[Owasp-leaders] Vendor Neutrality

Matteo Meucci matteo.meucci at owasp.org
Thu Feb 14 15:35:41 UTC 2013


I think there is an interesting key point for OWASP here.

Some leaders think that this promotion is ok, some leaders think NO.
Also I see that some projects are completely open (for example using
mailing list, wiki to edit the state of the project, ecc.) and some
projects that are more closed. Someone still uses his Company template
for the presentations talking about OWASP and so on.

I propose a new OWASP Global Committees that should drive and monitor
all the contents on the OWASP site and documents. This Committees
represents the OWASP way to create an OWASP output (documents,
presentations, wiki, ecc.) and should maintain a page with all the rules
that are implemented during his work.

For this single rule 'Is it possible to promote not OWASP Trainings on
Chapters site?' I propose to vote. Then all the Chapters must adopt this
new shared rule.

What do you think about that?

Thanks,
Mat

On 02/14/2013 04:31 PM, Jim Manico wrote:
>> Even folks on this list who give
> away "free" classes are simply obtaining contacts for consultancy and
> product sales down the road.
> 
> I've been doing significant free training in the OWASP community. For
> example, Eoin and I are delivering a large free training at RSA and
> they offered us a badge zapper for lead collection. We said "No way,
> this is an OWASP event where we are representing OWASP. No way."
> 
> Folks may not agree with my stance here and I'm ok with that, but I
> try to practice what I preach. Heck Eric, I've sponsored Chapter
> meetings and brought sales folks from my employer (everyone is free to
> participate) with me, but I ask them not to pitch and not to bring
> marketing material, even when they sponsor food. Just listen and meet
> folks.
> 
> My philosophy is: contribute, serve the OWASP mission, respect the
> ethical guidelines, and deliver free talks and trainings in a vendor
> neutral way. This is NOT being goody-2-shoes, it's also good for
> business. Folks want to do business with you when you respect OWASP
> and demonstrate appropriate ethics.
> 
> And yes, my affiliation with OWASP has radically helped my career and
> I've personally done well the past few years. This is why I started
> 2012 by contributing 1000$ of my personal funds to OWASP. I challenge
> the board and other leaders who can afford it to do the same.
> 
> Also, the board has a legal/fiduciary and financial responsibility to
> uphold the principles of a non-profit 501c3. We have been audited by
> accountants in the past who said we were ok. But there are things that
> accountants looking at numbers on paper will never see.
> 
> I for one am going to continue to do my best as a board member (and
> just as someone who really loves OWASP) to uphold the values of vendor
> neutrality.
> 
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Feb 14, 2013, at 6:54 AM, Eric Sheridan <eric.sheridan at owasp.org> wrote:
> 
>> Even folks on this list who give
>> away "free" classes are simply obtaining contacts for consultancy and
>> product sales down the road.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the OWASP-Leaders mailing list