[Owasp-leaders] [Owasp-board] OWASP Benchmark project - potential conflict of interest

Andre Gironda andreg+owasp at gmail.com
Thu Nov 26 21:32:54 UTC 2015


On Thu, Nov 26, 2015 at 12:09 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> I would be happy to provide an update.
>
> Matt Konda and Dave Wichers, the Benchmark Project Leader, had a
> conversation a few weeks back. To summarize their conversation, Dave
> acknowledges the currently lack of diversity in his project and it is his
> sincere desire to drive more people to it to help.

>From my perspective, this is a core project that has the potential for the
best outcomes. Every appsec program -- every infosec program -- leads with
tool(s) instead of people. Business owners and app owners want
business-as-usual portal(s) for the everyday uninitiated portal user. I
emphasize my parenthetical use of the plural (i.e., (s)'s) because many
times only one tool is chosen, or [at best?] chosen for a few quarters and
then migrated entirely to a new [often worse?] tool.

What both Aspect and Contrast have contributed should be encouraged more.
These vendors are _contributing_ forward-looking solutions that get to the
root cause of obstacles in application security.

So what do we give them? A reward? No -- we give them more obstacles? The
vendors who have a seat to the table

> Josh Sokol and Jeff Williams, the CTO of Contrast, had a conversation a
few
> weeks back. To summarize their conversation, Jeff believes that the work
> that Dave is doing on the Benchmark is a game changer in that it gives
OWASP
> the power in dictating what these tools need to be finding. He wants the
> Benchmark to be successful and understands that it needs to be diverse in
> order to be trusted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151126/8e563164/attachment.html>


More information about the OWASP-Leaders mailing list