[Owasp-board] [Committees-chairs] SANS

Jim Manico jim.manico at owasp.org
Tue May 1 21:42:12 UTC 2012


Martin,

Perfection is a dynamic and moving target. I think it's prudent to
re-start this conversation, I state with respect.

The industry really needs a solid web security professional
certification. I feel it serves the mission well.

Aloha Martin!
- Jim

> This has been proposed and discussed during the 'smaller Summit' during the
> OWASP AppSec DC conference 2009.
> The outcome was clear (as it was during the working sessions at the
> Summit's 2008 and 2011), that the OWASP community was clearly agains it.
>
> As stated in the Red book of the OWASP code of conduct, "OWASP does not
> endorse any certification".
> This, first of all, would be harmed when supporting the SANS initiative.
> Back in 2009, there as agreed to SANS, each OWASP member can be involved
> and helping SANS in this effort, as long this is done in his or hers own
> name and title!
> As chair of the Global Education Committee, the representative of SANS and
> I agreed to continue this as a call to the OWASP community for members who
> are willing to be involved in the SANS certification. Unfortunately, there
> never came any reply back from her.
>
> Not to forget, if SANS is planing an certification based on OWASP material,
> that is what it is:
> *As Certifications based on OWASP material, there cannot be an OWASP
> Certification by SANS!
> *
> Cheers,
> -martin
>
>
> On Tue, May 1, 2012 at 3:28 PM, Helen Gao <helen.gao at owasp.org> wrote:
>
>> Helen's 2 cents: The subject of certification is very interesting indeed
>> and long debated within OWASP. SANS is well established and has a large
>> network. Their conferences are of quality but at a price. From the
>> Membership Committee's prospective, networking, free conference will
>> certainly add value to OWASP.  Is this the 1st time SANS approached
>> OWASP?  OWASP and SANS overlap, or compete, in a way. It make sense for the
>> two to corporate. As Eoin pointed out, the openness of the content is
>> probably the key issue.
>>
>>  On Tue, May 1, 2012 at 5:12 AM, Eoin <eoin.keary at owasp.org> wrote:
>>
>>>  Jim,
>>> Sounds interesting.
>>>
>>> Questions initially I have are:
>>>
>>> Who controls the content?
>>>
>>> Shall the content/examination be open source?
>>>
>>> We did say that organisations can build a certification "based on OWASP"
>>> but OWASP would not have an "OWASP certification".
>>>
>>>
>>> Aloha :)
>>>
>>> -ek
>>>
>>>
>>>
>>>  On 1 May 2012 09:44, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>>  SANS has offered to build an OWASP certification and give a percentage
>>>> of the proceeds to OWASP. They already have a GWEB certification that
>>>> could serve as a base for the program.
>>>>
>>>> SANS has also offered to allow OWASP chapters to meet at it's
>>>> conferences around the world, lets folks attend OWASP meetings for free
>>>> (of course), serve drinks, and otherwise back off no-strings-attached.
>>>>
>>>> SANS is of course a for-profit commercial enterprise.
>>>>
>>>> Frank Kim, Denis Kirby and Jason Lam are the folks who run the SANS
>>>> AppSec program and made this offer to OWASP. They feel it's of value to
>>>> SANS just to have OWASP folks be aware that SANS exists, and they can
>>>> help the community at the same time.
>>>>
>>>> I've known Frank and Jason for some thing and think they are good eggs.
>>>> Worth discussing...
>>>>
>>>> --
>>>> Jim Manico
>>>>
>>>> Connections Committee Chair
>>>> Cheatsheet Series Product Manager
>>>> OWASP Podcast Producer/Host
>>>>
>>>> jim at owasp.org
>>>> www.owasp.org
>>>> _______________________________________________
>>>> Committees-chairs mailing list
>>>> Committees-chairs at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/committees-chairs
>>>>
>>>
>>>
>>> --
>>> Eoin Keary
>>> OWASP Global Board Member (Vice Chair)
>>>
>>> https://twitter.com/EoinKeary
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> _______________________________________________
> Committees-chairs mailing list
> Committees-chairs at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/committees-chairs


-- 
Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org
www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120501/04017bec/attachment.html>


More information about the Owasp-board mailing list