[Owasp-board] Contrast Marketing / OWASP Benchmark Project
michael.coates at owasp.org
Tue Oct 20 20:11:10 UTC 2015
I think we definitely have an issue here.
1)It is quite clear, at it's current state, the project has a conflict of
The concept of the project could be great. But a conflict is present in
it's current state. As a result, everything achieved by the project is
under a shadow. I also don't think there's any disagreement about conflict
of interest either (see chapter leader response
This isn't to say that anyone is purposively influencing results, but a
"conflict of interest' is about relationships and impartiality, not about
specific actions. As a result I feel the conflict of interest is here and
should be acted on.
1a - we should label the project as such (idea: a banner across the wiki
page with "outstanding issues: conflict of interest)' just like wikipedia
1b - we should ask the project committee to consider updating the project
maturity process such that a project cannot advance out of the most initial
phase if a conflict of interest is present.
The quotes you mention are not inline with our branding requirements. I
also don't believe the logo is to be used on vendor literature.
The OWASP Brand must not be used in a manner that suggests that The OWASP
Foundation supports, advocates, or recommends any particular product or
2a - Paul to reach out to Contrast to discuss how to work with OWASP
Thoughts from others?
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
On Tue, Oct 20, 2015 at 11:39 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Did anyone see this?
> It is a vendor "Whitepaper" using the OWASP Benchmark Project along with
> the Foundation brand and logo. A couple of choice quotes from the
> "Any product that doesn’t score highly on the OWASP Benchmark puts
> organizations at serious risk of missing major vulnerabilities in their
> real-world applications and generating lots of false alarms."
> "Contrast Enterprise, which the OWASP Benchmark demonstrated is both fast
> and accurate, is a natural choice to augment or replace existing SAST and
> DAST solutions."
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board