[Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY
eoin.keary at owasp.org
Mon Apr 26 06:59:43 EDT 2010
Mike nice template, great work as usual,
Opening the conversation;
is this simply
(1) a bulletin board where owasp do not assess the individual listed
organisations, if so this will take significant effort to police.
(2) a list of recognised/proven orgs who actually provide OWASP related
If (2); an approval criterion needs to be established, there are a number of
reasons for this; one being governance and openness but also to
prevent misuse of this opportunity by organisations.
if (2) i believe we need to establish an approval board, committee to assess
orgs who wish to add themselves to the registry. I dont believe one
individual can make this decision?
if (1) we need a strong disclaimer on the pages but either option will need
control to prevent spam etc.
Once organisations get onto the registry how long can they stay on it, ad
On 24 April 2010 16:46, Boberski, Michael [USA] <boberski_michael at bah.com>wrote:
> More precisely: a request for your help to get an OWASP Commercial
> Services Registry right.
> On April 6, the OWASP Board voted on a proposal that I submitted to create
> an OWASP Commercial Services Registry, approving the concept of vendor
> registries. Registries designed to encourage the formation of commercial
> services that are based on OWASP open standards, best practices and design
> patterns. An OWASP Commercial Services Registry project was created, and the
> project is now looking for feedback from the community, to help get it
> right. An OWASP Commercial Services Registry straw man can be found here:
> OWASP's mission is to make application security "visible," so that people
> and organizations can make informed decisions about application security
> risks, and as a value-add towards this end the OWASP Commercial Services
> Registry Project will attempt to centralize OWASP project deliverable-based
> services in a single place. OWASP is not affiliated with any technology
> company, and OWASP does not endorse commercial products or services,
> although OWASP supports the informed use of commercial security technology,
> and that is the ultimate goal of this registry.
> Encouraging the formation of commercial services (verification,
> implementation services, process improvement, and training) benefits both
> industry and OWASP by promoting the development and consumption by industry
> and government of tools and techniques that are based on OWASP open
> standards, best practices and design patterns. Similar to many open-source
> software projects, OWASP produces many types of materials in a
> collaborative, open way. The OWASP Foundation is a not-for-profit entity
> that ensures the project’s long-term success, providing sound foundations to
> build commercial services upon.
> Firms listed in the OWASP Commercial Services Registry will follow strict
> rules to ensure the preservation of OWASP’s non-commercial nature. Firms
> listed in this registry will share our belief that application security
> needs to be approached as a people, process, and technology problem, because
> the most effective approaches to application security include improvements
> in all of these areas.
> Please let me know your thoughts and suggestions for improvement. I look
> forward to exploring them with you.
> Mike B.
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
OWASP Global Board Member
OWASP Code Review Guide Lead Author
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders