[WASC-WAFEC] Making WAFEC a joined WASC/OWASP project

Ofer Shezaf ofer at shezaf.com
Wed Oct 31 05:33:21 EDT 2012

Hi All,


I have been contemplating the idea of making WAFEC a joined WASC/OWASP
project and talked with several of you as well as with OWASP leaders on the
idea. The reasons I think are clear:

.         For good or bad, OWASP outreach is much bigger.

.         WASC is perceived as a "vendors' organization" and the list of
participants in WAFEC certainly proves that. Affiliation with OWASP will
help popularize WAFEC also with customers.


In my talks with OWASP leaders I put two requirements to reflect the "joined
project" concept that were accepted:

.         The name, when affiliation is used, would be "The WASC/OWASP Web
Application Firewall Evaluation Criteria".

.         Governance would be mutual, i.e. any decision about the project
which is not within the project team itself has to be agreed upon by the
OWASP GPC (i.e. Project Committee) and by the WASC officers.


I would like to get your input on this suggestion and then vote on it. I do
want to say I feel pretty strongly that this is essential for WAFEC
acceptance and success.


I do also remind you that I still wait for your input on the outline draft I
distributed. If I get no remarks and volunteers I will: (a) take it as a
yes, and (b) start working on sections I choose to own.


~ Ofer


Ofer Shezaf

[+972-54-4431119; ofer at shezaf.com, www.shezaf.com]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121031/25cbd422/attachment-0003.html>

More information about the wasc-wafec mailing list