[Owasp-leaders] OWASP Top 10 quiz

Anurag Agarwal (OWASP) anurag.agarwal at owasp.org
Wed Aug 3 12:30:52 EDT 2011


Thanks Jason, Christian, et al for your feedback but I have to admit I am
very disappointed with what has transpired so far on this. Not a single
feedback on the quality and the type of questions, not even on various
features or how far we can take it, etc.

 

My intention was to throw an idea out to OWASP Leaders and get some
brilliant minds to provide their feedback on the concept, its usability and
such. In the past, people would talk about whether the questions are good
enough or we need to improve on those. Maybe share some more ideas on
features, etc that we can implement to cater to needs of a wider audience. I
had created something to bring more awareness to the developers in a fun way
and wanted to share with OWASP and enhance the idea/concept to take it to a
greater level. We are trying to reach out to developer community and these
type of small projects can help bring more awareness on various OWASP
projects in that community. 

 

The only positive mail I got was from Ed Adams which lead me to Jason Taylor
and I will work with him on how we can share a question bank which to me
should have been a bigger concern then where its hosted and how. I already
removed the OWASP Logo as suggested by Jeff as I have no intention of
misrepresenting OWASP in any way. 

 

That being said, I will urge the people on this list to share some ideas and
feedback as to how this project can be improved.

 

 

Thanks,

 

Anurag Agarwal

MyAppSecurity Inc

Cell - 919-244-0803

Email - anurag at myappsecurity.com

Website - http://www.myappsecurity.com

Blog - http://myappsecurity.blogspot.com

LinkedIn - http://www.linkedin.com/in/myappsecurity 

 

 

 

 

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jason Li
Sent: Wednesday, August 03, 2011 11:38 AM
To: Christian Heinrich
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Top 10 quiz

 

Christian,

 

There is a difference between openness and establishing identity.

 

For example, all of the Apache projects are open source, but it would be
inappropriate for you or I to setup a website with the Apache Foundation
logo that hosts a service that could be mistaken for something done by the
Apache Foundation.

 

The Brand Usage Rules exist to *enable* people to properly use the OWASP
brand (#1-4, #9) and also remind people of various misuse cases (#5-8). In
that sense, they are not unlike standard security practices of whitelisting
allowed cases (#1-4, #9) and blacklisting obvious undesired cases (#5-8).
The OWASP Brand Usage Rules are not meant to be an exhaustive list of
disallowed uses. Like you, I am not a lawyer, but I believe standard rules
and laws regarding use of trademarks still apply to the OWASP brand.

 

Anurag has already stated his intention to eventually create an open source
OWASP project out of his effort. As it stands, I'm sure he will agree that
the intention of his site is just to pilot some concepts and implementation
details and not to misrepresent the site as an OWASP web property.

-Jason

 

On Wed, Aug 3, 2011 at 3:17 AM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:

Jeff,

Considering "OWASP is about making application security ideas free and
open to everyone, not about locking them up" is your statement which I
quote from within
https://lists.owasp.org/pipermail/global-projects-committee/2011-August/0022
50.html

I don't believe Anurag has violated
https://www.owasp.org/index.php/OWASP_brand_usage_rules


On Mon, Aug 1, 2011 at 9:56 PM, Anurag Agarwal (OWASP)
<anurag.agarwal at owasp.org> wrote:
> Jeff - I actually meant to make it as an OWASP project and wanted to start
> with a PoC and get the leaders feedback before making it a full blown
OWASP
> project. That is the only reason I used OWASP name and logo.
>
> My apologies for not asking with the OWASP board earlier. I will remove
the
> OWASP logo.
>
> Thanks
> Anurag
>
>
>
> -----Original Message-----
> From: Jeff Williams [mailto:jeff.williams at owasp.org]
> Sent: Monday, August 01, 2011 1:30 AM
> To: 'Anurag Agarwal (OWASP)'; owasp-leaders at lists.owasp.org
> Subject: RE: [Owasp-leaders] OWASP Top 10 quiz
>
> Hi Anurag,
>
> I think this is a cool little project, that could help some folks get a
> handle on what their developers actually know.  But I'm concerned that
this
> is being run at owasp.myappsecurity.com with full OWASP branding.  It
> appears to be an official OWASP project.  If you want it to be an OWASP
> project, then it should be free and open and run as a real OWASP project
--
> which we'll help support.   If you want it to be proprietary, you can keep
> it at myappsecurity and drop the OWASP branding.
>
> I appreciate your understanding.
>
> Thanks,
>
> --Jeff
>
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Anurag Agarwal
> (OWASP)
> Sent: Friday, July 29, 2011 11:38 PM
> To: owasp-leaders at lists.owasp.org
> Subject: [Owasp-leaders] OWASP Top 10 quiz
>
> Hi Everyone - I created a very small quiz for a client to test their
> developer's knowledge of OWASP top 10. I thought it  would be a good idea
to
> make it public and let other organization use it for their development
teams
> as well. This is a very basic quiz but I do plan to add different levels
and
> more questions to it and bring randomness in the questions as well.
>
> I would greatly appreciate any feedback or suggestions that others may
have.
>
>
> http://owasp.myappsecurity.com/2011/07/12/quiz/
>
>
> Thanks,
>
> Anurag Agarwal
> MyAppSecurity Inc
> Cell - 919-244-0803
> Email - anurag at myappsecurity.com
> Website - http://www.myappsecurity.com
> Blog - http://myappsecurity.blogspot.com LinkedIn -
> http://www.linkedin.com/in/myappsecurity
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>




--
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110803/51d61ac5/attachment-0001.html 


More information about the OWASP-Leaders mailing list