[Owasp-leaders] Secure Code Warrior Ltd

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 13 03:37:05 UTC 2016


I think that we should also implement new policies such as if a vendor
wants to give a demo during a Chapter presentation, we should then charge a
fee that goes to the chapter .

Example, Code Warrior wants to demo their product? That could be accepted
under another policy where they pay for the presentation (just a there are
booths selling products at the appsec conferences)

Then it's clear to all coming to the talk that this is a vendor talk to
show case their product during the talk.

I have actually no problem with that as long:
-Vendor pays a fee for presenting (they earn money and we are a foundation
that needs funds)
-It is clear to everyone coming that is a demo of their products
-They get potential leads from the Talk/Pitch

If people find this OK we could submit this to a vote to adapt the 'vendor
neutrality' policies

On Tue, Jul 12, 2016 at 11:27 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Serge
>
> I might look strictly to the policy, but a vendor should not use OWASP
> chapters as a platform to sell their products by explaining 'how you can
> code secure using Code Warrior platform' . BTW not cheap (USD55/month for
> one developer)
>
> I get it, the platform aligns very good with our goals (such as how to
> code secure) but if the talk is about how you can use Code Warrior to learn
> code securely... well sorry that is a vendor pitch in my opinion.
>
> Now if the talk focuses to explain the methodologies used to code secure
> (without going into their platform) then I can see how that aligns without
> issues to our 'vendor neutrality' principles.
>
> Cheers
>
>
>
> On Tue, Jul 12, 2016 at 10:29 PM, Serg B. <sergicles at gmail.com> wrote:
>
>> Johanna, why? By the way, I don't know them and have no opinion about
>> them in any way, so I am interested... If it's a good tool and has no
>> equivalent, why wouldn't we expose people to it, if the chapter leaders
>> find it acceptable for our individual chapters. We give away books that are
>> otherwise sold for money, how is this  different?
>>
>>
>> Cheers
>>     Serge
>>
>> On 13 Jul 2016 2:33 AM, "johanna curiel curiel" <johanna.curiel at owasp.org>
>> wrote:
>>
>>> >>Is there anything specific that we should take care before engaging
>>> with them?
>>>
>>> Their presentation should focused about coding secure but they should
>>> exclude using their platform in the presentation.
>>>
>>> On Tue, Jul 12, 2016 at 12:23 PM, Akash Mahajan <akash.mahajan at owasp.org
>>> > wrote:
>>>
>>>> Hi Folks,
>>>>
>>>> We have been in touch with them as well at Bangalore. It looks like a
>>>> good fit for the kind of audience we get in our meets.
>>>> Is there anything specific that we should take care before engaging
>>>> with them?
>>>>
>>>> Thank you.
>>>>
>>>> On 12 July 2016 at 21:16, Sandeep Singh <sandeep.singh at owasp.org>
>>>> wrote:
>>>>
>>>>> Hi Mike,
>>>>>
>>>>> We were recently approached by pieter danhieux from Secure Code
>>>>> Warriors and he has offered to do a 3 hour secure coding workshop for OWASP
>>>>> Delhi on 30th July when he will be here in Delhi
>>>>>
>>>>> Here is the abstract of the session he has sent to us.
>>>>>
>>>>> Do you think you can code securely? During this 3 hour workshop, the
>>>>> Secure Code Warrior team is going to brief you about the most common Web
>>>>> App weaknesses before letting you go nuts on the Secure Code Warrior
>>>>> platform. Whether you are a junior developer in JAVA Spring or C#
>>>>> MVC/WebForms, application security professional, RoR or Python geek, senior
>>>>> software engineer or penetration tester ... this platform will challenge
>>>>> your skills and provide you with an overview of your strengths and
>>>>> weaknesses in secure coding.
>>>>>
>>>>> As per our understanding it seems SCW is just a platform that they
>>>>> will be using for hosting the challenges and scoring purposes.
>>>>>
>>>>> thanks
>>>>> Sandeep
>>>>> @OWASPDelhi
>>>>>
>>>>> On Tue, Jul 12, 2016 at 9:05 PM, Serg B. <serg at owasp.org> wrote:
>>>>>
>>>>>> Mike, we haven't done any OWASP sessions with them specifically, yet.
>>>>>> I am actually catching up with them in professional capacity soon and the
>>>>>> other chapter co-lead (Julian) already has.
>>>>>>
>>>>>> We had couple vendors present. As far as I see it, nothing wrong with
>>>>>> that - as long as it is indeed a useful presentation and not a pitch, I say
>>>>>> go for it. As long as it's about technology or a product if it's something
>>>>>> really interesting, I don't see any issues with that, because sometimes
>>>>>> it's actually really hard to get exposure to some tools unless you are in a
>>>>>> well funded company. I think Codewarrior qualifies here, looks very
>>>>>> interesting and useful from what I hear (direct feedback from unbiased
>>>>>> user). We do however request full presentation deck well before the meeting
>>>>>> to make sure it is on topic and doesn't turn into a marketing pitch.
>>>>>>
>>>>>>
>>>>>> cheers
>>>>>>    Serge
>>>>>>
>>>>>> On Wed, Jul 13, 2016 at 1:24 AM, Mike Goodwin <mike.goodwin at owasp.org
>>>>>> > wrote:
>>>>>>
>>>>>>> Hello Chapter Leaders,
>>>>>>>
>>>>>>> I was approached by Secure Code Warrior Ltd who were offering to do
>>>>>>> a secure coding demo/challenge at our chapter meeting.
>>>>>>>
>>>>>>> Their website is:
>>>>>>>
>>>>>>> https://www.securecodewarrior.com/
>>>>>>>
>>>>>>> It sounded very interesting, but I was a bit concerned that it would
>>>>>>> not conform to our vendor neutrality, given their companies offering.
>>>>>>>
>>>>>>> They mentioned that they have already done sessions in Australia and
>>>>>>> India.
>>>>>>>
>>>>>>> @Aussie/Indian leaders: Have you have this company at your meetings?
>>>>>>> Was it OK from a vendor neutrality point of view?
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> --
>>>>>>> *Mike Goodwin*
>>>>>>> OWASP Newcastle UK Chapter Leader
>>>>>>> <https://www.owasp.org/index.php/Newcastle>
>>>>>>> OWASP Threat Dragon Project Leader
>>>>>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>>>>>> @theblacklabguy
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Serg
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Warm regards,
>>>> Akash Mahajan
>>>>
>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160712/481950cb/attachment.html>


More information about the OWASP-Leaders mailing list