[Owasp-leaders] OWASP Guidelines Questions
jim.manico at owasp.org
Fri Jan 30 06:28:36 UTC 2015
Vendor neutrality means we give no special treatment to any one vendor.
Also, OWASP is vendor agnostic in that is does not endorse any commercial
product or service.
Section 1.0.3 in the OWASP bylaws:
INTEGRITY: OWASP is an honest and truthful, •••vendor agnostic•••, global
Other phrases in OWASPs mission statements:
"free from commercial pressures"
"OWASP is not affiliated with any technology company"
"All of our materials are under a free and open license"
Chapter rules dictate "no vendor pitches" at chapter meetings.
Our conference speaker agreements ban commercial/vendor talks.
Thank you for following the spirit of our charity by focusing on free and
open application security material!
On Jan 29, 2015, at 9:49 PM, Seba <seba at owasp.org> wrote:
not sure where this is leading to, but being vendor neutral does not mean
there are no vendors.
we cannot just ignore them, and - on a positive note - push them to be part
of the solution
On Fri Jan 30 2015 at 2:21:20 AM Bev Corwin <bev.corwin at owasp.org> wrote:
> Thanks Noreen,
> And... what if there are not any vendors - All are non profits, consortia,
> academic institutions, or agencies? Not a vendor in sight. Thoughts?
> Best wishes,
> On Thu, Jan 29, 2015 at 4:47 PM, Noreen Whysel <noreen.whysel at owasp.org>
>> Hi Bev,
>> Thanks for bringing this up. Guidelines review is something I am working
>> on right now.
>> Just to clarify to those on the list, I spoke to Bev just now and she is
>> asking specifically about presentation at events, not the projects
>> themselves or in the intended audience/users of OWASP tools.
>> OWASP should be entirely vendor neutral and I believe the guidelines
>> reflect that, though I am only beginning my review and see places where
>> clarification would be helpful. We have presentation templates that can be
>> used for events in the Branding Resources section of the wiki. If there is
>> a concern that a presentation may not comply you can ask presenters to use
>> an OWASP template or you can always review presentations before the date
>> of the event.
>> I certainly would like opinions, tips and tricks from everyone on issues
>> like this. How do you ensure vendor neutrality in projects and meetings?
>> Noreen Whysel
>> Community Manager
>> OWASP Foundation
>> On Thu, Jan 29, 2015 at 3:52 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>> Dear OWASP Leaders,
>>> Are the OWASP guidelines intended to be the same for other non profit
>>> organizations? What about agencies? What about consortia? What about Open
>>> Source Projects?
>>> I notice somewhat of a "commercial" focus in the guidelines. Are they
>>> intended mostly for commercial entities? Thank you in advance.
>>> Best wishes,
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders