[Global_industry_committee] The Microsoft SDL Pro Network

Christian Heinrich christian.heinrich at owasp.org
Thu Oct 29 14:59:32 EDT 2009

Rex and David,

My understanding is that if an attendee registers for a course as part
of their OWASP Conference Registration the attendee has to performs a
single registration and OWASP then passes this invoice to the
instructor's respective company which would be similar to SANS, etc.

On Fri, Oct 30, 2009 at 3:20 AM, Rex Booth <rex.booth at owasp.org> wrote:
> Correct.  Some individuals may provide training on owasp material, but
> afaik, owasp doesn't officially provide training as an organization.
> On Oct 29, 2009, at 10:55 AM, David Campbell <dcampbell at owasp.org> wrote:
>> OWASP provides training?
>> IIRC the trainings are provided by vendors with a relationship with
>> OWASP, but not by the foundation directly.
>> May be  a relevant distinction.
>> DC
>> Christian Heinrich wrote:
>>> Colin,
>>> It might be worth highlighting to Kate that OWASP provide training at
>>> our conferences and at other events.
>>> On Thu, Oct 29, 2009 at 5:35 AM, Colin Watson <colin.watson at owasp.org>
>>> wrote:
>>>> Christian
>>>> I spoke with Katie on Monday as a result of our approach.
>>>> The current 'SDL Pro Network' members are all either training or
>>>> consultancy organisations, and/or were involved in the development of
>>>> the project.  Katie can see an opportunity for OWASP to become a
>>>> member, but it would be a different type than these - OWASP's
>>>> importance, and significant developer audience, mean it is in a good
>>>> position to encourage the types of practices encouraged in lifecycle
>>>> security.
>>>> The question is whether OWASP wants to become a member.  What (costs)
>>>> might that involve?
>>>> - referencing the Microsoft SDL / SDL Pro Network from the wiki
>>>>    - perhaps new pages about lifecycle issues, and referencing CLASP,
>>>> SAMM
>>>>      and a new page about SDL Pro (and maybe others BSIMM, Cigital
>>>> Software
>>>>      Security Touchpoints???)?
>>>> - allowing OWASP to be mentioned on the SDL Pro Network page as a
>>>> member?
>>>>    - logo?
>>>>    - link?
>>>> At the moment there doesn't seem to be any obligation to contribute
>>>> resources in any way to the SDL effort, but I suspect the Global
>>>> Industry Committee and others would provide feedback on developer's
>>>> experiences and future public drafts and the like.  Would it weaken
>>>> CLASP or SAMM in any way?
>>>> OWASP would also need to consider whether its impartiality is in any
>>>> way affected, and also ensure it is not being seen to promote any
>>>> particular vendor.  OWASP materials already reference some vendor's
>>>> free and commercial products e.g.
>>>> Threat Risk Modeling
>>>> http://www.owasp.org/index.php/Threat_Risk_Modeling
>>>> Does being a member of SDL Pro Network bring other benefits to OWASP?
>>>>  Perhaps:
>>>> - greater awareness?
>>>> - greater acceptance by commercial software development companies?
>>>> So we (OWASP) need to have a discussion.  Pravir and Andrew van der
>>>> Stock (Development Guide) would seem to be crucial to this. What are
>>>> people's views here, and how do you think we should proceed?
>>>> Regards
>>>> Colin Watson
>>>> Global Industry Committee
>>>> http://www.owasp.org/index.php/Global_Industry_Committee
>> _______________________________________________
>> Global_industry_committee mailing list
>> Global_industry_committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global_industry_committee

Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule

More information about the Global_industry_committee mailing list