Yes, we shouldn&#39;t mention the membership in the &#39;please clarify your use of the OWASP brand&#39; leter<br><br>Eventually I will want to do targeted pitches of the OWASP membership to each market sector (web app scanners, firewalls, code reviews, etc...) so don&#39;t worry that they all will be invited to becoming OWASP members
<br><br>I also think that all such letters and communications should be made in a public way (the best way might be to copy and paste the letters and responses in a WIKI page). This will give us tons of credibility in our actions and will keep the vendors honest.
<br><br>Dinis<br><br><div><span class="gmail_quote">On 1/31/07, <b class="gmail_sendername">Jeff Williams</b> &lt;<a href="mailto:jeff.williams@owasp.org">jeff.williams@owasp.org</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">










<div link="blue" vlink="blue" lang="EN-US">

<div>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">So are you recommending that we never mention membership in
the letter?</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<div>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">--Jeff</span></font></p>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

</div>

<div>

<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">

<hr align="center" size="3" width="100%">

</span></font></div>

<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;">
<a href="mailto:owasp-board-bounces@lists.owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">owasp-board-bounces@lists.owasp.org</a>
[mailto:<a href="mailto:owasp-board-bounces@lists.owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">owasp-board-bounces@lists.owasp.org</a>] <b><span style="font-weight: bold;">On
Behalf Of </span></b>Dinis Cruz<br>
<b><span style="font-weight: bold;">Sent:</span></b> Wednesday, January 31, 2007
12:29 PM<br>
<b><span style="font-weight: bold;">To:</span></b> OWASP Board<div><span class="e" id="q_11079607105edde9_1"><br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [Owasp-board] Ounce
Labs vs. OWASP Top Ten</span></div></span></font></p>

</div><div><span class="e" id="q_11079607105edde9_3">

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">I think the letter is
fine, except that in this case I don&#39;t think we should mention the membership <br>
<br>
In this context for the non-members it can be seen as a OWASP is threatening
them (and it almost implies that if they become members it will be fine) <br>
<br>
No including this information, also simplifies the process since we will have
one unique letter for everybody (whose template can even be posted on the WIKI)<br>
<br>
Dinis<br>
<br>
<br>
</span></font></p>

<div>

<p><span><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On 1/31/07, <b><span style="font-weight: bold;">Jeff
Williams</span></b> &lt;<a href="mailto:jeff.williams@owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">jeff.williams@owasp.org</a>&gt;
wrote:</span></font></span></p>

<div link="blue" vlink="blue">

<div>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Seems
reasonable to me. &nbsp;How does this look for a standard letter to send to
people who misuse our brandů&nbsp; Obviously we&#39;ll have to change the last
paragraph for folks who are already members. &nbsp;Not that membership is
permission to abuse the brand.</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">What
do you thinků</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Subject:
OWASP Top Ten reference</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Hi,</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">We&#39;ve
been notified that your company is referencing the OWASP Top Ten [ on your
website | in your press release | in your marketing material ] here [ URL
].&nbsp; You may not know that OWASP has a set of established brand usage rules
that govern the use of the OWASP name and logo.</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.owasp.org/index.php/OWASP_brand_usage_rules" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.owasp.org/index.php/OWASP_brand_usage_rules
</a></span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Could
you provide details of how your [ product | service ] matches up with the Top
Ten? &nbsp;In particular, can you confirm that you provide complete [ detection
| protection ] for all the possible vulnerabilities covered by each item in the
Top Ten?</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Going
forward, we&#39;d like you to reference the OWASP Top Ten 2007 Update, which is
more focused and is likely to be easier for you to address. The first release
candidate has been posted to our website, and is likely to become final in
early Spring.</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.owasp.org/index.php/Top_10_2007" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.owasp.org/index.php/Top_10_2007
</a>. </span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Finally,
I&#39;d like you to consider becoming an OWASP member and supporting our efforts.
&nbsp;Membership is a great way to help promote application security and gain
visibility for your company.</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.owasp.org/index.php/Membership" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.owasp.org/index.php/Membership
</a></span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">Please
don&#39;t hesitate to contact me to discuss any of the above. &nbsp;Thanks,</span></font></p>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></font></p>

