[Owasp-leaders] Vendor Neutrality

Eoin eoin.keary at owasp.org
Thu Feb 14 23:57:55 UTC 2013


99% well said Tom.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 14 Feb 2013, at 16:16, Tom Brennan <tomb at owasp.org> wrote:

> Happy to be the conduit to discussion; for those that know me i have a really have a thick skin and enjoy a good debate. Plus free speach is only valuable with actual free speech.  I prefer face to face debate myself.. But if this Internet thing ever catches on things may change ;)
> 
> So here's my 5 cents on the topic.
> 
> Business buyers buy based on knowing liking and in this business TRUST. Technologists don't buy they research, collaborate, recommend and produce.
> 
> Established TRUST 
> https://www.owasp.org/index.php/Industry:Citations#National_.26_International_Legislation.2C_Standards.2C_Guidelines.2C_Committees_and_Industry_Codes_of_Practice
> 
> #OWASP for technologists (builders, breakers and defenders) is Switzerland and without NDA for any individuals at any stage in career no matter who they work for today, tomorrow or acquire a platform to help the awareness of the software issue, collaborative with the best minds in the world and with passion contribute tools, and lifelong marks from guides tools. This should be no surprise to anyone on this list.
> 
> I had replied privately to those persons directly associated with about whacking the WASP nest to save more inbox work.. However as this thread closes I wanted to be clear that every day in everything we do is about personal honor and integrity.
> 
> Look forward to the next big public session and for those planning on #RSA don't miss Eoin and Jim @ RSA (for those that don't know the largest commercial conference in the world that also has a co-marketing agreement with OWASP) 
> 
> http://www.rsaconference.com/events/2013/usa/agenda/monday-events.htm#owasp
> 
> As well as the Global AppSec ( https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference ) events to collaborate in person.
> 
> For those that like to poke the furry bear(s) Jim and I will get to spend a bunch of time together in Korea and I'm looking forward to it https://www.owasp.org/index.php/AppSecAsiaPac2013
> 
> Semper Fi
> Tom Brennan
> 
> ==== 
> For the record here is the private response to connect a dot on philosophy from a more current post
> 
>> First my apologies to Ryan in getting pulled into this thread as he and the SpiderLabs R&D team is not even delivering the training class in this thread.
>> 
>>  
>> 
>> Second, the training initiative that is being offered in NYC is a pilot program that OWASP Foundation has approved as a “local event” and had entered into a contractual requirement for over 14k with a hotel to host the training. 
>> 
>>  
>> 
>> Third the CFT for the local effort was held by the chapter and the best candidates were selected in preparation for what will be 5+ 2 day training classes at AppSecUSA 2013. That also has local support including.  Both myself and Peter Dean (Aspect) removed ourselves from the process of selection and that was left to the committee
>> 
>>  
>> 
>> Forth, the goal of the local chapter training effort was revenue for the chapter.  In the spirit of the chapter split model, 60% of the profit of a training class goes to the trainer and 40% to the local chapter 10% of the 40% is collected by OWASP Foundation for shared services like people (staff) and technology (Cevent etc..)
>> 
>>  
>> 
>> Fifth, all three courses have had low amounts of students enroll.  Supporters were contacted and asked if they would be willing to offer a lower fee via discount code on their courses to raise the enrollment.  This discount (in this case the $500 would come from the PROFIT that the training would make NOT  OWASP.) they agreed.
>> 
>>  
>> 
>> Sixth, after conferencing with the OWASP staff, the hotel and involved parties we agreed to perform a campaign blitz that would include a OWASP Code of $100 off (the OWASP Profit) as well as the use of vendor discount codes.  This started on 13-Feb-2012 email, twitter etc.
>> 
>>  
>> 
>> Seventh, in line with the mission of OWASP rising visibility all parties have worked together in a very open way with a common goal and pilot program for AppSecUSA.
>> 
>>  
>> 
>> Eighth as noted on the second item. OWASP NYC and NOT OWASP FOUNDATION is on the hook for 14k in contracted fees.  If the training class fails to meet the revenue or costs associated with the large amount TIME of logistics or effort that will directly impact our chapter balance as posted here:https://www.owasp.org/index.php/Donation_Scoreboard
>> 
>>  
>> 
>> Ninth OWASP is about experimentation and in all places it has been very very clear about the course details I think you would agree if you have been following it on OWASP public board meetings status, news groups, discussion and even at the OWASP meeting in NYC that you presented at (Goldman Sacs) the approach mirrored of AppSec’s without the conference component and as experimented in 2012 see:https://www.owasp.org/index.php/OWASP_Training_Schedules
>> 
>>  
>> 
>> Tenth, there is no violation here in any way especially the chapter handbookhttps://www.owasp.org/index.php/Category:Chapter_Handbook and as a colleague in a very small industry that you TXT page when you can’t get into one of the NYC meetings as the RSVP is full and you need a favor to get in.. I guess I just don’t understand why a phone call to discuss your perception is out of the question so a discussion can happen.  Appears to me as a personal attack and frankly that’s not cool – you know me much better than that.
>> 
>>  
>> 
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130214/fd82d593/attachment.html>


More information about the OWASP-Leaders mailing list