[Owasp-leaders] Commercial Services Registry -- Live!

Matteo Meucci matteo.meucci at gmail.com
Fri May 14 12:16:01 EDT 2010

Hi all,
thank you Dinis for the clarification.

Now that is clear that not all the Information Security Companies all
around the world could be listed in the registry, I think is important
as you said to create a set of criteria.

Maybe for a Company a set of criteria could be a function of the
following "OWASP argument":
- a minimum of person that collaborates in OWASP (3p?)
- how many years the person collaborates in OWASP (3y?)
- how many OWASP projects he delivered in release quality as project
leader? (at least 1 for Company?)
- other?

In that way OWASP will promote OWASP (or we have to find a way to
reach this goal IMO).

We will promote the Companies that really give a value for OWASP and
give a lot time for OWASP. Companies are encouraged to do do more for
In that way, listed companies will be more qualified than other and we
can reasonable assume that they will reach the "OWASP Consultancy"
that the market needs.


On Fri, May 14, 2010 at 4:51 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
> Hi,
> Just a couple notes on this idea that I want to make sure that we are all on
> the same page.
> From my point of view this project, the OWASP Commercial Services Project
> (soon to created by Paulo on the WIKI + mailing list) is a very important
> OWASP Initiative that the time as come to sort out.
> In a nutshell, what we are trying to do is to formalize and maximize one of
> the Business Model that currently supports OWASP today (i.e. Company XYZ
> that receives enough value or revenue from OWASP projects or from OWASP
> related services (provided to their clients) that they (Company XYZ) allow
> their employees to contribute to OWASP projects under company time).
> Mike is doing a great service for OWASP by putting a lot of energy into this
> project, and we really need to figure out the best operation model to make
> this work (in a way that is is accepted by our community)
> To help this move along (and to bring in some extra energy/ideas) I will be
> taking an active role in this project (joining Mike at the OWASP Commercial
> Services Project leadership), and here is my invitation for you (owasp
> leader) to join the project. Note that this is a critical project for OWASP
> and we need as much help as we can get.
> The idea is to use the next couple months to figure out the best (and
> accepted) operation model for this Commercial Services registrar, and only
> when we are ready, remove the (just added to Commercial
> Services page) 'Please note that the registry is currently under development
> and listing requirements are subject to change'  disclaimer) and launch this
> to the world :)
> In the short-term, we need to identify WHO is currently
> providing  Commercial Services around OWASP Projects. Once we have that
> list, can analyze them as case studies and figure out (with them) what is
> the best way to represent what they do  at the OWASP Commercial
> Services pages and the OWASP Wiki in general.
> Since this is a big topic, if you are part of one of these companies that
> provide Commercial Services around OWASP Projects or want to be involved in
> this project,  please join this project mailing list (soon to be created)
> and lets continue the conversation there.
> Finally note I would like to make on this list about Mike Boberski.
> I know that some of you had issues in the past with some of Mike's
> emails/opinions/'tone of voice', and I have to say that I also had some
> reservations about some of his comments too, BUT I just spent 1h 25m with
> Mike on the Phone and I think that I finally found the problem.
> As I said to Mike on phone (and commented that I would be also mentioning it
> to this list), he has an 'interesting' personality, whereby his spoken
> arguments/voice are very different from his written arguments/voice (i.e. he
> is much 'nicer' and 'easy to deal' with by voice (and I assume in person)
> than via eMail).
> So the bottom like with Mike is, when in doubt, pick up the phone and call
> him (it will be faster and easier then to write a number of emails about it
> :)  )
> Dinis Cruz
> On 12 May 2010 15:57, Boberski, Michael [USA] <boberski_michael at bah.com>
> wrote:
>> Dear Leaders,
>> FYI, the OWASP home page has been updated with links to the new OWASP
>> commercial services registry! Many sincere thanks to all involved.
>> What is the OWASP commercial services registry?
>> OWASP's mission is to make application security "visible," so that people
>> and organizations can make informed decisions about application security
>> risks, and as a value-add towards this end we have attempted to centralize
>> OWASP project deliverable-based services in a single OWASP Commercial
>> Services Registry. OWASP is not affiliated with any technology company, and
>> OWASP does not endorse commercial products or services, although we support
>> the informed use of commercial security technology, and that is the ultimate
>> goal of this registry.
>> Updates to the OWASP home page:
>> The “navigation” panel on the left-hand side has been updated with a
>> “Commercial Services” link. And, the icon column in the center of the page
>> has been updated with a “Commercial Services” link and an associated text
>> box.
>> Next steps:
>> To get your company listed, the work flow is to send requests to Kate, per
>> the “Get Listed” instructions on the “Home” tab of the commercial services
>> registry page. There is currently a sample listing entry for each of the
>> other tabs; it will be replaced as listings are submitted; hopefully the
>> samples and the instructions above the table on each tab will provide
>> sufficient guidance in terms of the information required.
>> Best,
>> Mike B.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Matteo Meucci
OWASP Testing Guide lead

More information about the OWASP-Leaders mailing list