[Owasp-leaders] Commercial delivery of courses based on OWASP materials

Adam Muntner adam.muntner at quietmove.com
Thu May 13 20:07:47 EDT 2010

Dinis, what a great topic.

I don't think that OWASP should offer favoritism or discriminate
against any of the groups you listed. A class being delivered by a
project lead - that's a marketing point for the delivering
organization more than anything else.

I like the job board and commercial service sections and how they are
handled. It's clear that these are listed as a service to the
community, but that they are not endorsed by OWASP. Mike is right - a
protected page just like jobs/commercial services. These kinds of
links should probable be of the nofollow variety.

Banner ads are already in place, but perhaps OWASP could charge for an
"enhanced" listing on this page? Such as that a standard free listing
could be up to 10 characters, while an enhanced listing would be at
the top of the section, include a graphic image link (logo etc), and
allow more text.

This list could get big, and many trainers will be geography-specific.
What will be the criteria for being listed? Will there be 1000
independent trainers on it? How useful would such a list be? There is
just as good an argument for not doing it at all as there is for doing
it to get the word out and to raise money for owasp.

Mailing lists, local chapter pages - I don't think we need any formal
policy about this. The community is pretty good with peer pressure for
good behavior and self policing. We could also leave it up to each
list and chapter. If something is over the top, you can be sure there
will be colorful replies.

On Thu, May 13, 2010 at 4:05 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> ------------------------------------------------------------------------------------
> Taking into account that we want as many people to be exposed to OWASP
> materials and that there should be a direct relationship between the success
> of these courses and the market penetration of the affected OWASP Projects
> .....  from your point of view, which Variation+Options listed above:
>    i) are compatible with OWASP's values/independence and SHOULD be allowed
> (but monitored to prevent abuses)
>    ii) are NOT compatible with OWASP's values and SHOULD NOT be allowed
>   iii) should only be allowed with 'somebody' (GEC, OWASP Board, Project
> leader) permission / validation
>   iv) should be allowed, BUT with the information located at a very specific
> locations (for example what happens with the the OWASP Job Board or
> the OWASP Commercial Services)
> Looking forward to hearing your answers and points of view
> Dinis Cruz
> OWASP Board Member

More information about the OWASP-Leaders mailing list