[Owasp-board] Ounce Labs vs. OWASP Top Ten

Jeff Williams jeff.williams at owasp.org
Wed Jan 31 16:43:44 UTC 2007


Seems reasonable to me.  How does this look for a standard letter to send to
people who misuse our brand.  Obviously we'll have to change the last
paragraph for folks who are already members.  Not that membership is
permission to abuse the brand.

 

What do you think.

 

 

Subject: OWASP Top Ten reference

 

Hi,

 

We've been notified that your company is referencing the OWASP Top Ten [ on
your website | in your press release | in your marketing material ] here [
URL ].  You may not know that OWASP has a set of established brand usage
rules that govern the use of the OWASP name and logo.

 

http://www.owasp.org/index.php/OWASP_brand_usage_rules

 

Could you provide details of how your [ product | service ] matches up with
the Top Ten?  In particular, can you confirm that you provide complete [
detection | protection ] for all the possible vulnerabilities covered by
each item in the Top Ten?

 

Going forward, we'd like you to reference the OWASP Top Ten 2007 Update,
which is more focused and is likely to be easier for you to address. The
first release candidate has been posted to our website, and is likely to
become final in early Spring.

 

http://www.owasp.org/index.php/Top_10_2007. 

 

Finally, I'd like you to consider becoming an OWASP member and supporting
our efforts.  Membership is a great way to help promote application security
and gain visibility for your company.

 

http://www.owasp.org/index.php/Membership

 

Please don't hesitate to contact me to discuss any of the above.  Thanks,

 

--Jeff

 

 

  _____  

From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: Wednesday, January 31, 2007 10:27 AM
To: Jeff Williams; OWASP Board
Subject: Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten

 

Could we ask them nicely, to:

1.	describe how they comply with the Top 10 2004 in some detail 
2.	Ask them to consider updating it to the T10 2007 which is far more
detectable 
3.	Ask them to be a corporate member?


Thanks,
Andrew


On 1/31/07 10:20 AM, "Jeff Williams" <jeff.williams at aspectsecurity.com>
wrote:

http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA18
22BA941E37
<http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA1
822BA941E37&siteid=mktw&dist=nbk> &siteid=mktw&dist=nbk
 
--Jeff



Jeff Williams, CEO

Aspect Security  <http://www.aspectsecurity.com/>
<http://www.aspectsecurity.com/> 

work: 410-707-1487

main: 301-604-4882




  _____  

_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-board

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070131/6329ea54/attachment-0002.html>


More information about the Owasp-board mailing list