[Owasp-leaders] Commercial delivery of courses based on OWASP materials
antonio.fontes at gmail.com
Wed Jun 9 18:03:42 EDT 2010
So many messages around this topic...wow! : )
An alternative/complementary idea: why not help trainers by improving their
relation with OWASP material?
If the goal is to reduce liars/clowns/penguins present on the market, then
an idea would be writing up "training projects":
- OWASP Top 10 project -> OWASP Top 10 training project
- OWASP Code Review project -> OWASP Code Review training project
- and so on.
For example, how many hours does Eoin think of a good way of teaching his
document? What would be the syllabus? What would be the slides he thinks as
a good way of teaching code review? and so on.
Each "training" project would be associated with a "documentation/tool"
project, which aims at formalizing the training according to OWASP's quality
And if the real worry isn't the brand afterall, but the money (I still don't
see why this matter doesn't come up on the table), we still can build up
"training packages" at reasonable price.
Why is it that I still can't order 20 printed copies of the OWASP Top 10
2010 and give them to all participants at my next training session?
2 cents, as usual!
On Wed, Jun 9, 2010 at 9:59 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Thanks, Andrew. I'm a big fan of this direction. It's inline with open
> source and 501c3 values and keeps the brand "clean".
> The main issue that has come up over "guarding the brand" is the expense
> to "legally challenge" those who are not using the brand with integrity.
> I think a "wall of shame" at OWASP which describes brand use violations
> may be enough for now. Or for the whitelist inclined, we could provide a
> list of those who ARE using the brand with integrity implying that all
> others are not.
> I prefer "responsible open" not "goatse open" when it comes to the OWASP
> - Jim
> > Hi there,
> > The power of open source is that you are free to use it and re-purpose it
> for any reason. If you can make money off it (especially when it's freely
> downloadable), good on you.
> > Generally, you can't make money writing for OWASP projects (trust me,
> I've tried), so the only method to make money is to deliver services based
> upon them. There should be no restrictions on this. It's the One True Open
> Source Way(tm).
> > I think there are many viable mechanisms to make a good living from
> getting OWASP's message out there. We shouldn't get in the way of this.
> > - I think delivering a copy of the relevant standard, project or similar
> in its original format or with extensions is perfectly acceptable.
> > - I think buying a copy from OWASP and providing it to participants is a
> nice to have but we shouldn't hard wire it into our licenses as that's no
> longer open source
> > I think the OWASP brand and logo needs to be jealously guarded.
> > - I think folks purporting to be OWASP certified trainers etc ... that
> has to be frowned on until such time we have such a program. Maybe we should
> do this. I don't know.
> > - I think folks purporting to deliver OWASP syllabus should make it clear
> it's their own work as we have no such teaching standards or guidelines.
> Maybe we should do this. I don't know.
> > But putting additional restrictions on our materials (CC or GFDL or
> whatever) I think it taking it out of the hands of the original contributors
> and definitely violates our commitments to open source both in the letter
> and spirit of the licenses we use.
> > thanks,
> > Andrew
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
this email was sent with an iPhone counterfeit
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders