[Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Colin Watson colin.watson at owasp.org
Thu Apr 29 12:14:08 EDT 2010


Would another alternative be to have guidelines and a standard content
template that organisations could use on their own websites instead
i.e. not add anything to the OWASP wiki?  This template would just
specify text and general layout - not the design or surrounding
branding.  It could include certain disclaimers and mandatory
definitions of services available, and when the declaration as created
and last reviewed.  The coding and/or wording and/or meta data schema
should be common to all the pages so that a simple internet search
would be able to identify all applicable OWASP service providers.

However, if people think this is a valid thing for OWASP to include on
its own wiki:

1. I'd support one person being responsible for updates, but there
does need to be some mechanism for approval or disapproval.  Perhaps
circulating to a (new) mailing list would be the best way - but not
the leaders list.

2. I'm not sure the role of the Industry Committee would match this
type of need - the purpose seems different to what the GIC is trying
to do.

3. Some minimum standard should be enforced (however that is done),
otherwise the listing could be swamped by hundreds or thousands or
millions of names.

4. The draft layout would probably need some regionalisation - Most
organisations may be looking for local providers?

5. You already have rel="nofollow" in the organisation hyperlinks -
good, this should be maintained rigorously

6.  Although priority is given to Corporate members, perhaps
organisations with individual members or project leaders, etc should
follow, and then everyone else?  That would let project leaders who
work for themselves have greater visibility for example.

7. Is "AppSec Services" too prominent in the main navigation menu?
Initially, would it be better to link from within the content of other
pages rather than giving it so much prominence - it doesn't seem to be
the equal of "Local Chapters" or "Conferences".  Actually perhaps
"Jobs board" should go too?

Regards

Colin Watson


More information about the OWASP-Leaders mailing list