[Owasp-cert] Deadlines for August
matthew.chalmers at owasp.org
Sun Jul 27 22:49:30 EDT 2008
I'm afraid I don't understand. I work for Rockwell Automation. I don't speak
for them and I don't want anyone to assume I am speaking for them if I don't
explicitly say so. I don't have any problem with anybody in OWASP refraining
from volunteering their employer's name. I don't see what benefit there is
in requiring everyone on this project, or everyone who submits exam content
for consideration, to give their employer's name. Some people might not even
have one, and that shouldn't mean they can't help.
Whether my company gives, or companies in general give, permission to use
the name associated with submitting exam content for this cert, or for any
other reason in connection with OWASP, doesn't mean I want to or have to. My
ideas and opinions are my own when it comes to volunteering with OWASP and
my employer has nothing to do with it. Your point #4 below makes no sense to
On Sun, Jul 27, 2008 at 6:54 PM, <james at architectbook.com> wrote:
> The one thing that you will come to learn about me is that I am pretty
> transparent, open yet with a touch of enterpriseyness :-)
> Seriously, The one thing that I am big believer in and highly unlikely to
> waiver is on mentioning one's employers name. My joke about working for a
> Fortune 200 was a dig at how folks pretend to be anonymous yet never
> succeed. I suspect that most folks aren't familiar with their own employers
> media relations policies nor code of conduct and therefore overdistill the
> requirement that they need to be abstract when mentioning their employers
> name. For those who fit this criteria, I ask them to do the following
> 1. If you check with your media relations department, they will grant you
> permission to use their name as OWASP is a non-profit and registered
> charity. Think United Way!
> 2. Code of conducts tend to encourage avoidance of those who are labeled
> business partners. If you check with your legal department, you will notice
> clauses about money changing hands.
> 3. Many folks get it twisted and think that I don't mention my employers
> name because I got something to hide. Reality is a little different. We have
> software that monitors the Internet and looks for all mention of our company
> name and this is reviewed by folks in public relations. I tend to avoid
> mentioning it in email as this will serve no purpose except to create
> additional work for my peers and I don't want to annoy them. I avoid it for
> email as it tends to get archived on multiple websites but openly mention in
> my BIO whenever I speak at industry conferences since this pages tend to be
> more static.
> 4. Each submission will need to have the name of one's employer as I need
> to track any potential IP issues. Attribution can be indicated when the
> questions are submitted. You will note this is contained within the
> previously sent XML schema.
> -------- Original Message --------
> Subject: Re: [Owasp-cert] Deadlines for August
> From: "Matthew Chalmers" <matthew.chalmers at owasp.org>
> Date: Sun, July 27, 2008 5:50 pm
> To: owasp-cert at lists.owasp.org
> All kidding aside, I actually do have a slightly different opinion on a
> couple of points. One, not so much a different opinion as another point in
> and of itself: do we want to go with the term "developer" or do we want to
> promote "software engineering"? This is kind of a 'religious' debate for
> some people.
> Two, my company also has offices all over the world (in about 80 countries
> actually--but we're only Fortune 500, heh), but I disagree with the
> implication that there are few software companies doing business only in the
> U.S. or EU. I still think we need to make an effort to sanitise the exam of
> any geographically/culturally-specific language or meaning. I don't think
> OWASP wants to be "big enterprise" exclusive either.
> Owasp-cert mailing list
> Owasp-cert at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cert