[Owasp-leaders] [Global_education_committee] Commercialdelivery of courses based on OWASP materials

Brian Bertacini brian at appsecconsulting.com
Sun May 23 02:20:55 EDT 2010

Hello Leaders,

I respectfully recommend certain business requirements be validated prior to
listing in the commercial services directory.  This will help add legitimacy
to the program and reduce the potential for reputation risk caused by
potential bad operators.  Please consider the following requirements below:

1.  companies/institutions/proprietors listed in the directory our subject
business requirements validation
    -  business legitimacy (posses a government issued business license, in
good standing with tax collecting entities, etc.) 
    -  perform background checks on employees providing services (criminal
history checks, etc.)
    -  minimum levels of insurance (general liability, technology errors &
omissions, etc.)

2. implementation of a quality assurance program
    -  develop, maintain and monitor QA standards
    -  customer feedback/surveys (to monitor service providers)
    -  a method for quality enforcement (remediation, etc.)

3. formal certification program and code of conduct
   -  promote consistent and high-quality delivery of commercial services
   -  maintain high ethical standards for service providers

I'm sure more can be added to this list.  Obviously this introduces overhead
and bureaucracy but in my opinion it will help preserve the reputation of
OWASP going forward.  

My $.02,

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Andre Gironda
Sent: Saturday, May 22, 2010 1:26 PM
To: owasp-leaders at lists.owasp.org
Cc: owasp-connections-committee; global_education_committee at lists.owasp.org
Subject: Re: [Owasp-leaders] [Global_education_committee] Commercialdelivery
of courses based on OWASP materials

On Sat, May 22, 2010 at 2:35 PM, Jim Manico <jim.manico at owasp.org> wrote:
> We are a charitable organization as our primary mission. Period. I 
> think a commercial services registry is on the edge of that 
> responsibility. Not over
> - just on.
> You go for it, Mike - but I'll be watching you, dude. ;)

Exactly wrong, Jim. We're a charitable organization -- not a watchdog
operation. There's no whistle-blowing to do in this industry. It's not
corrupt or full of lies and deception.

Stop thinking you're going to save the world by trying to improve it!
There's nothing special or honest about being a skeptic.

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list