[Owasp-board] Ounce Labs vs. OWASP Top Ten

Dinis Cruz dinis at ddplus.net
Wed Jan 31 13:28:55 EST 2007


Yes, we shouldn't mention the membership in the 'please clarify your use of
the OWASP brand' leter

Eventually I will want to do targeted pitches of the OWASP membership to
each market sector (web app scanners, firewalls, code reviews, etc...) so
don't worry that they all will be invited to becoming OWASP members

I also think that all such letters and communications should be made in a
public way (the best way might be to copy and paste the letters and
responses in a WIKI page). This will give us tons of credibility in our
actions and will keep the vendors honest.

Dinis

On 1/31/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  So are you recommending that we never mention membership in the letter?
>
>
>
> --Jeff
>
>
>   ------------------------------
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Dinis Cruz
> *Sent:* Wednesday, January 31, 2007 12:29 PM
> *To:* OWASP Board
> *Subject:* Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten
>
>
>
> I think the letter is fine, except that in this case I don't think we
> should mention the membership
>
> In this context for the non-members it can be seen as a OWASP is
> threatening them (and it almost implies that if they become members it will
> be fine)
>
> No including this information, also simplifies the process since we will
> have one unique letter for everybody (whose template can even be posted on
> the WIKI)
>
> Dinis
>
>
>  On 1/31/07, *Jeff Williams* <jeff.williams at owasp.org> wrote:
>
> Seems reasonable to me.  How does this look for a standard letter to send
> to people who misuse our brand…  Obviously we'll have to change the last
> paragraph for folks who are already members.  Not that membership is
> permission to abuse the brand.
>
>
>
> What do you think…
>
>
>
>
>
> Subject: OWASP Top Ten reference
>
>
>
> Hi,
>
>
>
> We've been notified that your company is referencing the OWASP Top Ten [
> on your website | in your press release | in your marketing material ] here
> [ URL ].  You may not know that OWASP has a set of established brand usage
> rules that govern the use of the OWASP name and logo.
>
>
>
> http://www.owasp.org/index.php/OWASP_brand_usage_rules
>
>
>
> Could you provide details of how your [ product | service ] matches up
> with the Top Ten?  In particular, can you confirm that you provide complete
> [ detection | protection ] for all the possible vulnerabilities covered by
> each item in the Top Ten?
>
>
>
> Going forward, we'd like you to reference the OWASP Top Ten 2007 Update,
> which is more focused and is likely to be easier for you to address. The
> first release candidate has been posted to our website, and is likely to
> become final in early Spring.
>
>
>
> http://www.owasp.org/index.php/Top_10_2007 .
>
>
>
> Finally, I'd like you to consider becoming an OWASP member and supporting
> our efforts.  Membership is a great way to help promote application security
> and gain visibility for your company.
>
>
>
> http://www.owasp.org/index.php/Membership
>
>
>
> Please don't hesitate to contact me to discuss any of the above.  Thanks,
>
>
>
> --Jeff
>
>
>
>
>  ------------------------------
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org]
> *Sent:* Wednesday, January 31, 2007 10:27 AM
> *To:* Jeff Williams; OWASP Board
> *Subject:* Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten
>
>
>
> Could we ask them nicely, to:
>
>    1. describe how they comply with the Top 10 2004 in some detail
>    2. Ask them to consider updating it to the T10 2007 which is far
>    more detectable
>    3. Ask them to be a corporate member?
>
>
> Thanks,
> Andrew
>
>
> On 1/31/07 10:20 AM, "Jeff Williams" <jeff.williams at aspectsecurity.com>
> wrote:
>
>
> http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA1822BA941E37&siteid=mktw&dist=nbk
>
> --Jeff
>
>
>
> Jeff Williams, CEO
>
> Aspect Security <http://www.aspectsecurity.com/><http://www.aspectsecurity.com/>
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>  ------------------------------
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
>
>  http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> --
> Dinis Cruz
> Chief OWASP Evangelist, Are you a member yet?
> http://www.owasp.org
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-board/attachments/20070131/7f2e3dcd/attachment.html 


More information about the Owasp-board mailing list