[Owasp-board] Contrast Marketing / OWASP Benchmark Project

Michael Coates michael.coates at owasp.org
Tue Oct 20 20:11:10 UTC 2015


I think we definitely have an issue here.

1)It is quite clear, at it's current state, the project has a conflict of
interest.

The concept of the project could be great. But a conflict is present in
it's current state. As a result, everything achieved by the project is
under a shadow. I also don't think there's any disagreement about conflict
of interest either (see chapter leader response
http://lists.owasp.org/pipermail/owasp-benchmark-project/2015-October/000031.html).
This isn't to say that anyone is purposively influencing results, but a
"conflict of interest' is about relationships and impartiality, not about
specific actions. As a result I feel the conflict of interest is here and
should be acted on.

Suggested action:
1a - we should label the project as such (idea: a banner across the wiki
page with "outstanding issues: conflict of interest)' just like wikipedia
does.
1b - we should ask the project committee to consider updating the project
maturity process such that a project cannot advance out of the most initial
phase if a conflict of interest is present.


2) Branding
The quotes you mention are not inline with our branding requirements. I
also don't believe the logo is to be used on vendor literature.

https://www.owasp.org/index.php/Marketing/Resources
The OWASP Brand must not be used in a manner that suggests that The OWASP
Foundation supports, advocates, or recommends any particular product or
technology.

Suggested action:
2a - Paul to reach out to Contrast to discuss how to work with OWASP
correctly.


Thoughts from others?


--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board





On Tue, Oct 20, 2015 at 11:39 AM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Did anyone see this?
>
> https://cdn2.hubspot.net/hubfs/203759/Contrast_Benchmark092215.pdf
>
> It is a vendor "Whitepaper" using the OWASP Benchmark Project along with
> the Foundation brand and logo.  A couple of choice quotes from the
> whitepaper:
>
> "Any product that doesn’t score highly on the OWASP Benchmark puts
> organizations at serious risk of missing major vulnerabilities in their
> real-world applications and generating lots of false alarms."
>
> "Contrast Enterprise, which the OWASP Benchmark demonstrated is both fast
> and accurate, is a natural choice to augment or replace existing SAST and
> DAST solutions."
>
> ~josh
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151020/94ecc566/attachment.html>


More information about the Owasp-board mailing list