[Owasp-leaders] OWASP Benchmark project - potential conflict of interest

psiinon psiinon at gmail.com
Wed Sep 30 09:48:48 UTC 2015


So, a load of controversy about OWASP Benchmark on twitter, but no
discussion on the leaders list :(
Is this now the wrong place to discuss OWASP projects??

Simon


On Thu, Sep 24, 2015 at 10:36 AM, psiinon <psiinon at gmail.com> wrote:

> Hi folks,
>
> I've got some concerns about the OWASP Benchmark project.
>
> I _like_ benchmarks, and I'm very pleased to see an active OWASP project
> focused on delivering one.
> I think the project has some technical limitations, but thats fine given
> the stage the project is at, ie _very_ early.
> I dont think that any firm conclusions should be drawn from it until its
> been significantly enhanced.
>
> My concerns are around the marketing that one of the companies sponsoring
> the Benchmark project has started using.
>
> Here we have a company that leads an OWASP project that just happens to
> show that their offering in this area appears to be _significantly_ better
> than any of the competition.
> Their recent press release stresses that its an OWASP project, make the
> most of the fact that the US DHS helped fund it but make no mention of
> their role in developing it.
>
> Regardless of the accuracy of the results, it seems like a huge conflict
> of interest :(
>
> It appears that I'm not the only one with concerns related to the project:
>
> https://www.veracode.com/blog/2015/09/no-one-technology-silver-bullet
>
> What do other people think?
>
> Cheers,
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>



-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150930/49175b11/attachment.html>


More information about the OWASP-Leaders mailing list