Matthieu, On Sat, Jun 21, 2014 at 5:39 PM, Matthieu Estrade <matthieu.estrade@gmail.com> wrote: > I also agree here, Gartner MQ is a market analysis and not a technical > analysis as WAFEC is. > WAFEC goal is to provide a list of criteria to let people choose the good > WAF considering their Web apps, infrastructure, context etc. Even if a WAF has a superior technical capability, the management accountable for procurement have never been fired for purchasing an inferior product listed on the Gartner MQ. Hence, WAFEC should influence Gartner to require mandatory technical controls in their product selection of the MQ. Maybe Gartner had also considered WAFEC when creating their crietria for the MQ for instance? We can't answer this question until we have completed this research as any statement until then is hearsay. -- Regards, Christian Heinrich http://cmlh.id.au/contact

Wag the dog effect is remarkably strong with Gartner. And i wonder if you can get into mq without "sponsoring some research". On Saturday, June 21, 2014, Christian Heinrich < christian.heinrich@cmlh.id.au> wrote: > Matthieu, > > On Sat, Jun 21, 2014 at 5:39 PM, Matthieu Estrade > <matthieu.estrade@gmail.com <javascript:;>> wrote: > > I also agree here, Gartner MQ is a market analysis and not a technical > > analysis as WAFEC is. > > WAFEC goal is to provide a list of criteria to let people choose the good > > WAF considering their Web apps, infrastructure, context etc. > > Even if a WAF has a superior technical capability, the management > accountable for procurement have never been fired for purchasing an > inferior product listed on the Gartner MQ. > > Hence, WAFEC should influence Gartner to require mandatory technical > controls in their product selection of the MQ. > > Maybe Gartner had also considered WAFEC when creating their crietria > for the MQ for instance? We can't answer this question until we have > completed this research as any statement until then is hearsay. > > > -- > Regards, > Christian Heinrich > > http://cmlh.id.au/contact > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org <javascript:;> > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org >

Ark, Chenxi Wang of Forrester has presented/keynoted at Application Security conferences so I believe Gartner would also consider WAFEC in the same light too. On Sun, Jun 22, 2014 at 4:23 AM, ArkanoiD <ark@eltex.net> wrote: > > Wag the dog effect is remarkably strong with Gartner. And i wonder if you > can get into mq without "sponsoring some research". > > On Saturday, June 21, 2014, Christian Heinrich > <christian.heinrich@cmlh.id.au> wrote: >> >> Matthieu, >> >> On Sat, Jun 21, 2014 at 5:39 PM, Matthieu Estrade >> <matthieu.estrade@gmail.com> wrote: >> > I also agree here, Gartner MQ is a market analysis and not a technical >> > analysis as WAFEC is. >> > WAFEC goal is to provide a list of criteria to let people choose the >> > good >> > WAF considering their Web apps, infrastructure, context etc. >> >> Even if a WAF has a superior technical capability, the management >> accountable for procurement have never been fired for purchasing an >> inferior product listed on the Gartner MQ. >> >> Hence, WAFEC should influence Gartner to require mandatory technical >> controls in their product selection of the MQ. >> >> Maybe Gartner had also considered WAFEC when creating their crietria >> for the MQ for instance? We can't answer this question until we have >> completed this research as any statement until then is hearsay. >> >> >> -- >> Regards, >> Christian Heinrich >> >> http://cmlh.id.au/contact >> >> _______________________________________________ >> wasc-wafec mailing list >> wasc-wafec@lists.webappsec.org >> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org -- Regards, Christian Heinrich http://cmlh.id.au/contact

On Sat, Jun 21, 2014 at 2:23 PM, ArkanoiD <ark@eltex.net> wrote: > > Wag the dog effect is remarkably strong with Gartner. And i wonder if you > can get into mq without "sponsoring some research". Yes, you absolutely and unquestionably can. Look at the new WAF MQ! Many of the smaller WAF vendors mentioned there are likely to be non-clients [I can look up the exact data in our systems, but sadly won't be able to share it here :-(] > > On Saturday, June 21, 2014, Christian Heinrich < > christian.heinrich@cmlh.id.au> wrote: > >> Matthieu, >> >> On Sat, Jun 21, 2014 at 5:39 PM, Matthieu Estrade >> <matthieu.estrade@gmail.com> wrote: >> > I also agree here, Gartner MQ is a market analysis and not a technical >> > analysis as WAFEC is. >> > WAFEC goal is to provide a list of criteria to let people choose the >> good >> > WAF considering their Web apps, infrastructure, context etc. >> >> Even if a WAF has a superior technical capability, the management >> accountable for procurement have never been fired for purchasing an >> inferior product listed on the Gartner MQ. >> >> Hence, WAFEC should influence Gartner to require mandatory technical >> controls in their product selection of the MQ. >> >> Maybe Gartner had also considered WAFEC when creating their crietria >> for the MQ for instance? We can't answer this question until we have >> completed this research as any statement until then is hearsay. >> >> >> -- >> Regards, >> Christian Heinrich >> >> http://cmlh.id.au/contact >> >> _______________________________________________ >> wasc-wafec mailing list >> wasc-wafec@lists.webappsec.org >> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org >> > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org > > -- Dr. Anton Chuvakin Site: http://www.chuvakin.org Twitter: @anton_chuvakin Work: http://www.linkedin.com/in/chuvakin