[Owasp-leaders] Vendor Neutrality
eric.sheridan at owasp.org
Thu Feb 14 15:54:11 UTC 2013
Yes - you're right!
On 2/14/13 10:46 AM, Paolo Perego wrote:
> You comment yourself
> "static analysis is fun... again"
> Owasp Orizon project leader: http://orizon.sf.net
> Owasp Italy R&D director
> On 14/feb/2013, at 16:37, Eric Sheridan <eric.sheridan at owasp.org> wrote:
>>>> prove your accuses or fine tune your writing
>> I have nothing to prove and I'll keep my writing as is - thanks.
>>>> This is pretty different than being not vendor independent
>> Completely disagree. I've sat through and taught several more that do
>> very much push vendor specific solutions.
>>>> I'm pretty sure that Tom would explain his point of view but the
>> philosophy "let all of us use the brand Owasp in the way we love most
>> since we must pay bills" is something I don't think is in the original
>> idea of the Owasp itself
>> I didn't say that was the original idea of OWASP (but I could make an
>> argument that some of the original folks felt that way) so please don't
>> use quotes as if I stated that when you are simply trying to interpret
>> my message.
>> While folks may publicly push the idea of a "pure and open" community,
>> the fact of the matter is folks naturally inject references about their
>> professional services/products to their contributions... the "Project
>> Sponsored By [company here]"... the use of company slides and company
>> references in all presentations (ex: sponsored by... who we
>> [company/consultancy] are...), the use of a company name in a coupon
>> code... when a company kindly donates some of their proprietary material
>> to the community but hosts it on their servers with their company's host
>> name, we use/built/offer [product name] to overcome/deal with this
>> challenge... and the list could go on.
>> Again - the message (which you can quote) is that:
>> (from original email)
>> People need the ability to promote themselves or
>> their company to some extent, as long as it is not "blatant abuse" of
>> the brand which needs to be defined [and enforced] if not done so already.
>> Eric Sheridan
>> (twitter) @eric_sheridan
>> (blog) http://ericsheridan.blogspot.com
>> On 2/14/13 10:19 AM, Paolo Perego wrote:
>>> On Thu, Feb 14, 2013 at 3:56 PM, Eric Sheridan <eric.sheridan at owasp.org
>>> <mailto:eric.sheridan at owasp.org>> wrote:
>>> I'm fairly certain everybody (no exclusions) uses OWASP to promote their
>>> own agenda, whether it be to sell a product, sell a service, push a
>>> topic, enforce some sexy new attack name or yet another taxonomy... or
>>> Eric, before making such a strong statement take every single project
>>> leader and prove your accuses or fine tune your writing.
>>> I'm pretty sure that there are a lot of respectable security
>>> professionals still honoring the O as Open and that makes a clear
>>> distinction between their job that pay bills and their Owasp contribution.
>>> companies or individual consultants. Even folks on this list who give
>>> away "free" classes are simply obtaining contacts for consultancy and
>>> product sales down the road.
>>> This is pretty different than being not vendor independent.
>>> Accept this and move on...
>>> Completely disagree.
>>> I'm pretty sure that Tom would explain his point of view but
>>> the philosophy "let all of us use the brand Owasp in the way we love
>>> most since we must pay bills" is something I don't think is in the
>>> original idea of the Owasp itself.
>>> Please, any board member can confirm that Eric's vision is correct?
>>> "... static analysis is fun, again!"
>>> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
>>> OWASP Esapi Ruby project leader,
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders