Core Values and Definitions
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
$
%
123
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
|
 
Still loading...
ABCDEFGHIJKLMNOPQRST
1
TimestampCommentsNameComing to the OWASP Summit?
2
1/14/2011 13:08:11Experimentation seems very odd to me. If I didn't know anything about OWASP and read these 4 values I would assume that OWASP is an international organization that creates open source security products that may or may not work. Kind of like source forge. You may find something good, it may work, or it may totally destroy your system.

To me, experimentation, implies the following
"searching for new solutions"
"thinking outside the box"

This is great, except it does not imply "quality". Therefore, as a professional I would probably disregard most tools or documentation as "experiments" that are not enterprise grade quality, have not been tested in the real world, and do not contain any documentation.

I do think OWASP should experiment and think outside the box. But I think a core value should be Quality. The good tools/material that we create are hidden amongst a forest of half-baked ideas and abandoned projects. If we want to take the next step to OWASP 4.0 we need to ensure that we can clearly demonstrate and display the quality of our work to the world.

I am for the values: OPEN, GLOBAL, INTEGRITY

I am very much against EXPERIMENTATION unless a fifth value is added similar to QUALITY
Michael CoatesYes
3
1/14/2011 14:12:08I like the way the values were defined.Lucas C. FerreiraYes
4
1/15/2011 18:56:49I don't disagree but would like to see ...

OUTREACH

OWASP actively seeks contact and collaboration with other IT communities where application security is important, be it developer conferences, open source organizations, or academia.
John WilanderYes
5
1/15/2011 22:19:39These lack true definition relative to the original mission statement. As per my email to the leaders mailing list "open" is the most important to tackle in terms of setting up a correct definition.

Furthermore, we have actually defined thresholds on what information is open and is not in industry. I would be more than happy to provide input on this.
Yiannis PavlosoglouYes
6
1/16/2011 13:16:08(Not disagree with core values but with some lexicon)
Dear all,

1 - Maybe we need something more accurate than "Integrity" to describe "Neutrality" or Vendor "Independency". Because "Neutrality" is one of the greatest values of such methodology !!!
2- You talk about Global Community in both "Global and Integrity" ?
3- Maybe "INITIATIVE" rather then EXPERIMENTATION

Cheers
N.O
OWASP Morocco
Nabil OUCHN - OWASP Morocco Chapter LeaderNo
7
1/28/2011 12:34:23From the call with TMC on Jan, 28th, change #4 to: OWASP encourages and supports risk-based experiments to find solutions to software security challenges

Basically add in "risk-based" before experiments
Matt TesauroYes
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1