[Owasp-leaders] OWASP and Vendor Neutrality

Jim Manico jim.manico at owasp.org
Sat Jan 31 20:40:47 UTC 2015


I too want to see OWASP funded by non-commercial means. But right now we 
are heavily funded by vendors and that is not necessarily a bad thing. 
Keep in mind that vendor neutrality does not mean "do not work with 
vendors" in fact, quite the contrary. It says than when you DO work with 
vendors, do so in a neutral way that does not give preference to any one 

On this note, we want to make sure that OWASP does not get entangled in 
commercial relationships that damages our commitment to vendor neutral, 
unbiased opinions about technical matters in application security. I 
feel we have pretty clear rules of play for vendors (which I am one of 

So while we do NOT allow ANY speakers to give direct vendor pitches, 
many speakers talk about the technology they work on commercially in a 
neutral non-commercial way using an open deck that is open source 
(creative commons).  For example, go ahead and talk about WAF 
technology, but don't talk about your specific product line.  We never 
offer vendors a chance to speak on commercial products, even if they 
pay. This is all all codified in our conference and speaker policy 
https://www.owasp.org/index.php/Speaker_Agreement . I have seen vendors 
give pitches at some chapter meetings, the do sneak in, but this is 
against OWASP chapter policy 
https://www.owasp.org/images/d/dc/OWASP_Chapter_Handbook_Ch_V2.pdf . I 
have also seen vendors tout their products at conferences as a speaker 
(they sneak in) and we have banned a few speakers for a limited time 
because of this.

_*The fact that our staff is expressing commitment to vendor neutrality 
while trying to tighten up those rules is very encouraging.*_ The fact 
that some are concerned about staffs work on vendor neutrality is very 
disconcerting to me as a board member with a fiduciary duty to protect 
the foundation.

Bev, is this helpful?

Jim Manico
OWASP Board Member

On 1/30/15 5:35 PM, Bev Corwin wrote:
> Agreed, Time for an Financial Endowment: 
> https://en.wikipedia.org/wiki/Financial_endowment
> On Fri, Jan 30, 2015 at 8:06 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>     A compelling argument to fund security non-profits from (of all
>     places) Forbes.
>     http://www.forbes.com/sites/frontline/2015/01/25/cybersecurity-non-profits-should-be-americas-secret-weapon-in-obamas-cyberwar-plan/
>     If anyone has White House connections, can you please let them
>     know that a measly 10 mil would help us do a lot more to serve the
>     mission of raising application security awareness...
>     Aloha and Happy TLS Excellence Friday,
>     Jim Manico
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150131/1c89f1f9/attachment.html>

More information about the OWASP-Leaders mailing list