[Owasp-leaders] Vendor Neutrality

Jim Manico jim.manico at owasp.org
Thu Feb 14 16:36:59 UTC 2013

Thank you Jason.

> OWASP is an idea, we all have tons of them but we will never make you pay for them.

Thank you, this statement means a lot to me as well. I have my personal limits of what I can handle commercially at OWASP. In the spirit of the mission, I have been delivering free developer security training at different OWASP events. I think this is directly in line with our mission.

I've been told that I might be restricted from doing this moving forward, because it marginalizes our paid-for training.

If my hand is forced to stop doing this free training, I will have deemed OWASP to have jumped the shark and I will move on and throw my energy into BSides or the like.

We are starting to worry about money, vendor relations and commercialization to much as a non profit, in my opinion. I think we all need to be reminded on a regular basis that OWASP is ethically and legally a non-for-profit organization whose is legally bound to serve the community before personal or organizational gain.


> Dear Dear OWASP
> I'm new as a chapter leader for the okc chapter. What I LOVE about this
> foundation is the passion and help people want to give to the community.
> People ask me how secure am I at home when I'm online or doing website work
> on my daughters computer. This is what lead me to owasp to fix up Oklahoma
> to swim in this huge knowledge pool. I love owasp and will defend its right
> to be open and free to learn, free to play hacker, cracker whatever. Above
> all for myself and others to see how passionate we are about securing our
> schools, businesses and lifestyles. I believe OWASP to be an attitude.
> Joining this foundation of 3weeks has changed my outlook on security. I can
> relate to the OWASP value statement. Shame on us the moment we use this for
> personal gain in any form.
> If you want to come to a meeting and see energy and have some fun looking
> at funny code or breaking my computer. Ultimately maybe learn something and
> pledge some extra bucks to the foundation, thats solid.
> OWASP is an idea, we all have tons of them but we will never make you pay
> for them.
> Love the idea
> Jason
> On Feb 14, 2013 9:56 AM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>> On 14 Feb 2013, at 15:19, Paolo Perego wrote:
>> I'm pretty sure that Tom would explain his point of view but
>> the philosophy "let all of us use the brand Owasp in the way we love most
>> since we must pay bills" is something I don't think is in the original idea
>> of the Owasp itself.
>> I can confirm your belief Paolo. From the beginning:
>> OWASP Mission:
>> Application security is still relatively immature and there is significant
>> FUD (Fear, Uncertainty and Doubt) being purveyed by the industry. This
>> project aims to be an open source reference point for system architects,
>> developers, vendors, consumers and security professionals involved in the
>> Design, Development, Deployment and Testing the security of web
>> applications and web services. Security professionals will be able to use
>> the work to incorporate in their work. Security vendors will be able to
>> base services and software on this project and consumers will be able to
>> baseline and test applications or services they receive.
>> OWASP Founders:
>> OWASP is a community effort where work is contributed by *volunteers*. We
>> are currently in the process of registering OWASP as a charitable
>> foundation and have recently engaged a funding company to lobby for
>> appropriate funding to further the work.
>>    - The Chair of the project is Mark Curphey who moderates the webappsec
>>    mailing list at securityfocus.com.
>>    - The Vice Chair of the project is Dennis Groves who is currently
>>    engaged in developing public speaking material and presentations for OWASP.
>>    - The web site and content manager is Kevin Jeong who is responsible
>>    for all web site development as well as editing and publishing all content.
>>    - The Industry Robert "Bob" Rodger runs the Industry Advisor panel
>>    - The OWASP foundation and all business administration are managed by
>>    Tim Smith
>> OWASP Values
>> I can thus speak with some authority on this subject.
>> OWASP was started because my employer at the time fired me for not
>> participating in crimes. My employer wanted me to hack potential sales
>> clients and then teach the sales people what I had done to break into the
>> client without obtaining the clients permission. This way the sales people
>> could tell the potential clients that their websites were so insecure that
>> even a sales guy could hack it. I declined to participate; stating that
>> this was a crime in the united states and was fired on the spot.
>> OWASP began as a direct result of that event. The purpose was a moral
>> obligation to stop such companies from exploiting their asymmetrical
>> knowledge. We (the founders) were very jaded about the security industry
>> and the vast number of snake-oil salesmen in the industry.
>> OWASP from the beginning was an altruistic effort to make the world a
>> better place through education, and I feel it still is.
>> I also believe that the rewards come from the respect, influence and
>> opportunities gained directly from making the world a better place. I think
>> that is as true 13 years later as it was when we started OWASP.
>> Dennis
>> ------------------------------
>> Dennis Groves <http://about.me/dennis.groves>, MSc
>> Email me <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>> .
>> *This email is licensed under a CC BY-ND 3.0<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>license.
>> *
>> *Please do not send me Microsoft Office/Apple iWork documents.*
>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>> Stand up for your freedom to install free software<http://www.fsf.org/campaigns/secure-boot/statement>
>> .
>> The idea that some lives matter less is the root of all that’s wrong with
>> the world. -- Paul Farmer
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list