[WASC-WAFEC] Vote on making WAFEC a WASC/OWASP project

Achim Hoffmann websec10 at sic-sec.org
Mon Nov 12 05:50:57 EST 2012


Hi Ofer,

my vote is yes: join WASC and OWASP for WAFEC.

According your description, I'll have some questions for clarification, please
see inline below.

Cheers
Achim


Am 12.11.2012 11:17, schrieb Ofer Shezaf:
>  
> 
> Hi All,
> 
>  
> 
> As promised I am opening the vote for making WAFEC a joined WASC and OWASP
> project.
> 
>  
> 
> The proposed guidelines for this more are (updated based on comments from
> the group and WASC officers):
> 
> *         The name, when affiliation is used, would be "The WASC/OWASP Web
> Application Firewall Evaluation Criteria".
> 
> *         Governance would be mutual, i.e. any decision about the project
> which is not within the project team itself has to be agreed upon by the
> OWASP GPC (i.e. Project Committee) and by the WASC officers.

What does this mean: "decision about the project which is not within the project team"

Could you please give an example.
I.g. OWASP GPC only gives the "go" for a project, that's it.
If a project gets abandoned, it will be marked so.

> The project
> leader is the arbitrator in case of a conflict (this change is based on a
> request by Jeremiah Grossman, WASC founder).

Does this mean that the (OWASP) project leader does not/must not participate in 
writing the document?
@Jeremiah, I can imagine your objections due to other (probably;-) biased projects,
but a bit a description of what the leader should and should not do would be nice.

> 
> *         Participation is open for all and does not require being an OWASP
> or a WASC member.
> 
>  
> 
> Vote Yes/No. Voting is open until Nov 19th EOD (American Samoa, that is
> UTC-11, time zone)
> 
>  
> 
> Now for my voting pitch:
> 
>  
> 
> I think the change is important and would benefit WAFEC tremendously. I
> would go a step further it is needed to ensure we actually succeed:
> 
>  
> 
> Why?
> 
> *         Making it happen - we need more people. I now have two chapter
> assigned and many are still waiting.  Joining hands with OWASP will make
> joining the project appealing to many more people.
> 
>  
> 
> *         Outreach - people in the application security community have heard
> about OWASP, and joining hands with OWASP would enable leveraging this to
> reach more people. This includes chapters outreach (from Khartoum, The Sudan
> to Omaha, Nebraska) as well as an official room in local and global
> conferences.
> 
>  
> 
> *         Vendor image - WASC is perceived as a "vendors' organization" and
> the list of participants in WAFEC certainly proves that. Affiliation with
> OWASP will
> 
> help popularize WAFEC also with customers, which I think is very good for
> the project.
> 
>  
> 
> I must say I think it would be hard for me to complete the project
> successfully otherwise. 
> 
>  
> 
> ~ Ofer




More information about the wasc-wafec mailing list