[Owasp-leaders] OWASP Benchmark project - potential conflict of interest
dinis.cruz at owasp.org
Thu Oct 1 07:34:06 UTC 2015
I share Simon's concerts, I saw that PR and it really didn't look balanced
(regardless of the validity or not of the claims)
There is definitely a conflict of interest at play here
On 1 Oct 2015 1:39 am, "Timo Goosen" <timo.goosen at owasp.org> wrote:
> I don't know enough about the matter to comment on this case, but I feel
> that any situation where an OWASP project or any OWASP initiative for that
> matter, is using OWASP to promote its own business interests should be
> stopped. We need to get rid of bad apples in OWASP.
> OWASP is becoming a brand if you would like to think of it that way and we
> are going to see many more cases of people trying to use OWASP to spread
> their business interests. At the end of the day everyone should be acting
> with an attitude of:"Don't ask what OWASP can do for me, ask what I can do
> for OWASP?"
> On Wed, Sep 30, 2015 at 11:48 AM, psiinon <psiinon at gmail.com> wrote:
>> So, a load of controversy about OWASP Benchmark on twitter, but no
>> discussion on the leaders list :(
>> Is this now the wrong place to discuss OWASP projects??
>> On Thu, Sep 24, 2015 at 10:36 AM, psiinon <psiinon at gmail.com> wrote:
>>> Hi folks,
>>> I've got some concerns about the OWASP Benchmark project.
>>> I _like_ benchmarks, and I'm very pleased to see an active OWASP project
>>> focused on delivering one.
>>> I think the project has some technical limitations, but thats fine given
>>> the stage the project is at, ie _very_ early.
>>> I dont think that any firm conclusions should be drawn from it until its
>>> been significantly enhanced.
>>> My concerns are around the marketing that one of the companies
>>> sponsoring the Benchmark project has started using.
>>> Here we have a company that leads an OWASP project that just happens to
>>> show that their offering in this area appears to be _significantly_ better
>>> than any of the competition.
>>> Their recent press release stresses that its an OWASP project, make the
>>> most of the fact that the US DHS helped fund it but make no mention of
>>> their role in developing it.
>>> Regardless of the accuracy of the results, it seems like a huge conflict
>>> of interest :(
>>> It appears that I'm not the only one with concerns related to the
>>> What do other people think?
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders