[Owasp-leaders] Secure Code Warrior Ltd

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Wed Jul 13 15:50:44 UTC 2016


Yes I agree if vendor become a sponsor we gave him a booth to expose there
products and if the booth is large they can run a talk in it.

On Wed, Jul 13, 2016 at 5:17 PM, Arthur Hedge <ahedge at castleventures.com>
wrote:

> In my opinion, letting vendors do a product pitch, whether they pay or
> not, is not in the spirit of OWASP.  In the New York/ NJ area in the US,
> vendors can sponsor events and have a table in the facility to show their
> products, but they are not presenting demos of their products to the group.
>
>
>
> Arthur Hedge
>
>
>
> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *johanna curiel
> curiel
> *Sent:* Wednesday, July 13, 2016 10:55 AM
> *To:* Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
> *Cc:* owasp-leaders at lists.owasp.org; Serg B. <sergicles at gmail.com>
> *Subject:* Re: [Owasp-leaders] Secure Code Warrior Ltd
>
>
>
> >>I agree we must push OWASP project,docs, etc.
>
>
>
> +Azzeddine
>
>
>
> Our chapter meetings should focus on promoting what we produce and not
> vendor products, now if we charge them and the audience is clear what they
> will get into... (a sales pitch) then I think is a win-win situation, for
> the chapters to get sponsors and fund activities and the vendor to make his
> marketing
>
>
>
> There ain't not such a thing as a free lunch
> <https://en.wikipedia.org/wiki/There_ain%27t_no_such_thing_as_a_free_lunch>
>
>
>
> On Wed, Jul 13, 2016 at 10:46 AM, Azzeddine Ramrami <
> azzeddine.ramrami at owasp.org> wrote:
>
> In all my talks and my professional projects I push ZAP because it is
> better or equivalent to Burp Pro (depending on the options).
>
> I agree we must push OWASP project,docs, etc.
>
> Azzeddine
>
>
>
> On Wed, Jul 13, 2016 at 4:42 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
> >>I agree but if the attendees during the talk ask questions about
> commercial or free and limited commercial products we must be able to
> answer.
>
> So we must knew the competion and there offers.
>
>
>
> Answering related questions regarding commercial products, I would always
> begin a sentence "in my opinion..."
>
>
>
> I might find Burp better that ZAP at reporting, but referring to it during
> chapter presentation could be seen as endorsement .
>
>
>
> I would say in that case
>
>
>
> I"n my opinion and base on my experience , I like Burp pro versions
> reporting module and thats the reason I used it instead of ZAP..bla bla.."
>
>
>
> But I don't feel like an authority to provide accurate answers about
> vendors based on my opinion and experience and I will make sure the
> audience is clear on this if they ask questions regarding comparison
> between products
>
>
>
> Thats is not our mission peeps and I would avoid any talks that compares
> products where you need to provide our opinion. In the end is your opinion.
>
>
>
> ... coming back to the Security Warrior question raised by Mike, I would
> say , that I think is OK as long as they don't talk how to do things with
> their platform, otherwise, we might start charging these kind of marketing
> sneaky pitches ;-)
>
>
>
>
>
> On Wed, Jul 13, 2016 at 10:25 AM, Azzeddine Ramrami <
> azzeddine.ramrami at owasp.org> wrote:
>
> I agree but if the attendees during the talk ask questions about
> commercial or free and limited commercial products we must be able to
> answer.
>
> So we must knew the competion and there offers.
>
> Azzeddine
>
>
>
> On Wed, Jul 13, 2016 at 4:16 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
> >>There is no open source version of Burp - this seems to be a common
> misconception. There is a _free_ version of Burp, but the source code is
> NOT available and therefore it is not open source.
>
>
>
> Simon, thx for clarifying.
>
>
>
> In that case Burp should be banned ;-P
>
>
>
> Only ZAP allowed (hey, we must encourage our 'products'  not the
> competitors, ehh... I mean our Open source projects) :D
>
>
>
> On Wed, Jul 13, 2016 at 9:43 AM, psiinon <psiinon at gmail.com> wrote:
>
>
>
> On Wed, Jul 13, 2016 at 3:35 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
> Now example, burp has 2 licenses.Imagine burp wants to give a demo, I'm
> with it as long as it focuses on a security subject and they use the open
> source version (not fair to present 'how to do things' with the pro one
> which costs USD300 a year)
>
>
>
> There is no open source version of Burp - this seems to be a common
> misconception.
>
> There is a _free_ version of Burp, but the source code is NOT available
> and therefore it is not open source.
>
> Cheers,
>
> Simon
>
>
>
>
>
> --
>
> Johanna Curiel
>
> OWASP Volunteer
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
>
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
>
> Mozilla Security Projects Mentor
>
>
>
>
>
> --
>
> Johanna Curiel
>
> OWASP Volunteer
>
>
>
>
> --
>
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
>
> Mozilla Security Projects Mentor
>
>
>
>
>
> --
>
> Johanna Curiel
>
> OWASP Volunteer
>



-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/ff19b995/attachment.html>


More information about the OWASP-Leaders mailing list