loss of its
leadership position to ISC(2), SANS, etc once these other
organizations become more popular to those less familiar with
Application Security.

On Thu, Nov 5, 2009 at 1:18 AM, Pravir Chandra <chandra at owasp.org> wrote:
> I like the goals, but my gut tells me that joining the SDL Pro network isn't
> the right way to get influence with MS. The guys that define the process are
> separate from the SDL Network. In my past experience, even trying to make
> those inroads is tough since MS is really dedicated to figuring out all the
> right answers for their organization by themselves (which makes sense to
> me).
> I think we'd probably be better off referencing the SDL from OWASP docs and
> such, but I doubt they'll return the favor. Has anyone seen MS ever
> reference an OWASP resource? How about MS referencing any external resource?
> I'm actually honestly asking since I've never seen it and it would be cool
> to see how it's been done in the past.
> p.

Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule

More information about the Global_industry_committee mailing list