[Owasp-leaders] OWASP Core Values

Jim Manico jim.manico at owasp.org
Sun Jan 16 17:51:41 EST 2011


Very wise sentiment. One of the biggest mistakes of OWASP is to push away so many automation vendors. If you are approaching AppSec without some kind of DAST/SAST automation assistance at this point I feel you are insane or selling snake oil services.

I like "vendor integrity" better. In the future I'd like to see OWASP publish reports about the objective effectiveness of various tools, even commercial tools. Key word : objective. 

OWASP can still be vendor-neutral, vendor-integrity or whatever while still working with and providing advice regarding commercial tools. It's part of our core mission.

What we are doing now is foolish - we let Veracode use our name and claim go serve the OWASP Top Ten without actually verifying that in any way. This is a huge dis-service to the developer/security community. (And this is not picking on Veracode, it's the principle not the company)

I used to flat-out "diss" the entire vendor community. But it's time to evolve. That goes for me and that goes for OWASP.

-Jim Manico
http://manico.net

On Jan 15, 2011, at 12:31 PM, Nabil OUCHN - Morocco OWASP <nabil at owasp.org> wrote:

> Dear all,
> 
> 1 - Maybe we need something more accurate than "Integrity" to describe "Neutrality" or Vendor "Independency". Because "Neutrality" is one of the greatest values of such methodology !!!
> 2- You talk about Global Community in both "Global and Integrity" ?
> 3- Maybe "INITIATIVE" rather then EXPERIMENTATION
> 
> Nabil OUCHN
> OWASP Morocco Chapter Leader
> http://www.owasp.org/index.php/Morocco
> nabil at owasp.org
> 
> 
> 
> Le 15 janv. 2011 à 20:19, Michael Coates a écrit :
> 
>> If you haven't already done so I would really encourage everyone to take a look and submit feedback.
>> 
>>> http://www.owasp.org/index.php/Core_Values_and_Definitions
>> 
>> We are at a point where we really need to define our core values and decide on the direction of OWASP.  This is a major step in that direction. Let's make sure we capture the right values and are heading the right way.
>> 
>> From the link (which has a feedback submission form you should use)
>> 
>> OPEN
>> 
>> 
>> Everything OWASP is radically transparent from finances to code.
>> 
>> 
>> EXPERIMENTATION
>> 
>> 
>> OWASP encourages and supports experiments for solutions to software security challenges.
>> 
>> 
>> GLOBAL
>> 
>> 
>> Anyone around the world can participate in the OWASP community.
>> 
>> 
>> INTEGRITY
>> 
>> 
>> OWASP is an honest and truthful, vendor agnostic, global community. 
>> 
>> 
>> 
>> Michael Coates
>> OWASP
>> 
>> 
>> 
>> On Jan 14, 2011, at 9:53 AM, Thomas Brennan wrote:
>> 
>>> Just one of the many internal OWASP Foundation projects underway has been to work with a 3rd party management company to unify the update mission of OWASP 4.0 
>>> 
>>> Details of the project:
>>> 
>>> http://www.owasp.org/index.php/Tesauro_Management_Counselors
>>> 
>>> As a result of PHASE I, I share a milestone, pay close attention to the wording.
>>> 
>>> http://www.owasp.org/index.php/Core_Values_and_Definitions
>>> 
>>> This is now in RFC to the owasp-leaders with ratification at the OWASP Summit at the kick off session. If you have comments suggestions please use the feedback provided on the wiki page.
>>> 
>>> Thank you in advance for your valuable time.
>>> 
>>> ** If you have not looked recently at the working sessions take the time to review hundreds of volunteer man hours have been invested in the summit so far for YOU the community  http://www.owasp.org/index.php/Summit_2011 its going to be amazing!
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110116/35705e5a/attachment.html 


More information about the OWASP-Leaders mailing list