[Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Boberski, Michael [USA] boberski_michael at bah.com
Thu Apr 29 12:55:03 EDT 2010


Hi Colin. The goal of creating the registry is to centralize this information.

The currently proposed template for entries can be found above each table in the straw man. It prescribes both content and length, for example.

The new mailing list, or to a committee mailing list, seems like a reasonable idea to me, from the previous thread with Eoin. 

Access to make updates to the list would also be restricted, just like the jobs site. I think we'd touched on this as well with the thread with Eoin.

Location is already one of the prescribed listing requirements ("company location"). Maybe we could add a small country flag or some such, I will investigate.

I think this is basically equivalent to the jobs page. My proposed home page updates were based on the jobs current implementation. No further updates or changes are proposed.

Best,

Mike B.


-----Original Message-----
From: Colin Watson [mailto:colin.watson at owasp.org] 
Sent: Thursday, April 29, 2010 12:14 PM
To: owasp-leaders at lists.owasp.org
Cc: Boberski, Michael [USA]; Eoin Keary
Subject: Re: [Owasp-leaders] RFC: OWASP COMMERCIAL SERVICES REGISTRY

Would another alternative be to have guidelines and a standard content
template that organisations could use on their own websites instead
i.e. not add anything to the OWASP wiki?  This template would just
specify text and general layout - not the design or surrounding
branding.  It could include certain disclaimers and mandatory
definitions of services available, and when the declaration as created
and last reviewed.  The coding and/or wording and/or meta data schema
should be common to all the pages so that a simple internet search
would be able to identify all applicable OWASP service providers.

However, if people think this is a valid thing for OWASP to include on
its own wiki:

1. I'd support one person being responsible for updates, but there
does need to be some mechanism for approval or disapproval.  Perhaps
circulating to a (new) mailing list would be the best way - but not
the leaders list.

2. I'm not sure the role of the Industry Committee would match this
type of need - the purpose seems different to what the GIC is trying
to do.

3. Some minimum standard should be enforced (however that is done),
otherwise the listing could be swamped by hundreds or thousands or
millions of names.

4. The draft layout would probably need some regionalisation - Most
organisations may be looking for local providers?

5. You already have rel="nofollow" in the organisation hyperlinks -
good, this should be maintained rigorously

6.  Although priority is given to Corporate members, perhaps
organisations with individual members or project leaders, etc should
follow, and then everyone else?  That would let project leaders who
work for themselves have greater visibility for example.

7. Is "AppSec Services" too prominent in the main navigation menu?
Initially, would it be better to link from within the content of other
pages rather than giving it so much prominence - it doesn't seem to be
the equal of "Local Chapters" or "Conferences".  Actually perhaps
"Jobs board" should go too?

Regards

Colin Watson


More information about the OWASP-Leaders mailing list