[Owasp-leaders] Secure Code Warrior Ltd

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 13 03:27:01 UTC 2016


Serge

I might look strictly to the policy, but a vendor should not use OWASP
chapters as a platform to sell their products by explaining 'how you can
code secure using Code Warrior platform' . BTW not cheap (USD55/month for
one developer)

I get it, the platform aligns very good with our goals (such as how to code
secure) but if the talk is about how you can use Code Warrior to learn code
securely... well sorry that is a vendor pitch in my opinion.

Now if the talk focuses to explain the methodologies used to code secure
(without going into their platform) then I can see how that aligns without
issues to our 'vendor neutrality' principles.

Cheers



On Tue, Jul 12, 2016 at 10:29 PM, Serg B. <sergicles at gmail.com> wrote:

> Johanna, why? By the way, I don't know them and have no opinion about them
> in any way, so I am interested... If it's a good tool and has no
> equivalent, why wouldn't we expose people to it, if the chapter leaders
> find it acceptable for our individual chapters. We give away books that are
> otherwise sold for money, how is this  different?
>
>
> Cheers
>     Serge
>
> On 13 Jul 2016 2:33 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>
> wrote:
>
>> >>Is there anything specific that we should take care before engaging
>> with them?
>>
>> Their presentation should focused about coding secure but they should
>> exclude using their platform in the presentation.
>>
>> On Tue, Jul 12, 2016 at 12:23 PM, Akash Mahajan <akash.mahajan at owasp.org>
>> wrote:
>>
>>> Hi Folks,
>>>
>>> We have been in touch with them as well at Bangalore. It looks like a
>>> good fit for the kind of audience we get in our meets.
>>> Is there anything specific that we should take care before engaging with
>>> them?
>>>
>>> Thank you.
>>>
>>> On 12 July 2016 at 21:16, Sandeep Singh <sandeep.singh at owasp.org> wrote:
>>>
>>>> Hi Mike,
>>>>
>>>> We were recently approached by pieter danhieux from Secure Code
>>>> Warriors and he has offered to do a 3 hour secure coding workshop for OWASP
>>>> Delhi on 30th July when he will be here in Delhi
>>>>
>>>> Here is the abstract of the session he has sent to us.
>>>>
>>>> Do you think you can code securely? During this 3 hour workshop, the
>>>> Secure Code Warrior team is going to brief you about the most common Web
>>>> App weaknesses before letting you go nuts on the Secure Code Warrior
>>>> platform. Whether you are a junior developer in JAVA Spring or C#
>>>> MVC/WebForms, application security professional, RoR or Python geek, senior
>>>> software engineer or penetration tester ... this platform will challenge
>>>> your skills and provide you with an overview of your strengths and
>>>> weaknesses in secure coding.
>>>>
>>>> As per our understanding it seems SCW is just a platform that they will
>>>> be using for hosting the challenges and scoring purposes.
>>>>
>>>> thanks
>>>> Sandeep
>>>> @OWASPDelhi
>>>>
>>>> On Tue, Jul 12, 2016 at 9:05 PM, Serg B. <serg at owasp.org> wrote:
>>>>
>>>>> Mike, we haven't done any OWASP sessions with them specifically, yet.
>>>>> I am actually catching up with them in professional capacity soon and the
>>>>> other chapter co-lead (Julian) already has.
>>>>>
>>>>> We had couple vendors present. As far as I see it, nothing wrong with
>>>>> that - as long as it is indeed a useful presentation and not a pitch, I say
>>>>> go for it. As long as it's about technology or a product if it's something
>>>>> really interesting, I don't see any issues with that, because sometimes
>>>>> it's actually really hard to get exposure to some tools unless you are in a
>>>>> well funded company. I think Codewarrior qualifies here, looks very
>>>>> interesting and useful from what I hear (direct feedback from unbiased
>>>>> user). We do however request full presentation deck well before the meeting
>>>>> to make sure it is on topic and doesn't turn into a marketing pitch.
>>>>>
>>>>>
>>>>> cheers
>>>>>    Serge
>>>>>
>>>>> On Wed, Jul 13, 2016 at 1:24 AM, Mike Goodwin <mike.goodwin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Hello Chapter Leaders,
>>>>>>
>>>>>> I was approached by Secure Code Warrior Ltd who were offering to do a
>>>>>> secure coding demo/challenge at our chapter meeting.
>>>>>>
>>>>>> Their website is:
>>>>>>
>>>>>> https://www.securecodewarrior.com/
>>>>>>
>>>>>> It sounded very interesting, but I was a bit concerned that it would
>>>>>> not conform to our vendor neutrality, given their companies offering.
>>>>>>
>>>>>> They mentioned that they have already done sessions in Australia and
>>>>>> India.
>>>>>>
>>>>>> @Aussie/Indian leaders: Have you have this company at your meetings?
>>>>>> Was it OK from a vendor neutrality point of view?
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> --
>>>>>> *Mike Goodwin*
>>>>>> OWASP Newcastle UK Chapter Leader
>>>>>> <https://www.owasp.org/index.php/Newcastle>
>>>>>> OWASP Threat Dragon Project Leader
>>>>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>>>>> @theblacklabguy
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Serg
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Warm regards,
>>> Akash Mahajan
>>>
>>> *That Web Application Security Guy* | +91 99 805 271 82
>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160712/8f8b10de/attachment-0001.html>


More information about the OWASP-Leaders mailing list