[WASC-WAFEC] Proposed "Conflict of Interest" Section?

Ofer Shezaf ofer at shezaf.com
Sun Jul 28 01:25:12 EDT 2013


This is a community project: people will always have a day job and a night
job and they are never completely separated. As long as we keep transparency
and open review to everyone, listed or not, and I believe your pointers
shows that we do, we are OK and I will not add such a "warning".

~ Ofer

-----Original Message-----
From: wasc-wafec [mailto:wasc-wafec-bounces at lists.webappsec.org] On Behalf
Of Christian Heinrich
Sent: 20 July 2013 03:09
To: Achim Hoffmann
Cc: wasc-wafec at lists.webappsec.org
Subject: Re: [WASC-WAFEC] Proposed "Conflict of Interest" Section?


On Fri, Jul 19, 2013 at 7:21 PM, Achim Hoffmann <websec10 at sic-sec.org>
> just to be more precise: you mean that the "Conflict of interest" 
> section points out that even the contributions are from 3 vendors, it 
> has been reviewed by other (ca. 5) vendors. So we have ca. 8 vendors in
> Sounds fair.

I count seven people at
but I may be wrong.

At first glance
appears to be dominated by a single vendor.  However this is not the case
when it is considered under the context of names assigned to each section
within http://projects.webappsec.org/w/page/60249779/WAFEC_2_Outline

The core issue is that of first impression of the reader and clarifying this
at the beginning of WAFECv2 would avoid their above
(incorrect) conclusion by the reader [of WAFECv2].

I'll assume it might be possible to extract the percentage of each
contributor too and if the total of these three [contributors] are lower
than that of the other four [contributors] then this metric would also be

Christian Heinrich


wasc-wafec mailing list
wasc-wafec at lists.webappsec.org

More information about the wasc-wafec mailing list