[Owasp-board] Ounce Labs vs. OWASP Top Ten

Jeff Williams jeff.williams at owasp.org
Wed Jan 31 13:17:44 EST 2007

So are you recommending that we never mention membership in the letter?





From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Wednesday, January 31, 2007 12:29 PM
To: OWASP Board
Subject: Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten


I think the letter is fine, except that in this case I don't think we should
mention the membership 

In this context for the non-members it can be seen as a OWASP is threatening
them (and it almost implies that if they become members it will be fine) 

No including this information, also simplifies the process since we will
have one unique letter for everybody (whose template can even be posted on
the WIKI)


On 1/31/07, Jeff Williams <jeff.williams at owasp.org> wrote:

Seems reasonable to me.  How does this look for a standard letter to send to
people who misuse our brand.  Obviously we'll have to change the last
paragraph for folks who are already members.  Not that membership is
permission to abuse the brand.


What do you think.



Subject: OWASP Top Ten reference




We've been notified that your company is referencing the OWASP Top Ten [ on
your website | in your press release | in your marketing material ] here [
URL ].  You may not know that OWASP has a set of established brand usage
rules that govern the use of the OWASP name and logo.




Could you provide details of how your [ product | service ] matches up with
the Top Ten?  In particular, can you confirm that you provide complete [
detection | protection ] for all the possible vulnerabilities covered by
each item in the Top Ten?


Going forward, we'd like you to reference the OWASP Top Ten 2007 Update,
which is more focused and is likely to be easier for you to address. The
first release candidate has been posted to our website, and is likely to
become final in early Spring.


http://www.owasp.org/index.php/Top_10_2007 . 


Finally, I'd like you to consider becoming an OWASP member and supporting
our efforts.  Membership is a great way to help promote application security
and gain visibility for your company.




Please don't hesitate to contact me to discuss any of the above.  Thanks,






From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: Wednesday, January 31, 2007 10:27 AM
To: Jeff Williams; OWASP Board
Subject: Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten


Could we ask them nicely, to:

1.	describe how they comply with the Top 10 2004 in some detail 
2.	Ask them to consider updating it to the T10 2007 which is far more
3.	Ask them to be a corporate member?


On 1/31/07 10:20 AM, "Jeff Williams" <jeff.williams at aspectsecurity.com>

822BA941E37&siteid=mktw&dist=nbk> &siteid=mktw&dist=nbk

Jeff Williams, CEO

Aspect Security  <http://www.aspectsecurity.com/>

work: 410-707-1487

main: 301-604-4882


Owasp-board mailing list
Owasp-board at lists.owasp.org



Owasp-board mailing list
Owasp-board at lists.owasp.org

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org  <http://www.owasp.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-board/attachments/20070131/f3e9f5d1/attachment-0001.html 

More information about the Owasp-board mailing list