[Owasp-leaders] Vendor Neutrality

Dennis Groves dennis.groves at owasp.org
Thu Feb 14 15:56:23 UTC 2013

On 14 Feb 2013, at 15:19, Paolo Perego wrote:

> I'm pretty sure that Tom would explain his point of view but 
> the philosophy "let all of us use the brand Owasp in the way we love 
> most since we must pay bills" is something I don't think is in the 
> original idea of the Owasp itself.

I can confirm your belief Paolo. From the beginning:

## OWASP Mission:

Application security is still relatively immature and there is 
significant FUD (Fear, Uncertainty and Doubt) being purveyed by the 
industry. This project aims to be an open source reference point for 
system architects, developers, vendors, consumers and security 
professionals involved in the Design, Development, Deployment and 
Testing the security of web applications and web services. Security 
professionals will be able to use the work to incorporate in their work. 
Security vendors will be able to base services and software on this 
project and consumers will be able to baseline and test applications or 
services they receive.

## OWASP Founders:

OWASP is a community effort where work is contributed by **volunteers**. 
We are currently in the process of registering OWASP as a charitable 
foundation and have recently engaged a funding company to lobby for 
appropriate funding to further the work.

- The Chair of the project is Mark Curphey who moderates the webappsec 
mailing list at securityfocus.com.
- The Vice Chair of the project is Dennis Groves who is currently 
engaged in developing public speaking material and presentations for 
- The web site and content manager is Kevin Jeong who is responsible for 
all web site development as well as editing and publishing all content.
- The Industry Robert "Bob" Rodger runs the Industry Advisor panel
- The OWASP foundation and all business administration are managed by 
Tim Smith

## OWASP Values

I can thus speak with some authority on this subject.

OWASP was started because my employer at the time fired me for not 
participating in crimes. My employer wanted me to hack potential sales 
clients and then teach the sales people what I had done to break into 
the client without obtaining the clients permission. This way the sales 
people could tell the potential clients that their websites were so 
insecure that even a sales guy could hack it. I declined to participate; 
stating that this was a crime in the united states and was fired on the 

OWASP began as a direct result of that event. The purpose was a moral 
obligation to stop such companies from exploiting their asymmetrical 
knowledge. We (the founders) were very jaded about the security industry 
and the vast number of snake-oil salesmen in the industry.

OWASP from the beginning was an altruistic effort to make the world a 
better place through education, and I feel it still is.

I also believe that the rewards come from the respect, influence and 
opportunities gained directly from making the world a better place. I 
think that is as true 13 years later as it was when we started OWASP.


[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130214/20fde926/attachment.html>

More information about the OWASP-Leaders mailing list