[Owasp-board] About OWASP certification

dinis cruz dinis.cruz at owasp.org
Wed Jul 7 01:44:23 UTC 2010

Actually the key problem is the item "*3) free and open in the sense that
anyone can access all the materials",* because we cannot have any closed
'Certification' questions.

This is why any kind of official 'OWASP Certification" would only make
sense in a model where 1000+ high quality questions + answers are publicly
published in our Wiki

And even then, I don't think that OWASP is not really set-up to run this
type of exams, and I'm really not sure that OWASP (the mothership) should be
doing it (even if was financially viable)

I much prefer the idea that a number of 3rd party
companies/organizations provide these Exams (where all questions are created
around materials published by OWASP).

And just to be clear, I really think that it would be very beneficial for
OWASP and the WebAppSec community if there was a number of high quality
"OWASP focused certifications". The market clearly wants it, the question is
(as Jeff also mentioned) to do it in a way that is *"4) consistent with
other OWASP ethics and principles"*

Does this make sense?

So, if you are happy with the model described above, then
please accelerate and go down the certification path :)

You probably are going to need some funds. Does your chapter already have
some money allocated for it? (i.e. have you had any local company joining in
as an OWASP corporate member and having 40% of the membership fee allocated
to your chapter?)

Let us know how we an help


On 6 July 2010 20:39, Jeff Williams <jeff.williams at owasp.org> wrote:

> Hi Rip,
> OWASP has chosen not to pursue a certification program because we haven't
> been able to figure out a way to do it that is:
> 1) meaningful and high-quality (not a pay-for-cert program)
> 2) financially viable (that we can create with the funds available to
> 3) free and open in the sense that anyone can access all the materials
> 4) consistent with other OWASP ethics and principles
> We're still open to the idea, and hopefuly that someone can solve this
> problem with a model that successfully meets all of these pre-requisites.
> Unfortunately, it just doesn't seem possible to get a high-quality bank of
> questions (1000?) developed without funding.
> --Jeff
> Jeff Williams, Chair
> The OWASP Foundation
> -----Original Message-----
> From: Rip Torn [mailto:rip at owasp.org]
> Sent: Sunday, July 04, 2010 11:37 PM
> To: jeff.williams at owasp.org
> Cc: Helen Gao; Weilin Zhong
> Subject: About OWASP certification
> Dear Jeff,
> I know that OWASP certification has been stopped for a long time.
> However, I got a good chance here in China to promote OWASP
> Certification program by cooperating with the Internet Society of
> China(ISC) which is an open internet society in China. I wonder to
> know whether can we try to take over the discontinued OWASP
> certification program in China?
> Thanks for your supporting to the development of OWASP China
> Rip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100707/589eb2de/attachment-0002.html>

More information about the Owasp-board mailing list