[Owasp-board] Ounce Labs vs. OWASP Top Ten

Dinis Cruz dinis at ddplus.net
Wed Jan 31 17:29:20 UTC 2007


I think the letter is fine, except that in this case I don't think we should
mention the membership

In this context for the non-members it can be seen as a OWASP is threatening
them (and it almost implies that if they become members it will be fine)

No including this information, also simplifies the process since we will
have one unique letter for everybody (whose template can even be posted on
the WIKI)

Dinis



On 1/31/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Seems reasonable to me.  How does this look for a standard letter to send
> to people who misuse our brand…  Obviously we'll have to change the last
> paragraph for folks who are already members.  Not that membership is
> permission to abuse the brand.
>
>
>
> What do you think…
>
>
>
>
>
> Subject: OWASP Top Ten reference
>
>
>
> Hi,
>
>
>
> We've been notified that your company is referencing the OWASP Top Ten [
> on your website | in your press release | in your marketing material ] here
> [ URL ].  You may not know that OWASP has a set of established brand usage
> rules that govern the use of the OWASP name and logo.
>
>
>
> http://www.owasp.org/index.php/OWASP_brand_usage_rules
>
>
>
> Could you provide details of how your [ product | service ] matches up
> with the Top Ten?  In particular, can you confirm that you provide complete
> [ detection | protection ] for all the possible vulnerabilities covered by
> each item in the Top Ten?
>
>
>
> Going forward, we'd like you to reference the OWASP Top Ten 2007 Update,
> which is more focused and is likely to be easier for you to address. The
> first release candidate has been posted to our website, and is likely to
> become final in early Spring.
>
>
>
> http://www.owasp.org/index.php/Top_10_2007.
>
>
>
> Finally, I'd like you to consider becoming an OWASP member and supporting
> our efforts.  Membership is a great way to help promote application security
> and gain visibility for your company.
>
>
>
> http://www.owasp.org/index.php/Membership
>
>
>
> Please don't hesitate to contact me to discuss any of the above.  Thanks,
>
>
>
> --Jeff
>
>
>
>
>  ------------------------------
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org]
> *Sent:* Wednesday, January 31, 2007 10:27 AM
> *To:* Jeff Williams; OWASP Board
> *Subject:* Re: [Owasp-board] Ounce Labs vs. OWASP Top Ten
>
>
>
> Could we ask them nicely, to:
>
>    1. describe how they comply with the Top 10 2004 in some detail
>    2. Ask them to consider updating it to the T10 2007 which is far
>    more detectable
>    3. Ask them to be a corporate member?
>
>
> Thanks,
> Andrew
>
>
> On 1/31/07 10:20 AM, "Jeff Williams" <jeff.williams at aspectsecurity.com>
> wrote:
>
>
> http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA1822BA941E37&siteid=mktw&dist=nbk
>
> --Jeff
>
>
>
> Jeff Williams, CEO
>
> Aspect Security <http://www.aspectsecurity.com/><http://www.aspectsecurity.com/>
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>  ------------------------------
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070131/2f669ec0/attachment-0002.html>


More information about the Owasp-board mailing list