[WASC-WAFEC] Question about WAFEC.

Christian Heinrich christian.heinrich at cmlh.id.au
Fri Jun 20 18:14:03 EDT 2014


On Sat, Jun 21, 2014 at 2:35 AM, Robert A. <robert at webappsec.org> wrote:
> WASC has avoided these situations for nearly a decade. We require project
> material discussions to be held on a public list, so that people can spot
> any bias material and question it. While I appreciate your dedication to
> ensuring materials are unbiased, I don't believe grilling 'contributors' on
> their background is the right approach. If you observe an individual who
> 'currently works' at a vendor/service provider, and is trying to hide this
> fact, then call it out. Otherwise please refrain from interigating
> contributors, this will not be tolerated. If you observe a project leader
> who is outright in a position of 'conflict of interest' then please feel
> free to call it out on the list.
> As always, if you see bias in a direction of a project, call out the
> specific instance.

I don't believe this type of situation would arise but I will escalate
it on to Ofer to resolve.

Plus, it would be up to the various WAF vendors, including FOSS, to
highlight if WAFEC is bias towards a particular vendor(s) feature or
feature "x" is called feature "y" in their product during the Release
Candidate (RC) period i.e. when the draft is published to a wider

I am not into calling people out on mailing list as I prefer a softer
less direct approach because it usually a simple misunderstanding.

I believe there is some merit in listing experienced end users as
contributors because this demonstrates to the reader that WAFEC was
created by end users for end users.  Vendors should also be listed as
it demonstrates that their awareness of WAFEC.

On Sat, Jun 21, 2014 at 2:35 AM, Robert A. <robert at webappsec.org> wrote:
> This email is nearly 5 years old, and honestly we don't care how people
> speculate about us. We let facts dictate how we are observed.

Unfortunately our reputation, although underserved and created by
rumour represents our first impression.

Hence the reason I have raised this now rather than when it becomes to
late to address.

Let's continue this discussion if we need to escalate Ofer because it
will become a WASC policy item rather than contributing to the next
release of WAFEC itself.

Christian Heinrich


More information about the wasc-wafec mailing list