[Owasp-board] [Committees-chairs] SANS

Jim Manico jim.manico at owasp.org
Tue May 1 21:23:32 UTC 2012


Because this is a *certification* the questions and answers would need
to be private, otherwise anyone can just read the questions and game the
exam.

Like everyone else who does commercial training, I think the content
will be owned by SANS for their classes, but anyone can build a "SANS
OWASP certification course".

The questions will probably also be owned by GIAC. Perhaps we could do 2
sets of questions. One set for the actual exam (closed) and another set
for the community for use in organizations and prepping for the exam (open).

Keep in mind, I'm more interested in partnering with GIAC
http://www.giac.org/ to do a OWASP certification (owned by SANS, but a
different company). SANS the training company would be just one provider
of "OWASP Training" just like many of us in the community do already.

I think anyone can do a cert */based on OWASP/*, and GIAC can go off and
do that on their own already.

I think GIAC want's to deliver a more specific "OWASP Certification" so
that the questions for the exam are reviewed and approved of by OWASP
community members, and SANS will pay for those services.

So think of it this way:

1) The GIAC Organization will run and maintain the OWASP certificate.
They have the infrastructure and experience to do this and are ANSI
certified (no small effort).
2) OWASP and other members of the web security community would create
and quality-control questions (and get paid to do so)
2a) OWASP and other members of the web security community would also
create an "open" set of questions for other purposes
3) Anyone can build a course around the OWASP certification program
4) GIAC would give OWASP a % of $ received for anyone who tries to take
the exam

I think there is potential here.

- Jim

> Jim,
> Sounds interesting.
>
> Questions initially I have are:
>
> Who controls the content?
>
> Shall the content/examination be open source?
>
> We did say that organisations can build a certification "based on OWASP"
> but OWASP would not have an "OWASP certification".
>
>
> Aloha :)
>
> -ek
>
>
>
> On 1 May 2012 09:44, Jim Manico <jim.manico at owasp.org> wrote:
>
>> SANS has offered to build an OWASP certification and give a percentage
>> of the proceeds to OWASP. They already have a GWEB certification that
>> could serve as a base for the program.
>>
>> SANS has also offered to allow OWASP chapters to meet at it's
>> conferences around the world, lets folks attend OWASP meetings for free
>> (of course), serve drinks, and otherwise back off no-strings-attached.
>>
>> SANS is of course a for-profit commercial enterprise.
>>
>> Frank Kim, Denis Kirby and Jason Lam are the folks who run the SANS
>> AppSec program and made this offer to OWASP. They feel it's of value to
>> SANS just to have OWASP folks be aware that SANS exists, and they can
>> help the community at the same time.
>>
>> I've known Frank and Jason for some thing and think they are good eggs.
>> Worth discussing...
>>
>> --
>> Jim Manico
>>
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>>
>> jim at owasp.org
>> www.owasp.org
>> _______________________________________________
>> Committees-chairs mailing list
>> Committees-chairs at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>>
>
>


-- 
Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org
www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120501/47c8fb9a/attachment-0001.html>


More information about the Owasp-board mailing list