[Owasp-board] OWASP/Ounce

Jeff Williams jeff.williams at owasp.org
Fri Feb 2 17:30:49 UTC 2007


Hi Jake,

 

Thanks for the info.

 

We've been notified from several sources that your company is referencing
the OWASP Top Ten and actually it has caused a bit of concern.  You may not
know that OWASP has a set of established brand usage rules that govern the
use of the OWASP name and logo.

 

http://www.owasp.org/index.php/OWASP_brand_usage_rules

 

Could you provide details of exactly how SmartAudit matches up with and
covers the Top Ten?  In particular, can you confirm that you provide
complete detection for all the possible vulnerabilities covered by each item
in the Top Ten?

 

FYI, there's an update to the Top Ten coming, and it's a bit more focused
and is likely to be easier for you to address. The first release candidate
has been posted to our website, and is likely to become final in early
Spring.

 

http://www.owasp.org/index.php/Top_10_2007

 

Please don't hesitate to contact me to discuss any of the above. I'll be out
of the country for the next two weeks and will have limited access to email
and phone.  During that time, please contact Andrew van der Stock at
vanderaj at owasp.org. Thanks,

 

--Jeff

 

________________________________________

From: Jake Messier [mailto:jake.messier at ouncelabs.com] 

Sent: Friday, February 02, 2007 10:28 AM

To: jeff.williams at owasp.org

Subject: OWASP/Ounce

 

Jeff,

 

I wanted to let you know about some far-reaching OWASP related news. 

 

Ounce Labs, the leader in software security assurance, recently announced
(Wednesday) the release of Ounce 4.2. The newest version of Ounce has a
feature called SmartAudit. SmartAudit uses Ounce's superior source code
vulnerability analysis results to power a series of reports that provide a
detailed picture of compliance to a security, development, or audit
executive. The initial SmartAudit reports offered include the OWASP Top Ten.
We are pushing this feature as our main marketing selling point. 

 

We'd love to maximize the exposure of not only Ounce, but OWASP. Please let
me know what your thoughts are surrounding an OWASP press release regarding
our new feature. I can make Jack Danahy, our CTO and founder (as well as
chairman of the OWASP Metrics and Measurement Standards Committee) available
for a quote. 

 

I'd also like to discuss pitching the OWASP/Ounce story idea to various
publications.

 

We're very excited and are receiving outstanding feedback regarding the
release of 4.2. We'd love to get the most out of this opportunity for
everyone involved. 

 

Jake Messier

 

Jake Messier | Public Relations Manager | Ounce Labs, Inc. | 100 Fifth
Avenue, Waltham, MA 02451 | 781.547.7031 | www.ouncelabs.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070202/dde5b5f5/attachment-0002.html>


More information about the Owasp-board mailing list