[Owasp-leaders] Secure Code Warrior Ltd

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 13 10:31:34 UTC 2016


>>I did not find any vendor pitch, and they just used the tool to have a
small CTF type competition.

This is what I call smart marketing ;-).

They don't need tell me 'buy it', but having the opportunity to showcase it
is good enough as a marketing strategy

Now a training in Appsec is a funding activity. In this case OWASP gets 60%
of the trainer 40%.



On Wed, Jul 13, 2016 at 2:09 AM, Vaibhav Gupta <vaibhav.gupta at owasp.org>
wrote:

> My two cents:
>
> I attended 'Securing MEAN stack' training by SCW folks at OWASP AppSec EU.
> IMHO, I did not find any vendor pitch, and they just used the tool to have
> a small CTF type competition.
>
> The trainer explicitly mentioned that attendees might use dummy emails to
> register if they do not like to share their info with SCW.
>
> As a caution, we need to make sure that these events do not have any
> vendor related pitch, and we are just using the tool (like any other tool:
> Burp, AppScan, etc) to supplement the intended idea of the session.
>
> Thanks
> Vaibhav
>
> twitter.com/VaibhavGupta_1
>
> On Wed, Jul 13, 2016 at 11:23 AM, Munir Njiru <munir.njiru at owasp.org>
> wrote:
>
>> I would like to conquer with Johanna on this, look at it this way . OWASP
>> is meant to serve the purpose of ensuring security the people already
>> subscribed are a lucrative niche for a vendor like Secure Code Warrior,
>> them offering you a "freebie" is technically them getting "free marketing"
>> think about how much they save on marketing cost. A boost to the chapter
>> for the numbers gathered should be in order at a small fee and a portion of
>> that can go to OWASP.
>> Another way to look at it is package it as a membership option that the
>> vendor needs to be a premium member at an annual fee and part of the perks
>> would be "present x number of times such items as their product" in
>> chapters local to them.
>>
>> Kind Regards,
>>
>> Munir Njenga,
>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>> Developer
>> Mob   (KE) +254 (0) 734960670
>>
>> =============================
>> Chapter Page: www.owasp.org/index.php/Kenya
>> Project Site:
>> http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/
>> Email: munir.njiru at owasp.org
>> Facebook: https://www.facebook.com/OWASP.Kenya
>> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>
>>
>> On Wed, Jul 13, 2016 at 6:37 AM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> I think that we should also implement new policies such as if a vendor
>>> wants to give a demo during a Chapter presentation, we should then charge a
>>> fee that goes to the chapter .
>>>
>>> Example, Code Warrior wants to demo their product? That could be
>>> accepted under another policy where they pay for the presentation (just a
>>> there are booths selling products at the appsec conferences)
>>>
>>> Then it's clear to all coming to the talk that this is a vendor talk to
>>> show case their product during the talk.
>>>
>>> I have actually no problem with that as long:
>>> -Vendor pays a fee for presenting (they earn money and we are a
>>> foundation that needs funds)
>>> -It is clear to everyone coming that is a demo of their products
>>> -They get potential leads from the Talk/Pitch
>>>
>>> If people find this OK we could submit this to a vote to adapt the
>>> 'vendor neutrality' policies
>>>
>>> On Tue, Jul 12, 2016 at 11:27 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Serge
>>>>
>>>> I might look strictly to the policy, but a vendor should not use OWASP
>>>> chapters as a platform to sell their products by explaining 'how you can
>>>> code secure using Code Warrior platform' . BTW not cheap (USD55/month for
>>>> one developer)
>>>>
>>>> I get it, the platform aligns very good with our goals (such as how to
>>>> code secure) but if the talk is about how you can use Code Warrior to learn
>>>> code securely... well sorry that is a vendor pitch in my opinion.
>>>>
>>>> Now if the talk focuses to explain the methodologies used to code
>>>> secure (without going into their platform) then I can see how that aligns
>>>> without issues to our 'vendor neutrality' principles.
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
>>>> On Tue, Jul 12, 2016 at 10:29 PM, Serg B. <sergicles at gmail.com> wrote:
>>>>
>>>>> Johanna, why? By the way, I don't know them and have no opinion about
>>>>> them in any way, so I am interested... If it's a good tool and has no
>>>>> equivalent, why wouldn't we expose people to it, if the chapter leaders
>>>>> find it acceptable for our individual chapters. We give away books that are
>>>>> otherwise sold for money, how is this  different?
