[Owasp-board] OWASP Pledges?

Jeff Williams jeff.williams at owasp.org
Tue Dec 12 18:26:47 UTC 2006

Okay by me - Andrew?






From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Tuesday, December 12, 2006 12:45 PM
To: owasp-board at lists.owasp.org
Subject: Re: [Owasp-board] OWASP Pledges?


On the contrary this is great stuff

My only worry is how do we prevent abuse and somehow ensure that
people/companies do what they claim they do.

If we take the approach that we will not (for now) verify all or most claims
made, then we should: 

*	Make the fact that the claims are not verified very clear (or at
least that we don't check it unless there is an complain)
*	Create a workflow to allow for 'non compliance' claims to be
verified (i.e . somebody claims to be compliant when it is not)
*	Make it as comprehensive as possible (and try to integrate as many
OWASP projects in there as possible (for example the developers have to go
through Web Goat and Site Generator)) 

Otherwise it is a great idea, i really like to potential of this, and the
opportunity to reward the companies that have those 5 items.

Actually we should add public verifiable items for each one (for example if
they they security team contact must be public and it must work :) ) 

Let's open the discussion to the owasp-leaders list


On 12/8/06, Jeff Williams < <mailto:jeff.williams at owasp.org>
jeff.williams at owasp.org> wrote:

Is this a dumb idea (of mine)?









Owasp-board mailing list
Owasp-board at lists.owasp.org 

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org  <http://www.owasp.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061212/9691ff90/attachment-0002.html>

More information about the Owasp-board mailing list