[Owasp-leaders] OWASP Risk Calculator?

Dave Wichers dave.wichers at owasp.org
Tue Dec 20 14:25:00 UTC 2011


It's my opinion that this would fall under appropriate use of the OWASP.
It's very clear that this leverages the OWASP project it refers to, and in
fact, that's how they are using the brand, in the reference.

 

-Dave

 

From: owasp-leaders-bounces at owasp.org
[mailto:owasp-leaders-bounces at owasp.org] On Behalf Of Tony UcedaVelez
Sent: Monday, December 19, 2011 6:06 PM
To: Jim Manico; Tony UcedaVelez
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Risk Calculator?

 

Not disputing the methodology (although the formula could use an upgrade in
calculating residual risk vs simply risk and factoring in the efficacy of
countermeasures), but mostly asking in just the cobranded use of a company
site and the OWASP name. 

Sent from my Windows Phone

  _____  

From: Jim Manico
Sent: 12/19/2011 4:58 PM
To: Tony UcedaVelez
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Risk Calculator?

I and other still use this quite a bit. It's solid piece of work (hat-tip to
John Pavone).

Some of the categories need cleaning up, but I still like it.

Any thoughts on how to best update this Tony?

- Jim




Is this a sanctioned use of the OWASP name?  Didn't know the Risk
Methodology was still actively supported (at least since 2008).
http://www.paradoslabs.nl/owaspcalc/index.php

-- 

Tony UcedaVelez

Atlanta Chapter President

OWASP Atlanta

 <http://www.owasp.org/index.php/Atlanta_Georgia>
http://www.owasp.org/index.php/Atlanta_Georgia

Twitter: @versprite






_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20111220/6479ce28/attachment.html>


More information about the OWASP-Leaders mailing list