[Owasp-cert] Principles and Perspectives

dlavigne6 at sympatico.ca dlavigne6 at sympatico.ca
Tue Jul 22 08:04:33 EDT 2008

>1. 50 people writing one question each will yield a better question pool 
>than one person writing 50 questions. So, how do we get more contributors?

Having gone through the psychometric process, I would suggest that process 
yeilds better questions than the quantity of question writers or even the 
original quality of the questions. Questions evolve through this process 
where lousy questions turn into good questions and good questions turn into 
great questions. I can put you in touch with our psychometrician if you 
wish. Her rates are much more reasonable than an agency and she has 10+ 
years experience working with cert bodies in several industry sectors, 
including technical ones such as LPI.

>2. I really, really, really, really hate the notion of NDAs but does it 
>make sense to not have one for this type of process? The importance of not 
>sharing information on exam content is vital to the success of the OWASP 
>certification but NDAs are at odds with openness. Any suggestions?

Our SME NDA follows. Feel free to modify to meet your needs.




Non-Disclosure Agreement for SMEs of the BSDCG


[your name here]
[your address here]
[your address here]

Dear :

As an SME (Subject Matter Expert) for the BSD Certification Group Inc. 
you agree to assist in the development and review of test questions and
their related answers. As such, you understand that all such questions and
answers, including any translation thereof into any language, and any
amendment, supplement or modification thereof are the sole property of the

You agree that any information related to the creation of the test questions
and answers is to be kept in strict confidence, and to only discuss
private SME matters with other BSDCG voting members. Further, you agree to
not disclose or release any test question or answer, either directly or
indirectly in study materials, classroom instruction, or by any other
means and to any person or entity without the prior written consent of the
Chair of the BSDCG, or until that information has been publicly released
by the BSDCG.

Your obligation to maintain the confidentiality of any information you
receive while performing your duties as an SME shall not apply (a) after 
information becomes available to the general public, provided the disclosure
did not result from a breach by you of this agreement, and (b) to the extent
that you are required to disclose such information under any applicable law,
regulation or an order from a court, regulatory agency or other governmental
authority having competent jurisdiction, provided that you (i) promptly 
the Chair of the BSDCG about the legal disclosure requirement in order to
provide the BSDCG with an opportunity to seek a protective order, (ii) 
the BSDCG with reasonable cooperation, upon reasonable request by the BSDCG,
and, (iii) disclose only the portion of such information that is required to 
disclosed under such law, regulation or order.

All publications and materials created by the BSDCG shall at all times 
the property of the BSDCG.  You hereby assign any right, including, without
limitation, any copyright, you may have in any Certification
Materials that you prepare, and any drafts, notes or other documents
prepared by you in connection therewith.  You agree that no license or
other conveyance of any rights (under any patent, copyright, trade secret,
or any other proprietary or intellectual property right) in or to the
Certification Materials is granted to you under this agreement or implied
by any disclosure of Certification Materials.

If at any time you decide not to continue as an SME of the BSDCG, or
at any time upon the request of the BSDCG, you will promptly deliver to the
BSDCG all copies of, and purge from your systems and files and destroy all
electronic or other copies of, all memoranda, notes, records, reports, media
and other documents and materials regarding the Certification Materials you
then possess or have under your control.

You acknowledge and agree that your unauthorized disclosure or otherwise
wrongful use of the Certification Materials may cause irreparable injury
to the BSDCG, not adequately compensable by money damages and for which
the BSDCG may not have an adequate remedy available at law. Accordingly,
you specifically agree that the BSDCG shall be entitled to seek injunctive
or other equitable relief to prevent or curtail any such breach, without
posting a bond or security and without prejudice to the BSDCG's rights as
may be available under this agreement or under applicable law.

The laws of the State of New Jersey shall in all respects govern
this agreement as though this agreement was entered into, and was to be
entirely performed, within the State of New Jersey.  The parties
hereto irrevocably consent to the exclusive jurisdiction of, and venue
in, any federal or state court of competent jurisdiction located in
the State of New Jersey.  If any provision of this agreement shall
be found by a court to be void, invalid or unenforceable, the same shall
be reformed to comply with applicable law or stricken if not so
conformable, so as not to affect the validity or enforceability of this

All notices, requests and demands given to or made upon the parties
shall be in writing and shall be properly addressed, postage prepaid,
sent via registered or certified mail or personally delivered to such
party. Notices may be sent by facsimile transmission provided that, in
addition, a copy of such facsimile shall be sent by mail to each
addressee.  The effective date of a notice for purposes of this
agreement shall be the date on which such notice was actually received
by the party to whom it is addressed. Each party shall promptly notify
the other party of any address change.

Your obligations under this agreement shall survive the termination of
this agreement and your membership of the BSDCG. No course of dealing,
failure by either party to require the strict performance of any obligation
assumed by the other hereunder, or failure by either party to exercise any
right or remedy to which it is entitled, shall constitute a waiver or cause 
diminution of the rights or obligations provided under this agreement. No
provision of this agreement shall be deemed to have been waived by any act 
knowledge of either party, but only by a written instrument signed by a duly
authorized representative of the party to be bound thereby. Waiver by either
party of any default shall not constitute a waiver of any other or 

Please acknowledge your agreement with the foregoing terms and conditions
by signing in the space provided below.  Your assistance is greatly

Very truly yours,

The BSD Certification Group Inc.

Signature:					Witnessed:

Date:						Date:

More information about the Owasp-cert mailing list