[WASC-WAFEC] Question about WAFEC.
robert at webappsec.org
Fri Jun 20 12:35:56 EDT 2014
> I have no doubt that Klaubert will make a significant contribution to
> WAFEC based on his end user experience with ModSecurity but I want to
> establish a code of conduct that is applicable, known and fair to
> contributors beforehand so that WASC can avoid incidents related to
> favouritism which are reoccur time and time again within OWASP i.e.
> (I noticed that Dinis Cruz deleted my comment to this Blog Post), etc
WASC has avoided these situations for nearly a decade. We require project
material discussions to be held on a public list, so that people can spot
any bias material and question it. While I appreciate your dedication to
ensuring materials are unbiased, I don't believe grilling 'contributors'
on their background is the right approach. If you observe an individual
who 'currently works' at a vendor/service provider, and is trying to hide this
fact, then call it out. Otherwise please refrain from interigating
contributors, this will not be tolerated. If you observe a project leader
who is outright in a position of 'conflict of interest' then please feel
free to call it out on the list.
As always, if you see bias in a direction of a project,
call out the specific instance.
> The other issue that I am attempting to manage is the unsubstantiated
> rumour that WASC Project are nothing more than direct vendor promotion
> e.g. http://lists.owasp.org/pipermail/owasp-board/2007-March/005551.html
This email is nearly 5 years old, and honestly we don't care how people
speculate about us. We let facts dictate how we are observed.
> If two parties diff on their opinion then I will forward it to Ofer
> for moderation because he is extremely fair and not associated with a
> WAF vendor.
That is Ofer's job.
WASC Co Founder/WASC Officer
> Christian Heinrich
More information about the wasc-wafec