<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1110319451;
        mso-list-type:hybrid;
        mso-list-template-ids:-899266668 -1118120492 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style></head><body lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Michael,</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">We have project leaders of the OWASP Top Ten that traditionally made vendor-specific decisions for the branding, decision making and release of the document. Heck, even the wiki edits of the OWASP Top Ten were restricted to being edited only by the project leader. This document never went through an objective advisory process. The fishiness of A9 is also problematic when these other issues are considered.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I agree there is very little we can do to change the OWASP Top Ten 2013, but when you have project leaders with a long history of a “closed” process, it’s really difficult for others to just “jump in and do it right” for 2015. I think we need either a different leader to step up and be board-supported or we fork the document and work on it with a different group.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">So I’m not saying that I have the right process in mind, I’m just saying the due to the past problems with the documents creation, the board or project manager may need to step in and define that new process, or at least step in early when a closed process is preventing an open and collaborative document.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoListParagraph" style><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span style>-<span style="font:7.0pt "Times New Roman"">          </span></span></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Jim</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <a href="mailto:owasp-board-bounces@lists.owasp.org">owasp-board-bounces@lists.owasp.org</a> [mailto:<a href="mailto:owasp-board-bounces@lists.owasp.org">owasp-board-bounces@lists.owasp.org</a>] <b>On Behalf Of </b>Michael Coates<br>
<b>Sent:</b> Sunday, April 13, 2014 8:45 AM<br><b>To:</b> Eoin Keary; Samantha Groves<br><b>Cc:</b> OWASP Foundation Board List<br><b>Subject:</b> Re: [Owasp-board] OWASP Top 10</span></p><p class="MsoNormal"> </p><div><div>
<div><div><p class="MsoNormal" style="margin-bottom:12.0pt">Eoin,</p></div><p class="MsoNormal" style="margin-bottom:12.0pt">Are we dancing around the elephant in the room? We know there are many calls for the top 10 to be more open. I hope people will join the project and push the top 10 process from it's beginning and create a very open 2015 top 10 with all these ideas  - we just need to get into the process at the beginning, not the end.</p>
</div><p class="MsoNormal" style="margin-bottom:12.0pt">I guess my question is this - why not just ask the project mailing list for this information directly? Or are they not responding or refusing?<br><br>I don't think we have a model or expectation that a request to project X should flow through Samantha to simply relay that same request to the project mailing list. </p>
</div><p class="MsoNormal">Perhaps I'm missing something - help me understand?</p></div><div><p class="MsoNormal"><br clear="all"></p><div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>--<br>Michael Coates<br>
@_mwc</p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"> </p><div><p class="MsoNormal">On Sun, Apr 13, 2014 at 4:41 AM, Eoin Keary <<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>> wrote:</p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in"><p class="MsoNormal">Hi Samantha,<br>I am formally requesting that as projects manager you obtain the data, work papers and associated statistic model for the owasp top 10. This is a core owasp project and needs to be assessed such that we can leverage it for other endeavours.<br>
Thanks in advance.<br>Eoin.<br><br><br>Eoin Keary<br>Owasp Global Board<br><a href="tel:%2B353%2087%20977%202988">+353 87 977 2988</a><br><br>_______________________________________________<br>Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></p></blockquote>
</div><p class="MsoNormal"> </p></div></div></body></html>