[Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Boberski, Michael [USA] boberski_michael at bah.com
Mon Apr 26 09:51:20 EDT 2010


so given this is a list of orgs "who claim" they provide such services, are we delivering the information as such, ie, organisations "who claim", and it is clear OWASP does not endorse or verify any of these claims.
 - Can we have this made very clear on the site please.

[Mike] I've added just now bold and italic emphasis to the existing disclaimer on each tab.

Again re passing and failing applications for registration we need a number of individuals to assess each application. This can not be left to one individual, this avoids any difficult potential commercial conflicts of interest arising or even the perception of one.

[Mike] This is an item which I think needs further discussion.

I'd be happy not to spend cycles managing the registry, there are no special skills required to do so, but that assumes one or a group of people can provide equivalent service. It's not really OK for this to have requests take a month or three, that would cause perception problems as well.

Perhaps, creating a mail list and having requests sent to that, and then serviced by me, would be sufficient. Or e.g., have requests go to the Industry (or Connections?) Committee list, and then serviced by me. Either way the point would be that a record would be generated were disputes to arise, and of course the criteria for listing is duplicated on each tab.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100426/837f64c6/attachment.html 


More information about the OWASP-Leaders mailing list