[Owasp-board] [Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Eoin eoin.keary at owasp.org
Mon Apr 26 10:59:43 UTC 2010


Mike nice template, great work as usual,
Opening the conversation;


Question:
is this simply
(1) a bulletin board where owasp do not assess the individual listed
organisations, if so this will take significant effort to police.
(2) a list of recognised/proven orgs who actually provide OWASP related
services


If (2); an approval criterion needs to be established, there are a number of
reasons for this; one being governance and openness but also to
prevent misuse of this opportunity by organisations.

if (2) i believe we need to establish an approval board, committee to assess
orgs who wish to add themselves to the registry. I dont believe one
individual can make this decision?

if (1) we need a strong disclaimer on the pages but either option will need
control to prevent spam etc.
 Question:
Once organisations get onto the registry how long can they stay on it, ad
infinitum?


Eoin








On 24 April 2010 16:46, Boberski, Michael [USA] <boberski_michael at bah.com>wrote:

>  More precisely: a request for your help to get an OWASP Commercial
> Services Registry right.
>
>
>
> On April 6, the OWASP Board voted on a proposal that I submitted to create
> an OWASP Commercial Services Registry, approving the concept of vendor
> registries. Registries designed to encourage the formation of commercial
> services that are based on OWASP open standards, best practices and design
> patterns. An OWASP Commercial Services Registry project was created, and the
> project is now looking for feedback from the community, to help get it
> right. An OWASP Commercial Services Registry straw man can be found here:
> http://www.owasp.org/index.php/Commercial_Services.
>
>
>
> OWASP's mission is to make application security "visible," so that people
> and organizations can make informed decisions about application security
> risks, and as a value-add towards this end the OWASP Commercial Services
> Registry Project will attempt to centralize OWASP project deliverable-based
> services in a single place. OWASP is not affiliated with any technology
> company, and OWASP does not endorse commercial products or services,
> although OWASP supports the informed use of commercial security technology,
> and that is the ultimate goal of this registry.
>
>
>
> Encouraging the formation of commercial services (verification,
> implementation services, process improvement, and training) benefits both
> industry and OWASP by promoting the development and consumption by industry
> and government of tools and techniques that are based on OWASP open
> standards, best practices and design patterns. Similar to many open-source
> software projects, OWASP produces many types of materials in a
> collaborative, open way. The OWASP Foundation is a not-for-profit entity
> that ensures the project’s long-term success, providing sound foundations to
> build commercial services upon.
>
>
>
> Firms listed in the OWASP Commercial Services Registry will follow strict
> rules to ensure the preservation of OWASP’s non-commercial nature. Firms
> listed in this registry will share our belief that application security
> needs to be approached as a people, process, and technology problem, because
> the most effective approaches to application security include improvements
> in all of these areas.
>
>
>
> Please let me know your thoughts and suggestions for improvement. I look
> forward to exploring them with you.
>
>
>
> Best,
>
>
>
> Mike B.
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100426/44d69819/attachment-0002.html>


More information about the Owasp-board mailing list