[Owasp-leaders] OWASP Guidelines Questions

Bev Corwin bev.corwin at owasp.org
Fri Jan 30 14:57:17 UTC 2015


Thanks Noreen, Yes, something like that, and to add to that, what about
open source projects? Do we treat everyone like vendors? Or do we have a
way to include them as they are?

On Fri, Jan 30, 2015 at 9:54 AM, Noreen Whysel <noreen.whysel at owasp.org>
wrote:

> Seba, It was Bev who asked what if there are no vendors. I believe what
> she is asking is, are non-vendors supposed to refrain from promoting their
> cause, agency, etc. in presentations given at OWASP events? Ie., downplay
> or hide logos, services, etc.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Jan 30, 2015, at 2:06 AM, Seba <seba at owasp.org> wrote:
>
> hi Jim,
>
> I was just wondering what Noreen means with "what if there are not any
> vendors".
> If there really were no vendors, OWASP would have to run on half its
> current budget as the majority of the foundation income is from "corporate"
> (ie vendor) membership (directly and through conference sponsoring).
>
> Besides that most of the people on this list do work for a vendor or
> appsec service provider (including myself).
>
> For the rest I am well aware of our vendor neutrality, and I fully
> support it.
>
> kind regards
>
> Seba
>
> On Fri Jan 30 2015 at 7:28:40 AM Jim Manico <jim.manico at owasp.org> wrote:
>
>> Seba,
>>
>> Vendor neutrality means we give no special treatment to any one vendor.
>> Also, OWASP is vendor agnostic in that is does not endorse any commercial
>> product or service.
>>
>> Section 1.0.3 in the OWASP bylaws:
>>
>> INTEGRITY: OWASP is an honest and truthful, •••vendor agnostic•••,
>> global community
>>   Other phrases in OWASPs mission statements:
>>
>> "free from commercial pressures"
>>
>> "OWASP is not affiliated with any technology company"
>>
>> "All of our materials are under a free and open license"
>>
>> Chapter rules dictate "no vendor pitches" at chapter meetings.
>>
>> Our conference speaker agreements ban commercial/vendor talks.
>>
>> Thank you for following the spirit of our charity by focusing on free and
>> open application security material!
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jan 29, 2015, at 9:49 PM, Seba <seba at owasp.org> wrote:
>>
>> hi,
>>
>> not sure where this is leading to, but being vendor neutral does not mean
>> there are no vendors.
>> we cannot just ignore them, and - on a positive note - push them to be
>> part of the solution
>>
>> regards
>>
>> Seba
>>
>> On Fri Jan 30 2015 at 2:21:20 AM Bev Corwin <bev.corwin at owasp.org> wrote:
>>
>>> Thanks Noreen,
>>>
>>> And... what if there are not any vendors - All are non profits,
>>> consortia, academic institutions, or agencies? Not a vendor in sight.
>>> Thoughts?
>>>
>>> Best wishes,
>>> Bev
>>>
>>>
>>> On Thu, Jan 29, 2015 at 4:47 PM, Noreen Whysel <noreen.whysel at owasp.org>
>>> wrote:
>>>
>>>> Hi Bev,
>>>>
>>>> Thanks for bringing this up. Guidelines review is something I am
>>>> working on right now.
>>>>
>>>> Just to clarify to those on the list, I spoke to Bev just now and she
>>>> is asking specifically about presentation at events, not the projects
>>>> themselves or in the intended audience/users of OWASP tools.
>>>>
>>>> OWASP should be entirely vendor neutral and I believe the guidelines
>>>> reflect that, though I am only beginning my review and see places where
>>>> clarification would be helpful. We have presentation templates that can be
>>>> used for events in the Branding Resources section of the wiki. If there is
>>>> a concern that a presentation may not comply you can ask presenters to use
>>>> an OWASP template or you can always review presentations before the
>>>> date of the event.
>>>>
>>>> I certainly would like opinions, tips and tricks from everyone on
>>>> issues like this. How do you ensure vendor neutrality in projects and
>>>> meetings?
>>>>
>>>> Noreen Whysel
>>>> Community Manager
>>>> OWASP Foundation
>>>>
>>>> On Thu, Jan 29, 2015 at 3:52 PM, Bev Corwin <bev.corwin at owasp.org>
>>>> wrote:
>>>>
>>>>> Dear OWASP Leaders,
>>>>>
>>>>> Are the OWASP guidelines intended to be the same for other non profit
>>>>> organizations? What about agencies? What about consortia? What about Open
>>>>> Source Projects?
>>>>>
>>>>> I notice somewhat of a "commercial" focus in the guidelines. Are they
>>>>> intended mostly for commercial entities? Thank you in advance.
>>>>>
>>>>> Best wishes,
>>>>> Bev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150130/be806a04/attachment.html>


More information about the OWASP-Leaders mailing list