[Owasp-leaders] Vendor Neutrality

Eric Sheridan eric.sheridan at owasp.org
Thu Feb 14 15:54:11 UTC 2013


Yes - you're right!

Sincerely,
Eric Sheridan
(twitter) @eric_sheridan
(blog) http://ericsheridan.blogspot.com

On 2/14/13 10:46 AM, Paolo Perego wrote:
> You comment yourself 
> 
> "static analysis is fun... again"
> Owasp Orizon project leader: http://orizon.sf.net
> Owasp Italy R&D director
> 
> On 14/feb/2013, at 16:37, Eric Sheridan <eric.sheridan at owasp.org> wrote:
> 
>>>> prove your accuses or fine tune your writing
>>
>> I have nothing to prove and I'll keep my writing as is - thanks.
>>
>>>> This is pretty different than being not vendor independent
>>
>> Completely disagree. I've sat through and taught several more that do
>> very much push vendor specific solutions.
>>
>>>> I'm pretty sure that Tom would explain his point of view but the
>> philosophy "let all of us use the brand Owasp in the way we love most
>> since we must pay bills" is something I don't think is in the original
>> idea of the Owasp itself
>>
>> I didn't say that was the original idea of OWASP (but I could make an
>> argument that some of the original folks felt that way) so please don't
>> use quotes as if I stated that when you are simply trying to interpret
>> my message.
>>
>> While folks may publicly push the idea of a "pure and open" community,
>> the fact of the matter is folks naturally inject references about their
>> professional services/products to their contributions... the "Project
>> Sponsored By [company here]"... the use of company slides and company
>> references in all presentations (ex: sponsored by... who we
>> [company/consultancy] are...), the use of a company name in a coupon
>> code... when a company kindly donates some of their proprietary material
>> to the community but hosts it on their servers with their company's host
>> name, we use/built/offer [product name] to overcome/deal with this
>> challenge... and the list could go on.
>>
>> Again - the message (which you can quote) is that:
>>
>> (from original email)
>>
>> People need the ability to promote themselves or
>> their company to some extent, as long as it is not "blatant abuse" of
>> the brand which needs to be defined [and enforced] if not done so already.
>>
>> Sincerely,
>> Eric Sheridan
>> (twitter) @eric_sheridan
>> (blog) http://ericsheridan.blogspot.com
>>
>> On 2/14/13 10:19 AM, Paolo Perego wrote:
>>> On Thu, Feb 14, 2013 at 3:56 PM, Eric Sheridan <eric.sheridan at owasp.org
>>> <mailto:eric.sheridan at owasp.org>> wrote:
>>>
>>>    I'm fairly certain everybody (no exclusions) uses OWASP to promote their
>>>    own agenda, whether it be to sell a product, sell a service, push a
>>>    topic, enforce some sexy new attack name or yet another taxonomy... or
>>>
>>>
>>> Eric, before making such a strong statement take every single project
>>> leader and prove your accuses or fine tune your writing.
>>> I'm pretty sure that there are a lot of respectable security
>>> professionals still honoring the O as Open and that makes a clear
>>> distinction between their job that pay bills and their Owasp contribution.
>>>
>>>    companies or individual consultants. Even folks on this list who give
>>>    away "free" classes are simply obtaining contacts for consultancy and
>>>    product sales down the road.
>>>
>>> This is pretty different than being not vendor independent.
>>>
>>>
>>>    Accept this and move on...
>>>
>>> Completely disagree.
>>> I'm pretty sure that Tom would explain his point of view but
>>> the philosophy "let all of us use the brand Owasp in the way we love
>>> most since we must pay bills" is something I don't think is in the
>>> original idea of the Owasp itself.
>>>
>>> Please, any board member can confirm that Eric's vision is correct?
>>>
>>> Paolo
>>>
>>> -- 
>>> "... static analysis is fun, again!"
>>>
>>> OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon
>>> OWASP Esapi Ruby project leader,
>>> https://github.com/thesp0nge/owasp-esapi-ru
>>> <https://github.com/thesp0nge/owasp-esapi-ruby>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list