The Open Reverse Benchmarking Project was founded in 2007 for the purpose of studying False Positives in web application security scanners, with the ultimate goal of creating a taxonomy of common false positive types. The goal is to develop a lens through which to view and understand the occurance of false positives by security scanners and thereby produce research and publications that facilitate the ongoing study of false positive types as well as to improve technology.
Our Editorial Board consists of experts in the field of application security from various companies and organizations. The ORB Project was co-founded by Tom Stracener, Sr. Security Analyst for Cenzic Inc., and Marce Luck, a security expert working for a large financial corporation. Since its inception at Defcon 2007, membership to the ORB project has been opened to members of the application security community.
The Open Reverse Benchmarking Project is in its early phases of evolution, with upgrades planned for this website as well as various projects slated for development in 2008. The Open Reverse Benchmarking project consists of an Editorial Board responsible for whitepapers and research, but the project itself will eventually open its doors to the general public, when our mailing list comes online in December 2007. While membership in the Editorial Board will remain limited, participation in the project as a whole, as well as development on key projects and initiatives will be available to anyone in the security community.