[Owasp-board] position on OWASP certification

Seba seba at owasp.org
Mon Nov 30 13:42:17 UTC 2009


It was suggested during the summit for the board to make a clearly
motivated statement on OWASP certifications.

Hereby a first draft:

For Board Vote: position on OWASP Certification
Numerous times the question on certification comes up at summits and
on the leaders list.
Each time we have a big debate if it makes sense for OWASP to start
certification of e.g. developers, testers, applications, etc...
This position vote is a clear statement from the OWASP Board on OWASP
It also represents the opinion of the majority of the people present
on the OWASP Summit in Portugal (2008) and the Summit in DC (2009).

OWASP should focus its efforts on becoming and staying THE body of
knowledge covering web application security. OWASP will however not
start its own certifications or promote other certifications.
If other organisations wish to start certifications based on OWASP
material, we welcome this: as long as this honours the current open
license model of OWASP and does not abuse the OWASP brand for
commercial reasons.

Other stuff/clarifications I should add?



More information about the Owasp-board mailing list