[Owasp-board] Two items that require Approval

Matt Tesauro matt.tesauro at owasp.org
Wed Aug 24 01:28:44 UTC 2011


The Hacking Lab is a hand-on lab environment which includes VPN access to a
real lab environment to conduct security training, tutorials,
demonstrations, etc.  It is very slick.  Consider it a service like we use
Google for our email, SalesForce for CRM, SimpleVoting for elections, ...
 This is another service being offered to OWASP for zero cost.

About the NDA:  There are multiple role levels in this service.  As an
instructor, you can see not only the content related to your event but all
content is placed in a "knowledge base".  For example, there are
step-by-step instructions, screen captures and videos explaining various
labs - e.g. a video demonstrating using Wireshark to pull files out of a FTP
stream.  Ivan's one concern is that these instructors will have access to
all of this content - content he's created with his own time/money.  An
unscrupulous person could basically copy the knowledge base and rather
quickly setup shop as an online training company.  To hedge against this, he
wanted the two instructors to basically promise (via the NDA) not to steal
the existing content in the knowledge base.

On the whole, I think we have a great deal to gain - a ready build online
training environment for free, and not very much to loose - two OWASPers
under an NDA + Hacking Lab gains some OWASP material added to their
knowledge base - which, frankly, he could do right now without us
considering the licensing of OWASP materials.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Tue, Aug 23, 2011 at 4:42 PM, Dave Wichers <dave.wichers at owasp.org>wrote:

> I vote to approve the ISSA agreement.****
>
> ** **
>
> ** **
>
> The LOI from Hacking-Lab is a hard for me to understand. What does their
> service provide exactly? If OWASP produces a training event using this
> service/product, are the results free for use at live training sessions only
> or can it be made free for use online to the OWASP community?****
>
> ** **
>
> ** **
>
> I’m also concerned about: OWASP responsibility****
>
> ** **
>
> - OWASP will identify at least 2 members to become a Hacking-Lab teacher.
> These teachers****
>
> will have access to the solution management application, including
> step-by-step and video ****
>
> resources. *These teachers need to sign a non disclosure agreement with
> Hacking-Lab*.****
>
> ** **
>
> Why do they have to sign an NDA?****
>
> ** **
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Martin Knobloch
> *Sent:* Tuesday, August 23, 2011 5:10 PM
> *To:* Kate Hartmann
> *Cc:* OWASP Foundation Board List
> *Subject:* Re: [Owasp-board] Two items that require Approval****
>
> ** **
>
> #1 yea (has been voted in favor by the GEC by 4 yea and 1 nea)****
>
> #2 yea****
>
> ** **
>
> -Martin****
>
> On Tue, Aug 23, 2011 at 8:45 PM, Kate Hartmann <kate.hartmann at owasp.org>
> wrote:****
>
> There are two documents on the Board Vote page that require approval:
> https://www.owasp.org/index.php/OWASP_Board_Votes****
>
>  ****
>
> #1.  the LOI from Hacking-Lab ****
>
> #2  is the Blanket agreement document from the GConfC.****
>
>  ****
>
> Please reply to this email with your yea or nea for each item.****
>
>  ****
>
> Thank you.****
>
>  ****
>
> Kate Hartmann****
>
> Operations Director****
>
> 301-275-9403****
>
> www.owasp.org ****
>
> Skype:  Kate.hartmann1****
>
>  ****
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board****
>
> ** **
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110823/7daca709/attachment-0002.html>


More information about the Owasp-board mailing list