[Owasp-board] Fwd: SI OWASP Membership

dinis cruz dinis.cruz at owasp.org
Wed Dec 22 18:21:21 UTC 2010

FYI, see below Ed rough notes from our conversation yesterday (a good
analogy for the open questions that Ed talked about was how the 'traffic
license content' is also all public)

He took two action items from the call:
1) see if he can release some of it's content (questions & answers) asap so
that we can use it as a base for the conversations
2) become an OWASP corporate member

They already did #2 let's see if the #1 happens :)

Dinis Cruz

Begin forwarded message:

*From:* "Ed Adams" <eadams at securityinnovation.com>
*Date:* 22 December 2010 13:33:40 GMT
*To:* "'dinis cruz'" <dinis.cruz at owasp.org>
*Cc:* "'Sandra Paiva'" <sandra.paiva at owasp.org>, "'Jason Taylor'" <
jtaylor at securityinnovation.com>
*Subject:* *RE: SI OWASP Membership*

Dinis, my unfiltered notes from yesterday’s call  with you are below with
some open questions at the end. Note: many of the notes below relate to your
thoughts vs. the cert program itself (I was writing down info as we chatted
and haven’t edited.)

I’ve also cc’d Jason to the email so we can keep the dialog moving (I am
supposed to be on vacation this week ;-))


Thought on certification in general


-          Should be vendor branded and “supported” by OWASP. Reference the
Veracode “quote” at this URL


-          Convinced that OWASP “white labeled” program doomed to fail…
mostly from internal politics

-          Understands that SI would put substantial skin in the game to get
this built and launched; as a reward, he thinks SI should reap the financial

-          Thinks the cert programs should be promoted at OWASP conferences

-          Loves the concept of the question pool being open and available;
students just won’t know which subset will be on the exam for a given course

-          Doesn’t like how SANS pretends to be open but really isn’t J

-          Is a passionate supporter of the cert concept and wants to help
make it successful

-          Wants to include the cert concept in the larger OWASP “Academies”
initiatives led by Sandra

Summary info for Jan. and Feb. meetings


Jan is the planning session which will be used in Fed meeting focused on the

-          Bring bunch of interested parties together to set the stage for
the Summit in Feb.

-          Location is downtown Lisbon in a hotel near university (whose
resources will be used.) Sandra has details and will fwd to us.

-          Review existing OWASP materials over past 2 years (many
conferences, research, and presentation content for mobile, web, and other
platforms – all re. application security) in context of how to use it for
eLearning and cert programs as well as ILT and university engagement

-          Merge cert programs w/ concept of training days and academies to
get this off the ground … they’ve been trying for 2 years but never had the
catalyst of a vendor willing to provide/build content from OWASP source and
provide infrastructure to make cert a reality.

Ideal if we can extract a sub-section of content (TM and/or TP) and make it
available to OWASP leaders prior to the January meeting. Very important to
include exam questions too. If not, bring samples with us to the meeting in
Jan. (or have them available for demo.)

Feb much larger (150+ people with most OWASP leaders there)

-          This is the summit at which we present formal proposal and
pilot/demo some stuff

-          Official “launch” immediately thereafter, announce at RSA Conf.
(following week)?

Open questions


-          What can SI deliver prior to and at the Jan. session.

-          The Jan. session will very much be a working session, but we’ll
have to lead the conversation and show them: the breadth and depth of
content we can bring to bear; our ability to take source and convert to
compelling eLearning; our ability/experience hosting eLearning/cert programs
(demo of existing portals from PCI, FIT, and others would be good) etc.

-          What courses/exams will be involved in certification?

-          Will there be one certification track or many?

-          What will the re-certification process be?

-          What will we charge for cert and re-cert?

-          How will we manage, administer and report on certifications?

-          How will we make certifications public knowledge so that people
can get professional value from achieving it?

*From:* dinis cruz [mailto:dinis.cruz at owasp.org]
*Sent:* Tuesday, December 21, 2010 8:56 PM
*To:* Ed Adams
*Cc:* Sandra Paiva
*Subject:* Re: SI OWASP Membership

Ed this is great.

Can you share your notes from today's talk?

I want to start moving things at our end

Dinis Cruz

On 21 December 2010 15:41, Ed Adams <eadams at securityinnovation.com> wrote:

Dinis and Sandra – I have processed a $5,000 organizational
membership/donation to OWASP for Security Innovation.  We will work with
Kate re. details for our logo, etc. but I wanted to let you know the
membership has been processed (Confirmation Number: 6MN4SLLEYM6 )

Looking forward to meeting you both in Lisbon in a few weeks.



*Ed Adams, CEO*

Security Innovation

187 Ballardvale St, Suite A195

Wilmington, MA 01887 USA

+1.978.694.1008 x123 (office)

+1.978.694.1666 (fax)

+1.781.354.0342 (mobile)

eadams2330 (Skype)


* *

*Security Innovation* *- **the Application Security Company*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101222/5dae7051/attachment-0002.html>

More information about the Owasp-board mailing list