[Global_industry_committee] The Microsoft SDL Pro Network

Rex Booth, OWASP rex.booth at owasp.org
Thu Oct 29 15:16:25 EDT 2009


Mostly correct, but SANS has approved trainers and curricula.  I think 
what David and I are getting at is that while OWASP may facilitate 
training by providing the space and resources, it does not actually 
provide the training itself.  Just as if you take a course from Security 
Compass at BlackHat.  BlackHat isn't providing the training - you're 
simply attending training while at BlackHat.


Christian Heinrich wrote:
> Rex and David,
>
> My understanding is that if an attendee registers for a course as part
> of their OWASP Conference Registration the attendee has to performs a
> single registration and OWASP then passes this invoice to the
> instructor's respective company which would be similar to SANS, etc.
>
> On Fri, Oct 30, 2009 at 3:20 AM, Rex Booth <rex.booth at owasp.org> wrote:
>   
>> Correct.  Some individuals may provide training on owasp material, but
>> afaik, owasp doesn't officially provide training as an organization.
>>
>> On Oct 29, 2009, at 10:55 AM, David Campbell <dcampbell at owasp.org> wrote:
>>
>>     
>>> OWASP provides training?
>>>
>>> IIRC the trainings are provided by vendors with a relationship with
>>> OWASP, but not by the foundation directly.
>>>
>>> May be  a relevant distinction.
>>>
>>> DC
>>>
>>>
>>> Christian Heinrich wrote:
>>>       
>>>> Colin,
>>>>
>>>> It might be worth highlighting to Kate that OWASP provide training at
>>>> our conferences and at other events.
>>>>
>>>>
>>>> On Thu, Oct 29, 2009 at 5:35 AM, Colin Watson <colin.watson at owasp.org>
>>>> wrote:
>>>>
>>>>         
>>>>> Christian
>>>>>
>>>>> I spoke with Katie on Monday as a result of our approach.
>>>>>
>>>>> The current 'SDL Pro Network' members are all either training or
>>>>> consultancy organisations, and/or were involved in the development of
>>>>> the project.  Katie can see an opportunity for OWASP to become a
>>>>> member, but it would be a different type than these - OWASP's
>>>>> importance, and significant developer audience, mean it is in a good
>>>>> position to encourage the types of practices encouraged in lifecycle
>>>>> security.
>>>>>
>>>>> The question is whether OWASP wants to become a member.  What (costs)
>>>>> might that involve?
>>>>>
>>>>> - referencing the Microsoft SDL / SDL Pro Network from the wiki
>>>>>    - perhaps new pages about lifecycle issues, and referencing CLASP,
>>>>> SAMM
>>>>>      and a new page about SDL Pro (and maybe others BSIMM, Cigital
>>>>> Software
>>>>>      Security Touchpoints???)?
>>>>> - allowing OWASP to be mentioned on the SDL Pro Network page as a
>>>>> member?
>>>>>    - logo?
>>>>>    - link?
>>>>>
>>>>> At the moment there doesn't seem to be any obligation to contribute
>>>>> resources in any way to the SDL effort, but I suspect the Global
>>>>> Industry Committee and others would provide feedback on developer's
>>>>> experiences and future public drafts and the like.  Would it weaken
>>>>> CLASP or SAMM in any way?
>>>>>
>>>>> OWASP would also need to consider whether its impartiality is in any
>>>>> way affected, and also ensure it is not being seen to promote any
>>>>> particular vendor.  OWASP materials already reference some vendor's
>>>>> free and commercial products e.g.
>>>>>
>>>>> Threat Risk Modeling
>>>>> http://www.owasp.org/index.php/Threat_Risk_Modeling
>>>>>
>>>>> Does being a member of SDL Pro Network bring other benefits to OWASP?
>>>>>  Perhaps:
>>>>>
>>>>> - greater awareness?
>>>>> - greater acceptance by commercial software development companies?
>>>>>
>>>>> So we (OWASP) need to have a discussion.  Pravir and Andrew van der
>>>>> Stock (Development Guide) would seem to be crucial to this. What are
>>>>> people's views here, and how do you think we should proceed?
>>>>>
>>>>> Regards
>>>>>
>>>>> Colin Watson
>>>>> Global Industry Committee
>>>>> http://www.owasp.org/index.php/Global_Industry_Committee
>>>>>
>>>>>           
>>>>
>>>>         
>>> _______________________________________________
>>> Global_industry_committee mailing list
>>> Global_industry_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>>>       
>
>   


More information about the Global_industry_committee mailing list