[Owasp-board] Contrast Marketing / OWASP Benchmark Project

• Previous message: [Owasp-board] Contrast Marketing / OWASP Benchmark Project
• Next message: [Owasp-board] Contrast Marketing / OWASP Benchmark Project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael,

Good analysis and resolution suggestions. Do you think the brand usage policy needs adjusting as well?

--
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me in Rome for AppSecEU 2016!

> On Oct 20, 2015, at 10:11 PM, Michael Coates <michael.coates at owasp.org> wrote:
> 
> I think we definitely have an issue here.
> 
> 1)It is quite clear, at it's current state, the project has a conflict of interest. 
> 
> The concept of the project could be great. But a conflict is present in it's current state. As a result, everything achieved by the project is under a shadow. I also don't think there's any disagreement about conflict of interest either (see chapter leader response http://lists.owasp.org/pipermail/owasp-benchmark-project/2015-October/000031.html). This isn't to say that anyone is purposively influencing results, but a "conflict of interest' is about relationships and impartiality, not about specific actions. As a result I feel the conflict of interest is here and should be acted on.
> 
> Suggested action:
> 1a - we should label the project as such (idea: a banner across the wiki page with "outstanding issues: conflict of interest)' just like wikipedia does. 
> 1b - we should ask the project committee to consider updating the project maturity process such that a project cannot advance out of the most initial phase if a conflict of interest is present.
> 
> 
> 2) Branding
> The quotes you mention are not inline with our branding requirements. I also don't believe the logo is to be used on vendor literature.
> 
> https://www.owasp.org/index.php/Marketing/Resources
> The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
> 
> Suggested action:
> 2a - Paul to reach out to Contrast to discuss how to work with OWASP correctly. 
> 
> 
> Thoughts from others? 
> 
> 
> --
> Michael Coates | @_mwc
> OWASP Global Board
> 
> 
> 
> 
> 
>> On Tue, Oct 20, 2015 at 11:39 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> Did anyone see this?
>> 
>> https://cdn2.hubspot.net/hubfs/203759/Contrast_Benchmark092215.pdf
>> 
>> It is a vendor "Whitepaper" using the OWASP Benchmark Project along with the Foundation brand and logo.  A couple of choice quotes from the whitepaper:
>> 
>> "Any product that doesn’t score highly on the OWASP Benchmark puts organizations at serious risk of missing major vulnerabilities in their real-world applications and generating lots of false alarms."
>> 
>> "Contrast Enterprise, which the OWASP Benchmark demonstrated is both fast and accurate, is a natural choice to augment or replace existing SAST and DAST solutions."
>> 
>> ~josh
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151021/8e751f28/attachment.html>

• Previous message: [Owasp-board] Contrast Marketing / OWASP Benchmark Project
• Next message: [Owasp-board] Contrast Marketing / OWASP Benchmark Project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]