[WASC-WAFEC] Question about WAFEC.

Christian Heinrich christian.heinrich at cmlh.id.au
Fri Jun 20 02:50:32 EDT 2014


I am in a similar position to yourself, an end user and a developer
but not specific to WAF.

I think a simple small statement in your own words such as "Klaubert
is an end user located in Brazil and in his spare time develops
WAF-FLE which is an open source and free ModSecurity console"
discloses any conflict of interest while establishing technical
creditability at the same time and this is a win win for WAFEC too.

On Fri, Jun 20, 2014 at 2:08 PM, Klaubert Herr da Silveira
<klaubert at gmail.com> wrote:
> Christian,
> I really like of your propose and care to seek end user contributions to
> continue WAFEC v2, an evaluation criteria made mainly by vendors can be too
> partial and lost the practical focus need by evaluators.
> Acting mainly as consultant and end user (using open source and commercial
> WAF's), and waf-fle developer in spare time, I came in the past to Ofer
> Shezaf, to contribute as a reviewer.
> I expect avoid any biased judgement or conflict of interest, as always do. I
> raised my hand in your call with my end user side in mind, but I am a
> developer too.
> I agree that checks and balances are needed to avoid biased opinion (when I
> joined WAFEC I saw few users, and this is bad), and make end user
> participate more is a good start point, but is not guarantee, once I (and
> anyone) as end users can defend some vendor/product point of view (just
> because he/she see the WAF through the lens of product A or B), not because
> is trying to privilege the product. And all member (mainly those do writing
> and make the revision) of WAFEC must be committed to avoid this.
> How to refer to me? "Independent developer", "End user/Independent
> developer" or any other appropriated description, more clear, better. As I
> have no affiliation with any vendor or reseller, I speak by myself.
> I understand your care, and respect this. And I'd like to contribute more to
> WAFEC, in my best.

Christian Heinrich


More information about the wasc-wafec mailing list