[Owasp-leaders] Vendor Neutrality

Thu Feb 14 15:46:10 UTC 2013

You comment yourself 

"static analysis is fun... again"
Owasp Orizon project leader: http://orizon.sf.net
Owasp Italy R&D director

On 14/feb/2013, at 16:37, Eric Sheridan <eric.sheridan at owasp.org> wrote:

>>> prove your accuses or fine tune your writing
> 
> I have nothing to prove and I'll keep my writing as is - thanks.
> 
>>> This is pretty different than being not vendor independent
> 
> Completely disagree. I've sat through and taught several more that do
> very much push vendor specific solutions.
> 
>>> I'm pretty sure that Tom would explain his point of view but the
> philosophy "let all of us use the brand Owasp in the way we love most
> since we must pay bills" is something I don't think is in the original
> idea of the Owasp itself
> 
> I didn't say that was the original idea of OWASP (but I could make an
> argument that some of the original folks felt that way) so please don't
> use quotes as if I stated that when you are simply trying to interpret
> my message.
> 
> While folks may publicly push the idea of a "pure and open" community,
> the fact of the matter is folks naturally inject references about their
> professional services/products to their contributions... the "Project
> Sponsored By [company here]"... the use of company slides and company
> references in all presentations (ex: sponsored by... who we
> [company/consultancy] are...), the use of a company name in a coupon
> code... when a company kindly donates some of their proprietary material
> to the community but hosts it on their servers with their company's host
> name, we use/built/offer [product name] to overcome/deal with this
> challenge... and the list could go on.
> 
> Again - the message (which you can quote) is that:
> 
> (from original email)
> 
> People need the ability to promote themselves or
> their company to some extent, as long as it is not "blatant abuse" of
> the brand which needs to be defined [and enforced] if not done so already.
> 
> Sincerely,
> Eric Sheridan
> (twitter) @eric_sheridan
> (blog) http://ericsheridan.blogspot.com
> 
> On 2/14/13 10:19 AM, Paolo Perego wrote:
>> On Thu, Feb 14, 2013 at 3:56 PM, Eric Sheridan <eric.sheridan at owasp.org
>> <mailto:eric.sheridan at owasp.org>> wrote:
>> 
>>    I'm fairly certain everybody (no exclusions) uses OWASP to promote their
>>    own agenda, whether it be to sell a product, sell a service, push a
>>    topic, enforce some sexy new attack name or yet another taxonomy... or
>> 
>> 
>> Eric, before making such a strong statement take every single project
>> leader and prove your accuses or fine tune your writing.
>> I'm pretty sure that there are a lot of respectable security
>> professionals still honoring the O as Open and that makes a clear
>> distinction between their job that pay bills and their Owasp contribution.
>> 
>>    companies or individual consultants. Even folks on this list who give
>>    away "free" classes are simply obtaining contacts for consultancy and
>>    product sales down the road.
>> 
>> This is pretty different than being not vendor independent.
>> 
>> 
>>    Accept this and move on...
>> 
>> Completely disagree.
>> I'm pretty sure that Tom would explain his point of view but
>> the philosophy "let all of us use the brand Owasp in the way we love
>> most since we must pay bills" is something I don't think is in the
>> original idea of the Owasp itself.
>> 
>> Please, any board member can confirm that Eric's vision is correct?
>> 
>> Paolo
>> 
>> -- 
>> "... static analysis is fun, again!"
>> 
>> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
>> OWASP Esapi Ruby project leader,
>> https://github.com/thesp0nge/owasp-esapi-ru
>> <https://github.com/thesp0nge/owasp-esapi-ruby>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders