[WASC-WAFEC] Question about WAFEC.

Klaubert Herr da Silveira klaubert at gmail.com
Fri Jun 20 08:18:02 EDT 2014


Christian,

Ok, in my words "Klaubert is an end user located in Brazil and in his spare
time develops WAF-FLE which is an open source and free ModSecurity console"

Best regards,

Klaubert


On Fri, Jun 20, 2014 at 3:50 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Klaubert,
>
> I am in a similar position to yourself, an end user and a developer
> but not specific to WAF.
>
> I think a simple small statement in your own words such as "Klaubert
> is an end user located in Brazil and in his spare time develops
> WAF-FLE which is an open source and free ModSecurity console"
> discloses any conflict of interest while establishing technical
> creditability at the same time and this is a win win for WAFEC too.
>
> On Fri, Jun 20, 2014 at 2:08 PM, Klaubert Herr da Silveira
> <klaubert at gmail.com> wrote:
> > Christian,
> >
> > I really like of your propose and care to seek end user contributions to
> > continue WAFEC v2, an evaluation criteria made mainly by vendors can be
> too
> > partial and lost the practical focus need by evaluators.
> >
> > Acting mainly as consultant and end user (using open source and
> commercial
> > WAF's), and waf-fle developer in spare time, I came in the past to Ofer
> > Shezaf, to contribute as a reviewer.
> >
> > I expect avoid any biased judgement or conflict of interest, as always
> do. I
> > raised my hand in your call with my end user side in mind, but I am a
> > developer too.
> >
> > I agree that checks and balances are needed to avoid biased opinion
> (when I
> > joined WAFEC I saw few users, and this is bad), and make end user
> > participate more is a good start point, but is not guarantee, once I (and
> > anyone) as end users can defend some vendor/product point of view (just
> > because he/she see the WAF through the lens of product A or B), not
> because
> > is trying to privilege the product. And all member (mainly those do
> writing
> > and make the revision) of WAFEC must be committed to avoid this.
> >
> > How to refer to me? "Independent developer", "End user/Independent
> > developer" or any other appropriated description, more clear, better. As
> I
> > have no affiliation with any vendor or reseller, I speak by myself.
> >
> > I understand your care, and respect this. And I'd like to contribute
> more to
> > WAFEC, in my best.
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20140620/27f47508/attachment-0003.html>


More information about the wasc-wafec mailing list