[Owasp-leaders] [Global_education_committee] Commercialdelivery of courses based on OWASP materials

Antonio Fontes antonio.fontes at owasp.org
Sun May 23 04:38:50 EDT 2010

And who would enforce such controls and maintain their accuracy?

On 23 May 2010 08:20, Brian Bertacini <brian at appsecconsulting.com> wrote:
> Hello Leaders,
> I respectfully recommend certain business requirements be validated prior to
> listing in the commercial services directory.  This will help add legitimacy
> to the program and reduce the potential for reputation risk caused by
> potential bad operators.  Please consider the following requirements below:
> 1.  companies/institutions/proprietors listed in the directory our subject
> business requirements validation
>    -  business legitimacy (posses a government issued business license, in
> good standing with tax collecting entities, etc.)
>    -  perform background checks on employees providing services (criminal
> history checks, etc.)
>    -  minimum levels of insurance (general liability, technology errors &
> omissions, etc.)
> 2. implementation of a quality assurance program
>    -  develop, maintain and monitor QA standards
>    -  customer feedback/surveys (to monitor service providers)
>    -  a method for quality enforcement (remediation, etc.)
> 3. formal certification program and code of conduct
>   -  promote consistent and high-quality delivery of commercial services
>   -  maintain high ethical standards for service providers
> I'm sure more can be added to this list.  Obviously this introduces overhead
> and bureaucracy but in my opinion it will help preserve the reputation of
> OWASP going forward.
> My $.02,
> Brian

OWASP Geneva Chapter
Join the mailing list: https://lists.owasp.org/mailman/listinfo/owasp-Geneva

More information about the OWASP-Leaders mailing list