[WASC-WAFEC] Question about WAFEC.

Robert A. robert at webappsec.org
Fri Jun 20 12:35:56 EDT 2014


> I have no doubt that Klaubert will make a significant contribution to
> WAFEC based on his end user experience with ModSecurity but I want to
> establish a code of conduct that is applicable, known and fair to
> contributors beforehand so that WASC can avoid incidents related to
> favouritism which are reoccur time and time again within OWASP i.e.
> http://www.greebo.net/2011/03/18/owasp-podcast-82-authorship-of-owasp-top-10-2007/,
> http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html,
> http://blog.diniscruz.com/2014/06/in-samanthas-words-why-i-resigned-my.html
> (I noticed that Dinis Cruz deleted my comment to this Blog Post), etc

WASC has avoided these situations for nearly a decade. We require project 
material discussions to be held on a public list, so that people can spot 
any bias material and question it. While I appreciate your dedication to
ensuring materials are unbiased, I don't believe grilling 'contributors' 
on their background is the right approach. If you observe an individual 
who 'currently works' at a vendor/service provider, and is trying to hide this 
fact, then call it out. Otherwise please refrain from interigating 
contributors, this will not be tolerated. If you observe a project leader 
who is outright in a position of 'conflict of interest' then please feel
free to call it out on the list.

As always, if you see bias in a direction of a project, 
call out the specific instance.

> The other issue that I am attempting to manage is the unsubstantiated
> rumour that WASC Project are nothing more than direct vendor promotion
> e.g. http://lists.owasp.org/pipermail/owasp-board/2007-March/005551.html
>

This email is nearly 5 years old, and honestly we don't care how people 
speculate about us. We let facts dictate how we are observed.


> If two parties diff on their opinion then I will forward it to Ofer
> for moderation because he is extremely fair and not associated with a
> WAF vendor.

That is Ofer's job.


Regards,
Robert Auger
WASC Co Founder/WASC Officer
http://www.webappsec.org/


>
>
> -- 
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>




More information about the wasc-wafec mailing list