[WASC-WAFEC] Vote on making WAFEC a WASC/OWASP project

Jeremiah Grossman jeremiah at whitehatsec.com
Mon Nov 12 19:39:52 EST 2012


On Nov 12, 2012, at 1:28 PM, Robert A. wrote:

> 
>> On Mon, Nov 12, 2012 at 9:17 PM, Ofer Shezaf <ofer at shezaf.com> wrote:
>>> ·         The name, when affiliation is used, would be "The WASC/OWASP Web
>>> Application Firewall Evaluation Criteria".
>> 
>> This doesn't resolve the issue around the (false) vendor perception of
>> WASC, since "WASC" would still be quoted within the project title.
>> 
>> Hence, I would recommend that we remove "WASC" and give complete
>> project ownership to OWASP i.e. "The OWASP Web Application Firewall
>> Evaluation Criteria" otherwise this (false) perception would remain?
> 
> If there's a perception issue of WASC (which I haven't seen for a few 
> years now myself), I don't think the answer is for us to abandon our 
> sucessful projects entirely to OWASP. If I'm misunderstanding please let 
> me know.
> 
> Open to Ofer's thoughts.
> 
> Regards,
> - Robert Auger

Some may have this perception of WASC, no matter how underserving it is. Despite this, WASC projects have a very high adoption rate in the industry by nature of the way the organization do things. This speaks to deliverable quality, and to me, this is what ultimately matters the most. This is what I wish for this project. When this many of the right kind of experts are brought together under a highly collaborative and peer reviewed environment, you can't help but get this outcome.

Of course as this is an all volunteer project, people are of course free choose to contribute their time whenever and wherever they choose. Having said that, this is a project that "WASC" has voted to create and something it's committed to keeping under it's label. While it's never been done before, there is nothing technically preventing a collaborative project with OWASP provided that's what the group chooses to do.

Regards,

Jeremiah-



More information about the wasc-wafec mailing list