[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Christian Heinrich christian.heinrich at cmlh.id.au
Sat Nov 17 00:42:49 EST 2012


Achim,

It is interesting to note that OWASP blew $246,636.04 of vendor (i.e.
what OWASP accuse WASC of being) donations on their last (2nd) Summit
i.e. https://lists.owasp.org/pipermail/committees-chairs/2011-July/000322.html
without any promised tangible result or outcome i.e.
http://lists.owasp.org/pipermail/owasp-summit-2011/2010-August/000025.html,
http://appsandsecurity.blogspot.com.au/2011/02/another-owasp-paperware-project-anyone.html,
etc but at least the wife gets a holiday for free
https://www.owasp.org/index.php/Summit_2011/External_Contractors#Sarah_Cruz

I am not against having a summit (at OWASP or somewhere else) provided
we avoid the poor and deliberate mistakes that OWASP has made time and
time again.

Let's wait until we get the draft together and then raise the
possibility of meeting in person.  If this is well before July, and it
should be, then let's aim for
https://www.owasp.org/index.php/AppSecEU2013 to discuss the final
version of WAFEC v2?

On Thu, Nov 15, 2012 at 3:45 AM, Achim Hoffmann <websec10 at sic-sec.org> wrote:
> Hi all,
>
> when I was informing about the possibility of "taining or workshop" my intent was,
> as Christian described, to bring together authors, contributors and friends.
> I had not in mind to make a traditional (OWASP) training which the audience has
> to pay for.
> However, I'm open to manage that too, but that should cover more than one product
> to attract people.
>
> A talk about the WAFEC work and result should then be done too.
>
> Does this clarify things?



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact




More information about the wasc-wafec mailing list