View source for Summit 2011/Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation

<BR>__TOC__<BR>
'''IMPORTANT DISCLAIMER: THIS LETTER IS NOT AN OFFICIAL OWASP POSITION. THE OWNERSHIP OF ITS REQUEST BELONGS TO THE NAMES UNDER THE 'SIGNED BY' SECTION'''
<br/><br/>
{{:Summit_2011/Open_letter_to_WebAppSec_Tool_and_Services_vendors:_Release_your_schemas_and_allow_automation/Letter_Content}}
<br/><br/>
==Signed by==
* Dinis Cruz - Application Security Consultant - Independent
* Sebastien Deleersnyder - Managing Technical Consultant - SAIT Zenitel
* Alexander Meisel - CTO - art of defence
* Sven Vetsch - Senior Security Tester - Dreamlab Technologies
* Daniel Cuthbert - Assessment Manager - SensePost
* Eoin Keary - EMEIA Attack & Penetration Senior Manager - Ernst & Young
* Anurag Agarwal - Founder - MyAppSecurity
* Zaki Akhmad - Security Analyst - indocisc
* Sebastien Gioria - Head of Security and IT Audit - Groupe Y
* Paolo Perego - Application Security Specialist - armoredcode.com
* Steven van der Baan - Software Architect - Sogeti Nederland
* Andres Andreu - CTO & Founder - neuroFuzz
* Marinus Kuivenhoven - Sr. Security Specialist - Sogeti Nederland
* James McGovern - Chief Security Architect - The Hartford
* Antonio Parata - CTO - Euery

Please use the format: {Name - Role - Company}

==Vendors that agreed to provide some/all requested materials==
* art of defence
* WhiteHat:
** provided PDF with sample XML files and API details
** provided access to demo account to allow schema development and API tests
* Veracode:
** provided access to demo account to allow schema development and API tests
* [http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy]
** all code and report formats are (and will remain) open source
** example reports to be supplied
** undertake to enhance ZAP to integrate with other tools in as open and an effective a way as possible

==Relevant initiatives == 
* http://csrc.nist.gov/publications/drafts/nistir-7756/Draft-nistir-7756_feb2011.pdf (NIST: CAESARS FrameworkExtension: An EnterpriseContinuous MonitoringTechnical ReferenceArchitecture (Draft))
* Test suite/cases for C++ and Java http://samate.nist.gov/SRD/testsuite.php.