[Owasp-leaders] [Owasp-board] Working toward a resolution on the Constrast Security / OWASP Benchmark fiasco

Bev Corwin bev.corwin at owasp.org
Tue Dec 1 22:24:20 UTC 2015


Having non vendor project leaders is a good idea, and all OWASP project
leaders should be as independent as possible from any specific, for profit
vendors, especially higher level Directors, owners, etc. I think that there
should be more flexibility with open source groups and non profits, but any
for profit business should only participate as a stakeholder volunteer
project team member, and not a project leader if there are any conflicts of
interests, and/or their products are under evaluation or involved in any
promotional activities at all. These lines need to be better delineated
with clear separation within the OWASP operations model. I think there is
great room for improvement overall in the current operations organizational
architecture. This can be accomplished by developing internal policies,
general restructuring, organizational development, and/or incorporating
external associated 501(c)6 & 501(c)4 organizations.

Bev

On Tue, Dec 1, 2015 at 12:07 PM, Tobias Glemser <tobias.glemser at owasp.org>
wrote:

> > Does this mean a vendor could never lead this kind of project and we
> lose all
> > the merits of the benchmark? I think if the vendor could also get 2 other
> > independent project leaders that aren't from the same vendor then maybe
> > that would work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151201/f61978ad/attachment.html>


More information about the OWASP-Leaders mailing list