[Owasp-board] Fw: OWASP & Adobe

Jeff Williams jeff.williams at owasp.org
Mon Jan 7 05:32:49 UTC 2008

This is great news for OWASP. Tom's right, we need a set of rules here.  I'd
love to look at what other organizations have done if anyone can think of a
similar situation. I think we should try to put together a preliminary set
of rules, try them out, and see how they work.

I found Wikipedia's conflict of interest policy interesting.
http://en.wikipedia.org/wiki/Wikipedia:Conflict_of_interest.  Basically,
they discourage editors with a conflict, and encourage them to make comments
on the TALK page.  But they do allow certain kinds of noncontroversial

I think we should go pretty carefully here.  What would you think about
running all content through some kind of "project" that will de-bias it?


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
Sent: Friday, January 04, 2008 8:09 PM
To: OWASP Foundation Board List
Subject: [Owasp-board] Fw: OWASP & Adobe

Well with Adobe + Microsoft .NET effort coming to the OWASP table to break
bread, looks like we need a wiki page to outline what is acceptable for
commercial vendors.... 

I'll have to defer this to the lawyer in the group for governance as I don't
have any context on this one... But I see clearly that content can't be
copyrighted nor links to a commercial site hmmm.....

WoW talk about the year of AppSec getting into full swing huh - very


Tom Brennan
OWASP Foundation Board Member
Tel: 973-202-0122 | Url: www.owasp.org

-----Original Message-----
From: "Peleus Uhley" <puhley at adobe.com>

Date: Fri, 4 Jan 2008 16:29:38 
To:<stefano.dipaola at mindedsecurity.com>
Cc:<Dinis.Cruz at owasp.org>, <jeff.williams at owasp.org>,
<dave.wichers at owasp.org>, <tomb at owasp.org>, <seba at owasp.org>,       "Erick
Lee" <erlee at adobe.com>, "Lucas Adamski" <ladamski at adobe.com>
Subject: OWASP & Adobe


	I hope you had a good holiday break and a Happy New Year.  I
wanted to discuss with you the Flash Security section of the OWASP site.
Adobe would like to contribute to the materials posted on the web site.
	We realize that, as the authors of the software being discussed,
there may be potential conflicts of interest in our involvement.  For
instance, Adobe shouldn't moderate a message board or use the site to
post marketing materials :).  However, we do want to reach out and
provide as much security related materials and information that we can
to the security community regarding Flash.
	Do you or the OWASP team have any guidance on how Adobe can
contribute to this project without infringing on OWASP's vendor
nuetrality and open community?  Should I forward my suggestions to you
for review or should I just go ahead and start posting links?  We would
like to be able to provide links to our most current security
information in a positive manner that does not cross any ethical
	Please let us know how we can best work together.


Peleus Uhley
Senior Security Researcher
Adobe Systems Inc.
puhley at adobe.com
(415) 832-5499 (desk)
(415) 596-9073 (cell)

Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list