[Owasp-cert] Principles and Perspectives

Matthew Chalmers matthew.chalmers at owasp.org
Sat Jul 26 16:50:50 EDT 2008

1. We can ask people to submit questions, or simply have a form on the web
site for anyone to anonymously submit questions. They don't have to be
project volunteers. We (see #2) can edit questions and answers to refine
them as well as writing some ourselves. There may also be free resources of
applicable questions from which we can draw to modify for our use. Of
course, this all depends on if our cert will be purely question-based.

2. I think we need to have something like an NDA for people who are privy to
questions they did not submit. Anyone who sees a significant portion of the
questions, especially with answers, should not be sharing them, copying
files with them in it, etc. and we should not assume that just because they
are given the info/access or participating in this project that they agree
not to do that. A 'legal' document with a real signature will allow the
Foundation to pursue action to compensate for damaging the cert if someone
does. Ask Jeff perhaps, he's the the law man. Also, we might want to
entertain the idea that no one person has access to all the questions. If we
don't I think we have to accept that anyone who does can't be certified.

3. Not to sound un-PC but can you explain how you came up with that
particular list of regions and countries? OWASP is free for anyone to
participate anywhere in the world regardless of any diversity factors, but I
don't think it's part of OWASP's mission to make a point of being
diverse. Most projects are free for anyone to participate, or not
participate in. OWASP keeps statistics (not 100% accurate, but still) on
local chapters (see for example http://www.owasp.org/apps/maps/index.jsp),
according to which there's one single person from all of Africa, for
example. I think rather than 'making sure' we have geographically diverse
participation, we should simply post a message to owasp-leaders and/or on
the web site main/news page calling for volunteers from outside the U.S. If
we get some, great, but if not that's probably alright.



From: owasp-cert-bounces at lists.owasp.org

[mailto:owasp-cert-bounces at lists.owasp.org] On Behalf Of

james at architectbook.com

Sent: Monday, July 21, 2008 8:30 PM

To: owasp-cert at lists.owasp.org

Subject: [Owasp-cert] Principles and Perspectives

1. 50 people writing one question each will yield a better question pool

than one person writing 50 questions. So, how do we get more contributors?

2. I really, really, really, really hate the notion of NDAs but does it make

sense to not have one for this type of process? The importance of not

sharing information on exam content is vital to the success of the OWASP

certification but NDAs are at odds with openness. Any suggestions?

3. Diversity is really important to me and I would like to make sure that we

have at least one person from each of these geographic areas:

- Africa and Mediterranean countries, the Middle East, East Asia (Chian,

Hong Kong, Taiwan, etc), Japan, South America (Brazil, Colombia, Peru,

Venezuela, etc), Australia and New Zealand and Southeast Asia (Indonesia,

Malaysia, Philippines, Singapore, Thailand, Vietnam). OWASP is an

international organization and have worldwide participation can only serve

to benefit.

-------------- next part --------------

An HTML attachment was scrubbed...


>From owasp at getmymail.org Tue Jul 22 10:31:30 2008

From: owasp at getmymail.org (Gary Palmer)

Date: Tue, 22 Jul 2008 07:31:30 -0700

Subject: [Owasp-cert] Marketing Idea: OWASP Certification

In-Reply-To: <
20080722051606.1b34e4c3b93181cbb56b6df77bbedd57.7f3a49c54f.wbe at email.secureserver.net

References: <
20080722051606.1b34e4c3b93181cbb56b6df77bbedd57.7f3a49c54f.wbe at email.secureserver.net

Message-ID: <002a01c8ec07$a1e6e8d0$6c00a8c0 at garycq>

And interesting to note is that SANS went from online software (I think it

was their own) to using prometric?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cert/attachments/20080726/fe49ba90/attachment.html 

More information about the Owasp-cert mailing list