[Owasp-leaders] Secure Code Warrior Ltd

Munir Njiru munir.njiru at owasp.org
Wed Jul 13 05:53:34 UTC 2016


I would like to conquer with Johanna on this, look at it this way . OWASP
is meant to serve the purpose of ensuring security the people already
subscribed are a lucrative niche for a vendor like Secure Code Warrior,
them offering you a "freebie" is technically them getting "free marketing"
think about how much they save on marketing cost. A boost to the chapter
for the numbers gathered should be in order at a small fee and a portion of
that can go to OWASP.
Another way to look at it is package it as a membership option that the
vendor needs to be a premium member at an annual fee and part of the perks
would be "present x number of times such items as their product" in
chapters local to them.

Kind Regards,

Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

=============================
Chapter Page: www.owasp.org/index.php/Kenya
Project Site:
http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya


On Wed, Jul 13, 2016 at 6:37 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> I think that we should also implement new policies such as if a vendor
> wants to give a demo during a Chapter presentation, we should then charge a
> fee that goes to the chapter .
>
> Example, Code Warrior wants to demo their product? That could be accepted
> under another policy where they pay for the presentation (just a there are
> booths selling products at the appsec conferences)
>
> Then it's clear to all coming to the talk that this is a vendor talk to
> show case their product during the talk.
>
> I have actually no problem with that as long:
> -Vendor pays a fee for presenting (they earn money and we are a foundation
> that needs funds)
> -It is clear to everyone coming that is a demo of their products
> -They get potential leads from the Talk/Pitch
>
> If people find this OK we could submit this to a vote to adapt the 'vendor
> neutrality' policies
>
> On Tue, Jul 12, 2016 at 11:27 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Serge
>>
>> I might look strictly to the policy, but a vendor should not use OWASP
>> chapters as a platform to sell their products by explaining 'how you can
>> code secure using Code Warrior platform' . BTW not cheap (USD55/month for
>> one developer)
>>
>> I get it, the platform aligns very good with our goals (such as how to
>> code secure) but if the talk is about how you can use Code Warrior to learn
>> code securely... well sorry that is a vendor pitch in my opinion.
>>
>> Now if the talk focuses to explain the methodologies used to code secure
>> (without going into their platform) then I can see how that aligns without
>> issues to our 'vendor neutrality' principles.
>>
>> Cheers
>>
>>
>>
>> On Tue, Jul 12, 2016 at 10:29 PM, Serg B. <sergicles at gmail.com> wrote:
>>
>>> Johanna, why? By the way, I don't know them and have no opinion about
>>> them in any way, so I am interested... If it's a good tool and has no
>>> equivalent, why wouldn't we expose people to it, if the chapter leaders
>>> find it acceptable for our individual chapters. We give away books that are
>>> otherwise sold for money, how is this  different?
>>>
>>>
>>> Cheers
>>>     Serge
>>>
>>> On 13 Jul 2016 2:33 AM, "johanna curiel curiel" <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> >>Is there anything specific that we should take care before engaging
>>>> with them?
>>>>
>>>> Their presentation should focused about coding secure but they should
>>>> exclude using their platform in the presentation.
>>>>
>>>> On Tue, Jul 12, 2016 at 12:23 PM, Akash Mahajan <
>>>> akash.mahajan at owasp.org> wrote:
>>>>
>>>>> Hi Folks,
>>>>>
>>>>> We have been in touch with them as well at Bangalore. It looks like a
>>>>> good fit for the kind of audience we get in our meets.
>>>>> Is there anything specific that we should take care before engaging
>>>>> with them?
>>>>>
>>>>> Thank you.
>>>>>
>>>>> On 12 July 2016 at 21:16, Sandeep Singh <sandeep.singh at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Mike,
>>>>>>
>>>>>> We were recently approached by pieter danhieux from Secure Code
>>>>>> Warriors and he has offered to do a 3 hour secure coding workshop for OWASP
>>>>>> Delhi on 30th July when he will be here in Delhi
>>>>>>
>>>>>> Here is the abstract of the session he has sent to us.
>>>>>>
>>>>>> Do you think you can code securely? During this 3 hour workshop, the
>>>>>> Secure Code Warrior team is going to brief you about the most common Web
>>>>>> App weaknesses before letting you go nuts on the Secure Code Warrior
>>>>>> platform. Whether you are a junior developer in JAVA Spring or C#
>>>>>> MVC/WebForms, application security professional, RoR or Python geek, senior
>>>>>> software engineer or penetration tester ... this platform will challenge
>>>>>> your skills and provide you with an overview of your strengths and
>>>>>> weaknesses in secure coding.
>>>>>>
>>>>>> As per our understanding it seems SCW is just a platform that they
>>>>>> will be using for hosting the challenges and scoring purposes.
>>>>>>
>>>>>> thanks
>>>>>> Sandeep
>>>>>> @OWASPDelhi
>>>>>>
>>>>>> On Tue, Jul 12, 2016 at 9:05 PM, Serg B. <serg at owasp.org> wrote:
>>>>>>
>>>>>>> Mike, we haven't done any OWASP sessions with them specifically,
>>>>>>> yet. I am actually catching up with them in professional capacity soon and
>>>>>>> the other chapter co-lead (Julian) already has.
>>>>>>>
>>>>>>> We had couple vendors present. As far as I see it, nothing wrong
>>>>>>> with that - as long as it is indeed a useful presentation and not a pitch,
>>>>>>> I say go for it. As long as it's about technology or a product if it's
>>>>>>> something really interesting, I don't see any issues with that, because
>>>>>>> sometimes it's actually really hard to get exposure to some tools unless
>>>>>>> you are in a well funded company. I think Codewarrior qualifies here, looks
>>>>>>> very interesting and useful from what I hear (direct feedback from unbiased
>>>>>>> user). We do however request full presentation deck well before the meeting
>>>>>>> to make sure it is on topic and doesn't turn into a marketing pitch.
>>>>>>>
>>>>>>>
>>>>>>> cheers
>>>>>>>    Serge
>>>>>>>
>>>>>>> On Wed, Jul 13, 2016 at 1:24 AM, Mike Goodwin <
>>>>>>> mike.goodwin at owasp.org> wrote:
>>>>>>>
>>>>>>>> Hello Chapter Leaders,
>>>>>>>>
>>>>>>>> I was approached by Secure Code Warrior Ltd who were offering to do
>>>>>>>> a secure coding demo/challenge at our chapter meeting.
>>>>>>>>
>>>>>>>> Their website is:
>>>>>>>>
>>>>>>>> https://www.securecodewarrior.com/
>>>>>>>>
>>>>>>>> It sounded very interesting, but I was a bit concerned that it
>>>>>>>> would not conform to our vendor neutrality, given their companies offering.
>>>>>>>>
>>>>>>>> They mentioned that they have already done sessions in Australia
>>>>>>>> and India.
>>>>>>>>
>>>>>>>> @Aussie/Indian leaders: Have you have this company at your
>>>>>>>> meetings? Was it OK from a vendor neutrality point of view?
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Mike Goodwin*
>>>>>>>> OWASP Newcastle UK Chapter Leader
>>>>>>>> <https://www.owasp.org/index.php/Newcastle>
>>>>>>>> OWASP Threat Dragon Project Leader
>>>>>>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>>>>>>> @theblacklabguy
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Serg
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Warm regards,
>>>>> Akash Mahajan
>>>>>
>>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/a03e81fc/attachment-0001.html>


More information about the OWASP-Leaders mailing list