[Owasp-leaders] OWASP Benchmark project - potential conflict of interest

Dinis Cruz dinis.cruz at owasp.org
Thu Oct 1 07:34:06 UTC 2015


I share Simon's concerts, I saw that PR and it really didn't look balanced
(regardless of the validity or not of the claims)

There is definitely a conflict of interest at play here
On 1 Oct 2015 1:39 am, "Timo Goosen" <timo.goosen at owasp.org> wrote:

> I don't know enough about the matter to comment on this case, but I feel
> that any situation where an OWASP project or any OWASP initiative for that
> matter, is using OWASP to promote its own business interests should be
> stopped.  We need to get rid of bad apples in OWASP.
>
> OWASP is becoming a brand if you would like to think of it that way and we
> are going to see many more cases of people trying to use OWASP to spread
> their business interests. At the end of the day everyone should be acting
> with an attitude of:"Don't ask what OWASP can do for me, ask what I can do
> for OWASP?"
>
>
>
> Regards.
> Timo
>
> On Wed, Sep 30, 2015 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>
>> So, a load of controversy about OWASP Benchmark on twitter, but no
>> discussion on the leaders list :(
>> Is this now the wrong place to discuss OWASP projects??
>>
>> Simon
>>
>>
>> On Thu, Sep 24, 2015 at 10:36 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Hi folks,
>>>
>>> I've got some concerns about the OWASP Benchmark project.
>>>
>>> I _like_ benchmarks, and I'm very pleased to see an active OWASP project
>>> focused on delivering one.
>>> I think the project has some technical limitations, but thats fine given
>>> the stage the project is at, ie _very_ early.
>>> I dont think that any firm conclusions should be drawn from it until its
>>> been significantly enhanced.
>>>
>>> My concerns are around the marketing that one of the companies
>>> sponsoring the Benchmark project has started using.
>>>
>>> Here we have a company that leads an OWASP project that just happens to
>>> show that their offering in this area appears to be _significantly_ better
>>> than any of the competition.
>>> Their recent press release stresses that its an OWASP project, make the
>>> most of the fact that the US DHS helped fund it but make no mention of
>>> their role in developing it.
>>>
>>> Regardless of the accuracy of the results, it seems like a huge conflict
>>> of interest :(
>>>
>>> It appears that I'm not the only one with concerns related to the
>>> project:
>>>
>>> https://www.veracode.com/blog/2015/09/no-one-technology-silver-bullet
>>>
>>> What do other people think?
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151001/3541e182/attachment-0001.html>


More information about the OWASP-Leaders mailing list