[Owasp-board] Contrast Marketing / OWASP Benchmark Project
johanna curiel curiel
johanna.curiel at owasp.org
Tue Oct 20 20:20:55 UTC 2015
Additionally vendor is doing false claims based on The actual stage of
development of The project
Benchmark is not ready to do such claims
On Tuesday, October 20, 2015, Michael Coates <michael.coates at owasp.org>
> I think we definitely have an issue here.
> 1)It is quite clear, at it's current state, the project has a conflict of
> The concept of the project could be great. But a conflict is present in
> it's current state. As a result, everything achieved by the project is
> under a shadow. I also don't think there's any disagreement about conflict
> of interest either (see chapter leader response
> This isn't to say that anyone is purposively influencing results, but a
> "conflict of interest' is about relationships and impartiality, not about
> specific actions. As a result I feel the conflict of interest is here and
> should be acted on.
> Suggested action:
> 1a - we should label the project as such (idea: a banner across the wiki
> page with "outstanding issues: conflict of interest)' just like wikipedia
> 1b - we should ask the project committee to consider updating the project
> maturity process such that a project cannot advance out of the most initial
> phase if a conflict of interest is present.
> 2) Branding
> The quotes you mention are not inline with our branding requirements. I
> also don't believe the logo is to be used on vendor literature.
> The OWASP Brand must not be used in a manner that suggests that The OWASP
> Foundation supports, advocates, or recommends any particular product or
> Suggested action:
> 2a - Paul to reach out to Contrast to discuss how to work with OWASP
> Thoughts from others?
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
> On Tue, Oct 20, 2015 at 11:39 AM, Josh Sokol <josh.sokol at owasp.org
>> Did anyone see this?
>> It is a vendor "Whitepaper" using the OWASP Benchmark Project along with
>> the Foundation brand and logo. A couple of choice quotes from the
>> "Any product that doesn’t score highly on the OWASP Benchmark puts
>> organizations at serious risk of missing major vulnerabilities in their
>> real-world applications and generating lots of false alarms."
>> "Contrast Enterprise, which the OWASP Benchmark demonstrated is both fast
>> and accurate, is a natural choice to augment or replace existing SAST and
>> DAST solutions."
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board