[Owasp-board] OWASP Risk Rating Project Sponsor?

Dave Wichers dave.wichers at owasp.org
Tue Mar 5 21:00:43 UTC 2013

I added it because Jeff Williams wrote it. So it's an Aspect project just
like any other project.

Why do you insist on looking for potential past violations of your opinion
of how things should have been done rather than help to define a standard
for how things should be done moving forward? You continue to specifically
target me and Aspect as these violators of OWASP ethics, rather than praise
us for our contributions, and work with us on how to make OWASP better. Your
efforts at tearing contributors down are NOT making things better. I thought
that Michael had talked to you about this, but I guess it didn't sink in....

As Michael said, and Jeff has said repeatedly in the past: "* Assume good
intent - everyone is putting in countless hours of time, when situations get
close to the grey zone, let's assume good intent and act as a team"

In my opinion, doing what I did is right and proper and I want MORE
companies to contribute good materials to OWASP and get a small reward for
it by being able to include their logo as a small compensation for their
donation of time and IP. 

And you disagree, to the point where you are actually removing attribution
which at the time it was done was totally OK per OWASP rules, and in fact,
as far as I know, still IS totally OK because we haven't formally adopted
any new guidelines.


-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Tuesday, March 05, 2013 3:34 PM
To: OWASP Foundation Board List
Subject: [Owasp-board] OWASP Risk Rating Project Sponsor?


I noticed that you edited the OWASP Risk Rating methodology 6 years after
its initial creation and added your company as a project sponsor.


My conjectures:

1) This is a conflict of interest where you as a board member are making
your own company a sponsor.
2) You did not pay for this project sponsorship in any way financially
(other than donated time, which many others contributed to this page)
3) This sponsorship added 6 years after the initial page was created which
looks really fishy. We need to keep away from actions that even appear to be
in violation of our "loyalty" to OWASP as OWASP board members.

I removed your logo from this page until we can discuss further.

Thank you,
Jim Manico
Owasp-board mailing list
Owasp-board at lists.owasp.org

More information about the Owasp-board mailing list