[Owasp-leaders] Vendor Neutrality

Eric Sheridan eric.sheridan at owasp.org
Thu Feb 14 15:37:37 UTC 2013


>> prove your accuses or fine tune your writing

I have nothing to prove and I'll keep my writing as is - thanks.

>> This is pretty different than being not vendor independent

Completely disagree. I've sat through and taught several more that do
very much push vendor specific solutions.

>> I'm pretty sure that Tom would explain his point of view but the
philosophy "let all of us use the brand Owasp in the way we love most
since we must pay bills" is something I don't think is in the original
idea of the Owasp itself

I didn't say that was the original idea of OWASP (but I could make an
argument that some of the original folks felt that way) so please don't
use quotes as if I stated that when you are simply trying to interpret
my message.

While folks may publicly push the idea of a "pure and open" community,
the fact of the matter is folks naturally inject references about their
professional services/products to their contributions... the "Project
Sponsored By [company here]"... the use of company slides and company
references in all presentations (ex: sponsored by... who we
[company/consultancy] are...), the use of a company name in a coupon
code... when a company kindly donates some of their proprietary material
to the community but hosts it on their servers with their company's host
name, we use/built/offer [product name] to overcome/deal with this
challenge... and the list could go on.

Again - the message (which you can quote) is that:

(from original email)

People need the ability to promote themselves or
their company to some extent, as long as it is not "blatant abuse" of
the brand which needs to be defined [and enforced] if not done so already.

Sincerely,
Eric Sheridan
(twitter) @eric_sheridan
(blog) http://ericsheridan.blogspot.com

On 2/14/13 10:19 AM, Paolo Perego wrote:
> On Thu, Feb 14, 2013 at 3:56 PM, Eric Sheridan <eric.sheridan at owasp.org
> <mailto:eric.sheridan at owasp.org>> wrote:
> 
>     I'm fairly certain everybody (no exclusions) uses OWASP to promote their
>     own agenda, whether it be to sell a product, sell a service, push a
>     topic, enforce some sexy new attack name or yet another taxonomy... or
> 
> 
> Eric, before making such a strong statement take every single project
> leader and prove your accuses or fine tune your writing.
> I'm pretty sure that there are a lot of respectable security
> professionals still honoring the O as Open and that makes a clear
> distinction between their job that pay bills and their Owasp contribution.
> 
>     companies or individual consultants. Even folks on this list who give
>     away "free" classes are simply obtaining contacts for consultancy and
>     product sales down the road.
> 
> This is pretty different than being not vendor independent.
>  
> 
>     Accept this and move on...
> 
> Completely disagree.
> I'm pretty sure that Tom would explain his point of view but
> the philosophy "let all of us use the brand Owasp in the way we love
> most since we must pay bills" is something I don't think is in the
> original idea of the Owasp itself.
> 
> Please, any board member can confirm that Eric's vision is correct?
> 
> Paolo
> 
> -- 
> "... static analysis is fun, again!"
> 
> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
> OWASP Esapi Ruby project leader,
> https://github.com/thesp0nge/owasp-esapi-ru
> <https://github.com/thesp0nge/owasp-esapi-ruby>


More information about the OWASP-Leaders mailing list