[Owasp-board] [Committees-chairs] SANS

Martin Knobloch martin.knobloch at owasp.org
Tue May 1 15:11:05 UTC 2012

This has been proposed and discussed during the 'smaller Summit' during the
OWASP AppSec DC conference 2009.
The outcome was clear (as it was during the working sessions at the
Summit's 2008 and 2011), that the OWASP community was clearly agains it.

As stated in the Red book of the OWASP code of conduct, "OWASP does not
endorse any certification".
This, first of all, would be harmed when supporting the SANS initiative.
Back in 2009, there as agreed to SANS, each OWASP member can be involved
and helping SANS in this effort, as long this is done in his or hers own
name and title!
As chair of the Global Education Committee, the representative of SANS and
I agreed to continue this as a call to the OWASP community for members who
are willing to be involved in the SANS certification. Unfortunately, there
never came any reply back from her.

Not to forget, if SANS is planing an certification based on OWASP material,
that is what it is:
*As Certifications based on OWASP material, there cannot be an OWASP
Certification by SANS!

On Tue, May 1, 2012 at 3:28 PM, Helen Gao <helen.gao at owasp.org> wrote:

> Helen's 2 cents: The subject of certification is very interesting indeed
> and long debated within OWASP. SANS is well established and has a large
> network. Their conferences are of quality but at a price. From the
> Membership Committee's prospective, networking, free conference will
> certainly add value to OWASP.  Is this the 1st time SANS approached
> OWASP?  OWASP and SANS overlap, or compete, in a way. It make sense for the
> two to corporate. As Eoin pointed out, the openness of the content is
> probably the key issue.
>  On Tue, May 1, 2012 at 5:12 AM, Eoin <eoin.keary at owasp.org> wrote:
>>  Jim,
>> Sounds interesting.
>> Questions initially I have are:
>> Who controls the content?
>> Shall the content/examination be open source?
>> We did say that organisations can build a certification "based on OWASP"
>> but OWASP would not have an "OWASP certification".
>> Aloha :)
>> -ek
>>  On 1 May 2012 09:44, Jim Manico <jim.manico at owasp.org> wrote:
>>>  SANS has offered to build an OWASP certification and give a percentage
>>> of the proceeds to OWASP. They already have a GWEB certification that
>>> could serve as a base for the program.
>>> SANS has also offered to allow OWASP chapters to meet at it's
>>> conferences around the world, lets folks attend OWASP meetings for free
>>> (of course), serve drinks, and otherwise back off no-strings-attached.
>>> SANS is of course a for-profit commercial enterprise.
>>> Frank Kim, Denis Kirby and Jason Lam are the folks who run the SANS
>>> AppSec program and made this offer to OWASP. They feel it's of value to
>>> SANS just to have OWASP folks be aware that SANS exists, and they can
>>> help the community at the same time.
>>> I've known Frank and Jason for some thing and think they are good eggs.
>>> Worth discussing...
>>> --
>>> Jim Manico
>>> Connections Committee Chair
>>> Cheatsheet Series Product Manager
>>> OWASP Podcast Producer/Host
>>> jim at owasp.org
>>> www.owasp.org
>>> _______________________________________________
>>> Committees-chairs mailing list
>>> Committees-chairs at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>> --
>> Eoin Keary
>> OWASP Global Board Member (Vice Chair)
>> https://twitter.com/EoinKeary
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120501/37eada01/attachment.html>

More information about the Owasp-board mailing list