[Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Boberski, Michael [USA] boberski_michael at bah.com
Mon Apr 26 08:21:45 EDT 2010


Question:
is this simply
(1) a bulletin board where owasp do not assess the individual listed organisations, if so this will take significant effort to police.

[Mike] No, it would be configured like the "Jobs" page. I would be the one making updates as the project lead in response to email queries/requests. Presumably Kate and so on would also have access for administrative purposes.

(2) a list of recognised/proven orgs who actually provide OWASP related services

[Mike] It will be a list of vendors who claim they provide services based on OWASP deliverables.

If (2); an approval criterion needs to be established, there are a number of reasons for this; one being governance and openness but also to prevent misuse of this opportunity by organisations.

[Mike] Check out the requirements that preface each table on each tab.

if (2) i believe we need to establish an approval board, committee to assess orgs who wish to add themselves to the registry. I dont believe one individual can make this decision?

[Mike] Orgs won't add themselves, as noted above. The basis for accepting/rejecting listings will be based on the requirements that preface each table on each tab. E.g. the requirement "approach to performing verifications" would be passed/failed when a request is submitted to be listed depending on whether an approach was provided, not the quality or content of the approach. E.g. if a company has SQL injection sniffing dogs and that's how they do verification, good enough.

if (1) we need a strong disclaimer on the pages but either option will need control to prevent spam etc.

[Mike] Orgs won't add themselves, as noted above.

Question:
Once organisations get onto the registry how long can they stay on it, ad infinitum?

[Mike] Yes.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100426/d1b3ab91/attachment.html 


More information about the OWASP-Leaders mailing list