<div>

<div>

<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;">--Jeff</span></font></p>

</div>

</div>

<div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">

<hr align="center" size="3" width="100%">

</span></font></div>

<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;"> Andrew van der Stock [mailto:
<a href="mailto:vanderaj@owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">vanderaj@owasp.org</a>] <br>
<span><b><span style="font-weight: bold;">Sent:</span></b> Wednesday,
January 31, 2007 10:27 AM</span><br>
<span><b><span style="font-weight: bold;">To:</span></b> Jeff Williams;
OWASP Board</span><br>
<span><b><span style="font-weight: bold;">Subject:</span></b> Re:
[Owasp-board] Ounce Labs vs. OWASP Top Ten</span></span></font></p>

</div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

<div><span>

<p style="margin-bottom: 12pt;"><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;">Could we ask them nicely, to:</span></font></p>

<ol start="1" type="1">
 <li><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;">describe how they comply with the Top 10 2004
     in some detail </span></font></li>
 <li><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;">Ask them to consider updating it to the T10
     2007 which is far more detectable </span></font></li>
 <li><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;">Ask them to be a corporate member?</span></font></li>
</ol>

<p style="margin-bottom: 12pt;"><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
Thanks,<br>
Andrew<br>
<br>
<br>
On 1/31/07 10:20 AM, &quot;Jeff Williams&quot; &lt;<a href="mailto:jeff.williams@aspectsecurity.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">jeff.williams@aspectsecurity.com</a>&gt;
wrote:</span></font></p>

<p style="margin-bottom: 12pt;"><font face="Arial" size="1"><span style="font-size: 8pt; font-family: Arial;"><a href="http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA1822BA941E37&amp;siteid=mktw&amp;dist=nbk" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.marketwatch.com/news/story/story.aspx?guid=698DA76292D746EA96DA1822BA941E37&amp;siteid=mktw&amp;dist=nbk</a><br>
&nbsp;<br>
--Jeff<br>
</span></font><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
</span></font><font size="2"><span style="font-size: 9.5pt;"><br>
</span></font><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
</span></font><font face="Arial" size="1"><span style="font-size: 8pt; font-family: Arial;">Jeff Williams, CEO<br>
</span></font><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
</span></font><font face="Arial" size="1"><span style="font-size: 8pt; font-family: Arial;">Aspect Security <a href="http://www.aspectsecurity.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
&lt;http://www.aspectsecurity.com/&gt;</a>
<br>
</span></font><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
</span></font><font face="Arial" size="1"><span style="font-size: 8pt; font-family: Arial;">work: 410-707-1487<br>
</span></font><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;"><br>
</span></font><font face="Arial" size="1"><span style="font-size: 8pt; font-family: Arial;">main: 301-604-4882<br>
<br>
</span></font></p>

<div style="text-align: center;" align="center"><font face="Verdana" size="1"><span style="font-size: 7pt; font-family: Verdana;">

<hr align="center" size="3" width="100%">

</span></font></div>

</span></div>

<div><span></span>

<p><span><font face="Courier New" size="1"><span style="font-size: 6pt;">_______________________________________________</span></font></span><font face="Courier New" size="1"><span style="font-size: 6pt;"><br>
<span>Owasp-board mailing list</span><br>
<span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Owasp-board@lists.owasp.org</a></span><br>
<br>
</span></font></p>

</div>



<p><font face="Courier New" size="1"><span style="font-size: 6pt;"><a href="http://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.owasp.org/mailman/listinfo/owasp-board
</a></span></font></p>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

</div>

</div>

<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Owasp-board@lists.owasp.org</a><br>
<a href="http://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.owasp.org/mailman/listinfo/owasp-board</a></span></font></p>

</div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<br clear="all">
<br>
-- <br>
Dinis Cruz<br>
Chief OWASP Evangelist, Are you a member yet?<br>
<a href="http://www.owasp.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.owasp.org </a></span></font></p>

</span></div></div>

</div>


<br>_______________________________________________<br>Owasp-board mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">
http://lists.owasp.org/mailman/listinfo/owasp-board</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Dinis Cruz<br>Chief OWASP Evangelist, Are you a member yet?<br><a href="http://www.owasp.org">http://www.owasp.org
</a>