[Owasp-leaders] Vendor Neutrality

Konstantinos Papapanagiotou konstantinos at owasp.org
Thu Feb 14 07:21:09 UTC 2013


This is a delicate matter and while I'm more than confident about everyone's good intentions, such promotions need to be phrased carefully. There are several conflicts of interest here as a board member and chapter leader is organizing an OWASP training event in which his company is providing training (so far so good), for which he also offers a generous discount. I'll try to play the devil's advocate for a bit just to point out potential misunderstandings:

Initially one would assume that the discount is offered by Tom personally ("I would like to extend to you"), as an OWASP leader since it comes from his @owasp.org account. When you read the email you understand that it's more of a vendor thing, which makes more sense to be honest, but still, you can't be 100% certain about it.

If I was a trainer provider for this event I would definitely feel the pressure to offer a similar discount (assuming of course that the $500 discount comes only from Trustwave's share), which again would be perfectly ok if Tom wasn't also the event's organizer, a fact which could potentially lead me into considering various conspiracy theories.

In any case, I don't really see any abuse here but rather an unfortunate phrasing, possibly derived from Tom's unparalleled enthusiasm about OWASP and the definite success of his event. You are right though Jim, we need to be very careful to protect our neutrality.

Kostas



On 14 Φεβ 2013, at 3:37, Jim Manico <jim.manico at owasp.org> wrote:

> Hey folks,
> 
> Please see the email at the bottom of this message.
> 
> This email hit the NYC chapter list today and we discussed it through the board list earlier. I feel this is an abuse of the OWASP brand and vendor neutrality rules to some degree, but other board members politely disagreed with me. That's fair.
> 
> Can you please chime in here? Am I off-base or do you feel this is OWASP brand or vendor neutrality abuse?
> 
> I know this is a specific example, but I think it's very important to the organization. So far, I feel like I stand alone when complaining about these situations and I'd appreciate your feedback. If you have the time, please click deeper into the email below and investigate a bit. 
> 
> I am happy to back away from the issue of vendor neutrality if you think I am off base.
> 
> Thanks all,
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> ***********
> 
> 
> From: Tom Brennan <tomb at owasp.org>
> Date: Tuesday, February 12, 2013 6:56 PM
> To: "OWASPNYCMETRO-announce at meetup.com" <OWASPNYCMETRO-announce at meetup.com>
> Subject: [OWASPNYCMETRO] NYC March 13th Training
> 
> Its coming....INSTRUCTOR LED TRAINING IN NYC
> 
> Details: https://www.owasp.org/index.php/NYC
> 
> As a special introduction to the SpiderLabs instructor led course I would like to extend to you a $500 discount code “TRUSTWAVE_500OFF” to be used during check-out.
> 
> Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)
> This class provides security developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities.
> 
> For more information on the (3) training classes available visit:
> 
> https://www.owasp.org/index.php/NYC
> 
> 
> Have additional questions? 
> 
> Call 973-202-0122 to discuss
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list