[Owasp-leaders] OWASP Guidelines Questions

Seba seba at owasp.org
Fri Jan 30 15:05:08 UTC 2015


hi Bev,

ah, now I understand your question (I think :-) )
non profits, consortia, academic institutions, or agencies can indeed be
commercial and "over sell" their solution / product.
I think it is safe indeed to extend our vendor-neutral policy to a broader
scope

kind regards

Seba



On Fri Jan 30 2015 at 3:57:18 PM Bev Corwin <bev.corwin at owasp.org> wrote:

> Thanks Noreen, Yes, something like that, and to add to that, what about
> open source projects? Do we treat everyone like vendors? Or do we have a
> way to include them as they are?
>
> On Fri, Jan 30, 2015 at 9:54 AM, Noreen Whysel <noreen.whysel at owasp.org>
> wrote:
>
>> Seba, It was Bev who asked what if there are no vendors. I believe what
>> she is asking is, are non-vendors supposed to refrain from promoting their
>> cause, agency, etc. in presentations given at OWASP events? Ie., downplay
>> or hide logos, services, etc.
>>
>> Noreen Whysel
>> Community Manager
>> OWASP Foundation
>>
>> On Jan 30, 2015, at 2:06 AM, Seba <seba at owasp.org> wrote:
>>
>> hi Jim,
>>
>> I was just wondering what Noreen means with "what if there are not any
>> vendors".
>> If there really were no vendors, OWASP would have to run on half its
>> current budget as the majority of the foundation income is from "corporate"
>> (ie vendor) membership (directly and through conference sponsoring).
>>
>> Besides that most of the people on this list do work for a vendor or
>> appsec service provider (including myself).
>>
>> For the rest I am well aware of our vendor neutrality, and I fully
>> support it.
>>
>> kind regards
>>
>> Seba
>>
>> On Fri Jan 30 2015 at 7:28:40 AM Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Seba,
>>>
>>> Vendor neutrality means we give no special treatment to any one vendor.
>>> Also, OWASP is vendor agnostic in that is does not endorse any commercial
>>> product or service.
>>>
>>> Section 1.0.3 in the OWASP bylaws:
>>>
>>> INTEGRITY: OWASP is an honest and truthful, •••vendor agnostic•••,
>>> global community
>>>   Other phrases in OWASPs mission statements:
>>>
>>> "free from commercial pressures"
>>>
>>> "OWASP is not affiliated with any technology company"
>>>
>>> "All of our materials are under a free and open license"
>>>
>>> Chapter rules dictate "no vendor pitches" at chapter meetings.
>>>
>>> Our conference speaker agreements ban commercial/vendor talks.
>>>
>>> Thank you for following the spirit of our charity by focusing on free
>>> and open application security material!
>>>
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Jan 29, 2015, at 9:49 PM, Seba <seba at owasp.org> wrote:
>>>
>>> hi,
>>>
>>> not sure where this is leading to, but being vendor neutral does not
>>> mean there are no vendors.
>>> we cannot just ignore them, and - on a positive note - push them to be
>>> part of the solution
>>>
>>> regards
>>>
>>> Seba
>>>
>>> On Fri Jan 30 2015 at 2:21:20 AM Bev Corwin <bev.corwin at owasp.org>
>>> wrote:
>>>
>>>> Thanks Noreen,
>>>>
>>>> And... what if there are not any vendors - All are non profits,
>>>> consortia, academic institutions, or agencies? Not a vendor in sight.
>>>> Thoughts?
>>>>
>>>> Best wishes,
>>>> Bev
>>>>
>>>>
>>>> On Thu, Jan 29, 2015 at 4:47 PM, Noreen Whysel <noreen.whysel at owasp.org
>>>> > wrote:
>>>>
>>>>> Hi Bev,
>>>>>
>>>>> Thanks for bringing this up. Guidelines review is something I am
>>>>> working on right now.
>>>>>
>>>>> Just to clarify to those on the list, I spoke to Bev just now and she
>>>>> is asking specifically about presentation at events, not the projects
>>>>> themselves or in the intended audience/users of OWASP tools.
>>>>>
>>>>> OWASP should be entirely vendor neutral and I believe the guidelines
>>>>> reflect that, though I am only beginning my review and see places where
>>>>> clarification would be helpful. We have presentation templates that can be
>>>>> used for events in the Branding Resources section of the wiki. If there is
>>>>> a concern that a presentation may not comply you can ask presenters to use
>>>>> an OWASP template or you can always review presentations before the
>>>>> date of the event.
>>>>>
>>>>> I certainly would like opinions, tips and tricks from everyone on
>>>>> issues like this. How do you ensure vendor neutrality in projects and
>>>>> meetings?
>>>>>
>>>>> Noreen Whysel
>>>>> Community Manager
>>>>> OWASP Foundation
>>>>>
>>>>> On Thu, Jan 29, 2015 at 3:52 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Dear OWASP Leaders,
>>>>>>
>>>>>> Are the OWASP guidelines intended to be the same for other non profit
>>>>>> organizations? What about agencies? What about consortia? What about Open
>>>>>> Source Projects?
>>>>>>
>>>>>> I notice somewhat of a "commercial" focus in the guidelines. Are they
>>>>>> intended mostly for commercial entities? Thank you in advance.
>>>>>>
>>>>>> Best wishes,
>>>>>> Bev
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150130/26041f5a/attachment-0001.html>


More information about the OWASP-Leaders mailing list