Boberski, Michael [USA] boberski_michael at bah.com
Sat Apr 24 11:46:43 EDT 2010

More precisely: a request for your help to get an OWASP Commercial Services Registry right.

On April 6, the OWASP Board voted on a proposal that I submitted to create an OWASP Commercial Services Registry, approving the concept of vendor registries. Registries designed to encourage the formation of commercial services that are based on OWASP open standards, best practices and design patterns. An OWASP Commercial Services Registry project was created, and the project is now looking for feedback from the community, to help get it right. An OWASP Commercial Services Registry straw man can be found here: http://www.owasp.org/index.php/Commercial_Services.

OWASP's mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks, and as a value-add towards this end the OWASP Commercial Services Registry Project will attempt to centralize OWASP project deliverable-based services in a single place. OWASP is not affiliated with any technology company, and OWASP does not endorse commercial products or services, although OWASP supports the informed use of commercial security technology, and that is the ultimate goal of this registry.

Encouraging the formation of commercial services (verification, implementation services, process improvement, and training) benefits both industry and OWASP by promoting the development and consumption by industry and government of tools and techniques that are based on OWASP open standards, best practices and design patterns. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project’s long-term success, providing sound foundations to build commercial services upon.

Firms listed in the OWASP Commercial Services Registry will follow strict rules to ensure the preservation of OWASP’s non-commercial nature. Firms listed in this registry will share our belief that application security needs to be approached as a people, process, and technology problem, because the most effective approaches to application security include improvements in all of these areas.

Please let me know your thoughts and suggestions for improvement. I look forward to exploring them with you.


Mike B.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100424/02ff2a57/attachment.html 

More information about the OWASP-Leaders mailing list