[Owasp-leaders] Secure Code Warrior Ltd

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 13 14:42:40 UTC 2016


>>I agree but if the attendees during the talk ask questions about
commercial or free and limited commercial products we must be able to
answer.
So we must knew the competion and there offers.

Answering related questions regarding commercial products, I would always
begin a sentence "in my opinion..."

I might find Burp better that ZAP at reporting, but referring to it during
chapter presentation could be seen as endorsement .

I would say in that case

I"n my opinion and base on my experience , I like Burp pro versions
reporting module and thats the reason I used it instead of ZAP..bla bla.."

But I don't feel like an authority to provide accurate answers about
vendors based on my opinion and experience and I will make sure the
audience is clear on this if they ask questions regarding comparison
between products

Thats is not our mission peeps and I would avoid any talks that compares
products where you need to provide our opinion. In the end is your opinion.

... coming back to the Security Warrior question raised by Mike, I would
say , that I think is OK as long as they don't talk how to do things with
their platform, otherwise, we might start charging these kind of marketing
sneaky pitches ;-)


On Wed, Jul 13, 2016 at 10:25 AM, Azzeddine Ramrami <
azzeddine.ramrami at owasp.org> wrote:

> I agree but if the attendees during the talk ask questions about
> commercial or free and limited commercial products we must be able to
> answer.
> So we must knew the competion and there offers.
>
> Azzeddine
>
> On Wed, Jul 13, 2016 at 4:16 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >>There is no open source version of Burp - this seems to be a common
>> misconception. There is a _free_ version of Burp, but the source code is
>> NOT available and therefore it is not open source.
>>
>> Simon, thx for clarifying.
>>
>> In that case Burp should be banned ;-P
>>
>> Only ZAP allowed (hey, we must encourage our 'products'  not the
>> competitors, ehh... I mean our Open source projects) :D
>>
>> On Wed, Jul 13, 2016 at 9:43 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>>
>>> On Wed, Jul 13, 2016 at 3:35 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Now example, burp has 2 licenses.Imagine burp wants to give a demo, I'm
>>>> with it as long as it focuses on a security subject and they use the open
>>>> source version (not fair to present 'how to do things' with the pro one
>>>> which costs USD300 a year)
>>>>
>>>
>>> There is no open source version of Burp - this seems to be a common
>>> misconception.
>>> There is a _free_ version of Burp, but the source code is NOT available
>>> and therefore it is not open source.
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
> Mozilla Security Projects Mentor
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/27bc3b8d/attachment-0001.html>


More information about the OWASP-Leaders mailing list