[Owasp-leaders] OWASP Guidelines Questions
seba at owasp.org
Fri Jan 30 07:06:08 UTC 2015
I was just wondering what Noreen means with "what if there are not any
If there really were no vendors, OWASP would have to run on half its
current budget as the majority of the foundation income is from "corporate"
(ie vendor) membership (directly and through conference sponsoring).
Besides that most of the people on this list do work for a vendor or appsec
service provider (including myself).
For the rest I am well aware of our vendor neutrality, and I fully support
On Fri Jan 30 2015 at 7:28:40 AM Jim Manico <jim.manico at owasp.org> wrote:
> Vendor neutrality means we give no special treatment to any one vendor.
> Also, OWASP is vendor agnostic in that is does not endorse any commercial
> product or service.
> Section 1.0.3 in the OWASP bylaws:
> INTEGRITY: OWASP is an honest and truthful, •••vendor agnostic•••, global
> Other phrases in OWASPs mission statements:
> "free from commercial pressures"
> "OWASP is not affiliated with any technology company"
> "All of our materials are under a free and open license"
> Chapter rules dictate "no vendor pitches" at chapter meetings.
> Our conference speaker agreements ban commercial/vendor talks.
> Thank you for following the spirit of our charity by focusing on free and
> open application security material!
> Jim Manico
> (808) 652-3805
> On Jan 29, 2015, at 9:49 PM, Seba <seba at owasp.org> wrote:
> not sure where this is leading to, but being vendor neutral does not mean
> there are no vendors.
> we cannot just ignore them, and - on a positive note - push them to be
> part of the solution
> On Fri Jan 30 2015 at 2:21:20 AM Bev Corwin <bev.corwin at owasp.org> wrote:
>> Thanks Noreen,
>> And... what if there are not any vendors - All are non profits,
>> consortia, academic institutions, or agencies? Not a vendor in sight.
>> Best wishes,
>> On Thu, Jan 29, 2015 at 4:47 PM, Noreen Whysel <noreen.whysel at owasp.org>
>>> Hi Bev,
>>> Thanks for bringing this up. Guidelines review is something I am working
>>> on right now.
>>> Just to clarify to those on the list, I spoke to Bev just now and she is
>>> asking specifically about presentation at events, not the projects
>>> themselves or in the intended audience/users of OWASP tools.
>>> OWASP should be entirely vendor neutral and I believe the guidelines
>>> reflect that, though I am only beginning my review and see places where
>>> clarification would be helpful. We have presentation templates that can be
>>> used for events in the Branding Resources section of the wiki. If there is
>>> a concern that a presentation may not comply you can ask presenters to use
>>> an OWASP template or you can always review presentations before the
>>> date of the event.
>>> I certainly would like opinions, tips and tricks from everyone on issues
>>> like this. How do you ensure vendor neutrality in projects and meetings?
>>> Noreen Whysel
>>> Community Manager
>>> OWASP Foundation
>>> On Thu, Jan 29, 2015 at 3:52 PM, Bev Corwin <bev.corwin at owasp.org>
>>>> Dear OWASP Leaders,
>>>> Are the OWASP guidelines intended to be the same for other non profit
>>>> organizations? What about agencies? What about consortia? What about Open
>>>> Source Projects?
>>>> I notice somewhat of a "commercial" focus in the guidelines. Are they
>>>> intended mostly for commercial entities? Thank you in advance.
>>>> Best wishes,
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders