I wrote a blog post on this issue, the Builders/Defenders/Breakers model, and how I think we should handle potential vendor biases.
<div><br></div><div>&quot;A Client-Oriented OWASP&quot;</div><div><a href="http://appsandsecurity.blogspot.com/2011/03/client-oriented-owasp.html">http://appsandsecurity.blogspot.com/2011/03/client-oriented-owasp.html</a></div>
<div><br></div><div>Feel free to comment. Some already did and there are very interesting positions surfacing, IMHO.</div><div><br></div><div>   Regards, John</div>