[Global_industry_committee] The Microsoft SDL Pro Network

Rex Booth rex.booth at owasp.org
Thu Oct 29 12:20:23 EDT 2009

Correct.  Some individuals may provide training on owasp material, but  
afaik, owasp doesn't officially provide training as an organization.

On Oct 29, 2009, at 10:55 AM, David Campbell <dcampbell at owasp.org>  

> OWASP provides training?
> IIRC the trainings are provided by vendors with a relationship with
> OWASP, but not by the foundation directly.
> May be  a relevant distinction.
> DC
> Christian Heinrich wrote:
>> Colin,
>> It might be worth highlighting to Kate that OWASP provide training at
>> our conferences and at other events.
>> On Thu, Oct 29, 2009 at 5:35 AM, Colin Watson  
>> <colin.watson at owasp.org> wrote:
>>> Christian
>>> I spoke with Katie on Monday as a result of our approach.
>>> The current 'SDL Pro Network' members are all either training or
>>> consultancy organisations, and/or were involved in the development  
>>> of
>>> the project.  Katie can see an opportunity for OWASP to become a
>>> member, but it would be a different type than these - OWASP's
>>> importance, and significant developer audience, mean it is in a good
>>> position to encourage the types of practices encouraged in lifecycle
>>> security.
>>> The question is whether OWASP wants to become a member.  What  
>>> (costs)
>>> might that involve?
>>> - referencing the Microsoft SDL / SDL Pro Network from the wiki
>>>     - perhaps new pages about lifecycle issues, and referencing  
>>>       and a new page about SDL Pro (and maybe others BSIMM,  
>>> Cigital Software
>>>       Security Touchpoints???)?
>>> - allowing OWASP to be mentioned on the SDL Pro Network page as a  
>>> member?
>>>     - logo?
>>>     - link?
>>> At the moment there doesn't seem to be any obligation to contribute
>>> resources in any way to the SDL effort, but I suspect the Global
>>> Industry Committee and others would provide feedback on developer's
>>> experiences and future public drafts and the like.  Would it weaken
>>> CLASP or SAMM in any way?
>>> OWASP would also need to consider whether its impartiality is in any
>>> way affected, and also ensure it is not being seen to promote any
>>> particular vendor.  OWASP materials already reference some vendor's
>>> free and commercial products e.g.
>>> Threat Risk Modeling
>>> http://www.owasp.org/index.php/Threat_Risk_Modeling
>>> Does being a member of SDL Pro Network bring other benefits to  
>>> OWASP?  Perhaps:
>>> - greater awareness?
>>> - greater acceptance by commercial software development companies?
>>> So we (OWASP) need to have a discussion.  Pravir and Andrew van der
>>> Stock (Development Guide) would seem to be crucial to this. What are
>>> people's views here, and how do you think we should proceed?
>>> Regards
>>> Colin Watson
>>> Global Industry Committee
>>> http://www.owasp.org/index.php/Global_Industry_Committee
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee

More information about the Global_industry_committee mailing list