[Global_industry_committee] The Microsoft SDL Pro Network

David Campbell dcampbell at owasp.org
Thu Oct 29 10:55:18 EDT 2009


OWASP provides training?

IIRC the trainings are provided by vendors with a relationship with
OWASP, but not by the foundation directly.

May be  a relevant distinction.

DC


Christian Heinrich wrote:
> Colin,
>
> It might be worth highlighting to Kate that OWASP provide training at
> our conferences and at other events.
>
>
> On Thu, Oct 29, 2009 at 5:35 AM, Colin Watson <colin.watson at owasp.org> wrote:
>   
>> Christian
>>
>> I spoke with Katie on Monday as a result of our approach.
>>
>> The current 'SDL Pro Network' members are all either training or
>> consultancy organisations, and/or were involved in the development of
>> the project.  Katie can see an opportunity for OWASP to become a
>> member, but it would be a different type than these - OWASP's
>> importance, and significant developer audience, mean it is in a good
>> position to encourage the types of practices encouraged in lifecycle
>> security.
>>
>> The question is whether OWASP wants to become a member.  What (costs)
>> might that involve?
>>
>> - referencing the Microsoft SDL / SDL Pro Network from the wiki
>>      - perhaps new pages about lifecycle issues, and referencing CLASP, SAMM
>>        and a new page about SDL Pro (and maybe others BSIMM, Cigital Software
>>        Security Touchpoints???)?
>> - allowing OWASP to be mentioned on the SDL Pro Network page as a member?
>>      - logo?
>>      - link?
>>
>> At the moment there doesn't seem to be any obligation to contribute
>> resources in any way to the SDL effort, but I suspect the Global
>> Industry Committee and others would provide feedback on developer's
>> experiences and future public drafts and the like.  Would it weaken
>> CLASP or SAMM in any way?
>>
>> OWASP would also need to consider whether its impartiality is in any
>> way affected, and also ensure it is not being seen to promote any
>> particular vendor.  OWASP materials already reference some vendor's
>> free and commercial products e.g.
>>
>> Threat Risk Modeling
>> http://www.owasp.org/index.php/Threat_Risk_Modeling
>>
>> Does being a member of SDL Pro Network bring other benefits to OWASP?  Perhaps:
>>
>> - greater awareness?
>> - greater acceptance by commercial software development companies?
>>
>> So we (OWASP) need to have a discussion.  Pravir and Andrew van der
>> Stock (Development Guide) would seem to be crucial to this. What are
>> people's views here, and how do you think we should proceed?
>>
>> Regards
>>
>> Colin Watson
>> Global Industry Committee
>> http://www.owasp.org/index.php/Global_Industry_Committee
>>     
>
>
>   


More information about the Global_industry_committee mailing list