>>>>>
>>>>>
>>>>> Cheers
>>>>>     Serge
>>>>>
>>>>> On 13 Jul 2016 2:33 AM, "johanna curiel curiel" <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>> >>Is there anything specific that we should take care before engaging
>>>>>> with them?
>>>>>>
>>>>>> Their presentation should focused about coding secure but they should
>>>>>> exclude using their platform in the presentation.
>>>>>>
>>>>>> On Tue, Jul 12, 2016 at 12:23 PM, Akash Mahajan <
>>>>>> akash.mahajan at owasp.org> wrote:
>>>>>>
>>>>>>> Hi Folks,
>>>>>>>
>>>>>>> We have been in touch with them as well at Bangalore. It looks like
>>>>>>> a good fit for the kind of audience we get in our meets.
>>>>>>> Is there anything specific that we should take care before engaging
>>>>>>> with them?
>>>>>>>
>>>>>>> Thank you.
>>>>>>>
>>>>>>> On 12 July 2016 at 21:16, Sandeep Singh <sandeep.singh at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Mike,
>>>>>>>>
>>>>>>>> We were recently approached by pieter danhieux from Secure Code
>>>>>>>> Warriors and he has offered to do a 3 hour secure coding workshop for OWASP
>>>>>>>> Delhi on 30th July when he will be here in Delhi
>>>>>>>>
>>>>>>>> Here is the abstract of the session he has sent to us.
>>>>>>>>
>>>>>>>> Do you think you can code securely? During this 3 hour workshop,
>>>>>>>> the Secure Code Warrior team is going to brief you about the most common
>>>>>>>> Web App weaknesses before letting you go nuts on the Secure Code Warrior
>>>>>>>> platform. Whether you are a junior developer in JAVA Spring or C#
>>>>>>>> MVC/WebForms, application security professional, RoR or Python geek, senior
>>>>>>>> software engineer or penetration tester ... this platform will challenge
>>>>>>>> your skills and provide you with an overview of your strengths and
>>>>>>>> weaknesses in secure coding.
>>>>>>>>
>>>>>>>> As per our understanding it seems SCW is just a platform that they
>>>>>>>> will be using for hosting the challenges and scoring purposes.
>>>>>>>>
>>>>>>>> thanks
>>>>>>>> Sandeep
>>>>>>>> @OWASPDelhi
>>>>>>>>
>>>>>>>> On Tue, Jul 12, 2016 at 9:05 PM, Serg B. <serg at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Mike, we haven't done any OWASP sessions with them specifically,
>>>>>>>>> yet. I am actually catching up with them in professional capacity soon and
>>>>>>>>> the other chapter co-lead (Julian) already has.
>>>>>>>>>
>>>>>>>>> We had couple vendors present. As far as I see it, nothing wrong
>>>>>>>>> with that - as long as it is indeed a useful presentation and not a pitch,
>>>>>>>>> I say go for it. As long as it's about technology or a product if it's
>>>>>>>>> something really interesting, I don't see any issues with that, because
>>>>>>>>> sometimes it's actually really hard to get exposure to some tools unless
>>>>>>>>> you are in a well funded company. I think Codewarrior qualifies here, looks
>>>>>>>>> very interesting and useful from what I hear (direct feedback from unbiased
>>>>>>>>> user). We do however request full presentation deck well before the meeting
>>>>>>>>> to make sure it is on topic and doesn't turn into a marketing pitch.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> cheers
>>>>>>>>>    Serge
>>>>>>>>>
>>>>>>>>> On Wed, Jul 13, 2016 at 1:24 AM, Mike Goodwin <
>>>>>>>>> mike.goodwin at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Chapter Leaders,
>>>>>>>>>>
>>>>>>>>>> I was approached by Secure Code Warrior Ltd who were offering to
>>>>>>>>>> do a secure coding demo/challenge at our chapter meeting.
>>>>>>>>>>
>>>>>>>>>> Their website is:
>>>>>>>>>>
>>>>>>>>>> https://www.securecodewarrior.com/
>>>>>>>>>>
>>>>>>>>>> It sounded very interesting, but I was a bit concerned that it
>>>>>>>>>> would not conform to our vendor neutrality, given their companies offering.
>>>>>>>>>>
>>>>>>>>>> They mentioned that they have already done sessions in Australia
>>>>>>>>>> and India.
>>>>>>>>>>
>>>>>>>>>> @Aussie/Indian leaders: Have you have this company at your
>>>>>>>>>> meetings? Was it OK from a vendor neutrality point of view?
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Mike Goodwin*
>>>>>>>>>> OWASP Newcastle UK Chapter Leader
>>>>>>>>>> <https://www.owasp.org/index.php/Newcastle>
>>>>>>>>>> OWASP Threat Dragon Project Leader
>>>>>>>>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>>>>>>>>> @theblacklabguy
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Serg
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Warm regards,
>>>>>>> Akash Mahajan
>>>>>>>
>>>>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Johanna Curiel
>>>>>> OWASP Volunteer
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/3771eb95/attachment-0001.html>


More information about the OWASP-Leaders mailing list