[Owasp-board] [Owasp-leaders] OWASP Benchmark project - potential conflict of interest

johanna curiel curiel johanna.curiel at owasp.org
Thu Nov 26 22:01:45 UTC 2015


Very nice for these Appsec folks in  making marketing out of volunteer
efforts to spend time reviewing an immature tool and sell it as it is ready
mature for selling and making money at an *OWASP conference*

Other people make advertising yes, but they don't push a review to go a
head and sell. Off course, if this project was 'an incubator' had less
claims to make than 'LAB' right?

I'm *very very and very disappointed to be used like this. *

What about that ? No one cares resources are misused? BTW the project also
got a speaker slot at the OWASP conference.

3 issues logged so far in their github repo. Wow..I'm appalled how much
testing this is taking...

How many people in this thread has actually used the tool?

I think I'm the only one.





On Thu, Nov 26, 2015 at 5:32 PM, Andre Gironda <andreg+owasp at gmail.com>
wrote:

>
> On Thu, Nov 26, 2015 at 12:09 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > I would be happy to provide an update.
> >
> > Matt Konda and Dave Wichers, the Benchmark Project Leader, had a
> > conversation a few weeks back. To summarize their conversation, Dave
> > acknowledges the currently lack of diversity in his project and it is his
> > sincere desire to drive more people to it to help.
>
> From my perspective, this is a core project that has the potential for the
> best outcomes. Every appsec program -- every infosec program -- leads with
> tool(s) instead of people. Business owners and app owners want
> business-as-usual portal(s) for the everyday uninitiated portal user. I
> emphasize my parenthetical use of the plural (i.e., (s)'s) because many
> times only one tool is chosen, or [at best?] chosen for a few quarters and
> then migrated entirely to a new [often worse?] tool.
>
> What both Aspect and Contrast have contributed should be encouraged more.
> These vendors are _contributing_ forward-looking solutions that get to the
> root cause of obstacles in application security.
>
> So what do we give them? A reward? No -- we give them more obstacles? The
> vendors who have a seat to the table
>
> > Josh Sokol and Jeff Williams, the CTO of Contrast, had a conversation a
> few
> > weeks back. To summarize their conversation, Jeff believes that the work
> > that Dave is doing on the Benchmark is a game changer in that it gives
> OWASP
> > the power in dictating what these tools need to be finding. He wants the
> > Benchmark to be successful and understands that it needs to be diverse in
> > order to be trusted.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151126/16f7942e/attachment.html>


More information about the Owasp-board mailing list