[Owasp-leaders] Vendor Neutrality

Andre Gironda andreg at gmail.com
Thu Feb 14 21:04:52 UTC 2013


>> OWASP is an idea, we all have tons of them but we will never make you
pay for them.
>
> Thank you, this statement means a lot to me as well. I have my personal
limits of what I can handle commercially at OWASP. In the spirit of the
mission, I have been delivering free developer security training at
different OWASP events. I think this is directly in line with our mission.

Free training, available in handicap-friendly and
public-transportation-friendly locations. If somebody has a "special
request" for a local chapter: we need to be able to fulfill that request,
as OWASP leaders and in the spirit of the OWASP community.

Speaking specifically to BSides, in my area we have decided not to pursue
using the BSides name in order to run our own "free" (funded through
KickStarter) conference called CactusCon. BSidesPHX, run for only one year,
was a huge success, but we (the planners) didn't feel that even their
platform was free and transparent enough. It's no surprise that the
planning committees for CactusCon and BSidesPHX were all leaders I met
through the OWASP Phoenix chapter.

If you really feel, as an infosec professional or app developer/tester
involved with OWASP, that you aren't able to support my concepts of
"transparency" and "free, accessible events", then you do not understand
what it is like to be an at-risk member of our modern worldwide cities,
towns, and communities. There are many people coming from "hardship
situations" who have paved the way to their first non-poverty-level job via
OWASP -- which has had significant positive impact on their quality of life
and to those around them.

What does it take to run a local OWASP chapter event? Does it take $20 or
$100 per head? $500 per head per event? No, it costs nothing. So stop
pretending like you are the at-risk individual in a hardship situation.
You're fine. You make like 6 figures. Shut up and put out.

-Andre

On Thu, Feb 14, 2013 at 9:36 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Thank you Jason.
>
> > OWASP is an idea, we all have tons of them but we will never make you
> pay for them.
>
> Thank you, this statement means a lot to me as well. I have my personal
> limits of what I can handle commercially at OWASP. In the spirit of the
> mission, I have been delivering free developer security training at
> different OWASP events. I think this is directly in line with our mission.
>
> I've been told that I might be restricted from doing this moving forward,
> because it marginalizes our paid-for training.
>
> If my hand is forced to stop doing this free training, I will have deemed
> OWASP to have jumped the shark and I will move on and throw my energy into
> BSides or the like.
>
> We are starting to worry about money, vendor relations and
> commercialization to much as a non profit, in my opinion. I think we all
> need to be reminded on a regular basis that OWASP is ethically and legally
> a non-for-profit organization whose is legally bound to serve the community
> before personal or organizational gain.
>
> Aloha,
> Jim
>
>
>
> > Dear Dear OWASP
> >
> > I'm new as a chapter leader for the okc chapter. What I LOVE about this
> > foundation is the passion and help people want to give to the community.
> > People ask me how secure am I at home when I'm online or doing website
> work
> > on my daughters computer. This is what lead me to owasp to fix up
> Oklahoma
> > to swim in this huge knowledge pool. I love owasp and will defend its
> right
> > to be open and free to learn, free to play hacker, cracker whatever.
> Above
> > all for myself and others to see how passionate we are about securing our
> > schools, businesses and lifestyles. I believe OWASP to be an attitude.
> > Joining this foundation of 3weeks has changed my outlook on security. I
> can
> > relate to the OWASP value statement. Shame on us the moment we use this
> for
> > personal gain in any form.
> >
> > If you want to come to a meeting and see energy and have some fun looking
> > at funny code or breaking my computer. Ultimately maybe learn something
> and
> > pledge some extra bucks to the foundation, thats solid.
> >
> > OWASP is an idea, we all have tons of them but we will never make you pay
> > for them.
> >
> > Love the idea
> >
> > Jason
> > On Feb 14, 2013 9:56 AM, "Dennis Groves" <dennis.groves at owasp.org>
> wrote:
> >
> >> On 14 Feb 2013, at 15:19, Paolo Perego wrote:
> >>
> >> I'm pretty sure that Tom would explain his point of view but
> >> the philosophy "let all of us use the brand Owasp in the way we love
> most
> >> since we must pay bills" is something I don't think is in the original
> idea
> >> of the Owasp itself.
> >>
> >> I can confirm your belief Paolo. From the beginning:
> >> OWASP Mission:
> >>
> >> Application security is still relatively immature and there is
> significant
> >> FUD (Fear, Uncertainty and Doubt) being purveyed by the industry. This
> >> project aims to be an open source reference point for system architects,
> >> developers, vendors, consumers and security professionals involved in
> the
> >> Design, Development, Deployment and Testing the security of web
> >> applications and web services. Security professionals will be able to
> use
> >> the work to incorporate in their work. Security vendors will be able to
> >> base services and software on this project and consumers will be able to
> >> baseline and test applications or services they receive.
> >> OWASP Founders:
> >>
> >> OWASP is a community effort where work is contributed by *volunteers*.
> We
> >> are currently in the process of registering OWASP as a charitable
> >> foundation and have recently engaged a funding company to lobby for
> >> appropriate funding to further the work.
> >>
> >>    - The Chair of the project is Mark Curphey who moderates the
> webappsec
> >>    mailing list at securityfocus.com.
> >>    - The Vice Chair of the project is Dennis Groves who is currently
> >>    engaged in developing public speaking material and presentations for
> OWASP.
> >>    - The web site and content manager is Kevin Jeong who is responsible
> >>    for all web site development as well as editing and publishing all
> content.
> >>    - The Industry Robert "Bob" Rodger runs the Industry Advisor panel
> >>    - The OWASP foundation and all business administration are managed by
> >>    Tim Smith
> >>
> >> OWASP Values
> >>
> >> I can thus speak with some authority on this subject.
> >>
> >> OWASP was started because my employer at the time fired me for not
> >> participating in crimes. My employer wanted me to hack potential sales
> >> clients and then teach the sales people what I had done to break into
> the
> >> client without obtaining the clients permission. This way the sales
> people
> >> could tell the potential clients that their websites were so insecure
> that
> >> even a sales guy could hack it. I declined to participate; stating that
> >> this was a crime in the united states and was fired on the spot.
> >>
> >> OWASP began as a direct result of that event. The purpose was a moral
> >> obligation to stop such companies from exploiting their asymmetrical
> >> knowledge. We (the founders) were very jaded about the security industry
> >> and the vast number of snake-oil salesmen in the industry.
> >>
> >> OWASP from the beginning was an altruistic effort to make the world a
> >> better place through education, and I feel it still is.
> >>
> >> I also believe that the rewards come from the respect, influence and
> >> opportunities gained directly from making the world a better place. I
> think
> >> that is as true 13 years later as it was when we started OWASP.
> >>
> >> Dennis
> >> ------------------------------
> >>
> >> Dennis Groves <http://about.me/dennis.groves>, MSc
> >> Email me <dennis.groves at owasp.org> or schedule a meeting<
> http://goo.gl/8sPIy>
> >> .
> >>
> >> *This email is licensed under a CC BY-ND 3.0<
> http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>license.
> >> *
> >>
> >> *Please do not send me Microsoft Office/Apple iWork documents.*
> >> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> >> Stand up for your freedom to install free software<
> http://www.fsf.org/campaigns/secure-boot/statement>
> >> .
> >>
> >> The idea that some lives matter less is the root of all that’s wrong
> with
> >> the world. -- Paul Farmer
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130214/1c25bd52/attachment.html>


More information about the OWASP-Leaders mailing list