[Owasp-board] IMPORTANT: Proposed (revised) model for the 'OWASP Commercial Services' pages

Eoin eoin.keary at owasp.org
Wed Jun 2 14:36:30 UTC 2010

I am happy with this as per my last mail (below)

Proposal is attached.
If changes are to be made please change this document and redistribute and
change version so we can track changes.

I would like to amend/add the following:

*"There needs to be minimum number of feedback entries, 3, from three
disparate groups/organisations/individuals before any feedback is posted to
ensure fairness and avoid targeted emotive reviews."*




On 1 June 2010 09:49, Eoin <eoin.keary at owasp.org> wrote:

> Dinis/Board,
> also as discussed in London,
> There needs to be minimum number of feedback entries (3 or so?) before any
> feedback is posted to ensure fairness and avoid targeted emotive reviews.
> Eoin
>   On 31 May 2010 20:17, dinis cruz <dinis.cruz at owasp.org> wrote:
>>  Board
>> After much discussion with a lot of OWASP leaders (both online and
>> personally) and after receiving a lot of direct comments/worries about how
>> it was currently being set-up (and lead), I think we (the OWASP Leaders in
>> London last week) have come up with a model that should work, and is VERY
>> compatible with OWASP values and focus on visibility.
>> Here are the proposed model (read it twice (since the first couple
>> Articles will only really make sense the 2nd time round :)  )
>> ------------------------------
>> Article 1: The OWASP Commercial Services (hosted at
>> http://www.owasp.org/index.php/Commercial_Services) is a service provided
>> by OWASP to its community aimed at:
>>                         a) exposing the OWASP Community to companies
>> providing commercial services (good or bad) around one or more OWASP
>> Projects (Tools or Documents)
>>                         b) reward companies, individuals or OWASP Leaders
>> that provide successful commercial (i.e. paid for) services around OWASP
>> Projects (with the hope that this will create a positive investment cycle
>> that will greatly benefit those OWASP Projects and community)
>> Article 2: The Companies or Individuals providing these commercial
>> services ARE NOT ALLOWED to post on the 'OWASP Commercial Services' area any
>> details about the services they currently provide
>> Article 3: The only 'entities' that ARE ALLOWED to post on the 'OWASP
>> Commercial Services' area are existing OWASP Members who are/were CLIENTS of
>> those services, and who, ON THE RECORD, have to provide a comment (good or
>> bad) about the services they receive.
>> Article 4: The Companies or Individuals providing these commercial
>> services ARE ALLOWED to comment on the comments made about them (i.e. from
>> Article 3.)
>> Article 5: ONLY the OWASP Project/Chapter Leaders ARE ALLOWED, at
>> their discretion, good taste and common sense, to regularly communicate
>> (i.e. advertise) to THEIR PROJECT MAILING LIST the commercial services
>> provided around their project/chapter
>> Article 6: There will be very clear points of contact for the reporting of
>> any abuses on the 'OWASP Commercial Services' model (which optionally can be
>> made anonymously). Any reports will will be investigated by a team made of
>> several OWASP Committee and Board members, with their findings and
>> recommendations acted upon.
>> Article 7: The first phase of the 'OWASP Commercial Services' will be
>> implemented on top of the existing OWASP Website engine (i.e. MediaWiki) and
>> as the transaction volume grows, and if needed, the service will move to a
>> more powerful community/social web solution
>> ------------------------------
>> And that's it :)
>> Here is what I like about this model and the problems it solves/prevents:
>>    - it puts our community at the heard of this service in a way they
>>    they also have a lot to benefit from its existence (in fact, we do this
>>    right and some companies could even join because of this)
>>    - It only allows existing and (hopefully) successful commercial
>>    deliveries of 'OWASP Projects related services' to be listed (i.e. there is
>>    a hard requirement that the listings start with a 'real world' delivery of
>>    one of these services)
>>    - prevents the proactive existence  of 'Marketing Speak', of the
>>    tendency to write a 'Super list of ALL potential OWASP related services
>>    provided by Company XYZ' and (more importantly) the exaggeration of the type
>>    of services provided
>>    - It creates a way for our projects/chapter leaders to advertise to
>>    their communities the services being provided around their project
>>    (including the ones they (the project leader) are providing and delivering)
>>    - The room for abuse is quite limited by the fact that everything is
>>    on the record (although we have to leave an obvious open channel  for direct
>>    reports on such abuses)
>>    - The fact that we put the onus of managing these commercial
>>    communities on the project/chapter leader (or whoever he delegates to),
>>    creates a nice 'self protecting system'. This happens because the
>>    project/chapter leaders are 'by design' pressured to have an independent and
>>    balance opinion/position (since if he/she abuses his/her community he/she
>>    will be killing it)
>>    - finally if we get this right, we should see a huge increase in the
>>    number of OWASP Leaders being directly paid to work on OWASP projects, which
>>    has to be a good thing :)
>> What do you think?
>> Lets see if we can get a consensus from the board on this one, so that we
>> can present this to the owasp-leaders and, vote on it at the OWASP Board
>> meeting next week.
>> (Btw, I just called Mike Boberski to explain him this 'revised' model and
>> he was NOT happy with this model, but that is the topic for another email)
>> Dinis Cruz
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> --
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> http://asg.ie/
> https://twitter.com/EoinKeary

Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100602/41dff9ba/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Commerical Registery.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 12781 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100602/41dff9ba/attachment.docx>

More information about the Owasp-board mailing list