[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

Jim Manico jim.manico at owasp.org
Tue Feb 19 08:05:16 UTC 2013


Dave,

This is great work. But I see a big fat logo from your company on this project under "acknowledgements" the same as years past, and I'd like to see it removed this year.

Even if you and Jeff work on and lead this, OWASP does not endorse any company since our 501c3 not-for-profit charitable organization is supposed to be 100% vendor neutral. As is part of the legal rules for 501c3, we must take action via OWASP in the spirit of serving the community in an altruistic way, even if that is at the expense of our personal gain and goals. ESPECIALLY from board members who should be leading by example, especially around vendor neutrality ethics. Basically, OWASP (the charitable organization) owes us NOTHING and we owe OWASP everything because of how it has helped our world.

I'd like to see your corporate logo removed from the project and just state that you and Jeff lead this project (with a host of many other volunteers) via OWASP branding only. This is much more inline with our vendor neutrality guidelines and brand usage guidelines. https://www.owasp.org/index.php/OWASP_brand_usage_rules 

And in general it's just the right thing to do.

Acceptable, Dave?

- Jim Manico
OWASP Volunteer
@Manicode


> OWASP Leaders!
> 
>  
> 
> The Release Candidate for the OWASP Top 10 – 2013 is now available! (Attached)
> 
>  
> 
> It’s also available for  <http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf> Download here 
> 
>  
> 
> A press release for this should be coming out later today.
> 
>  
> 
> Please forward to all the developers and development teams you know!! I’d love to get feedback from them too, and to start immediately raising awareness about what’s changed in this update to the Top 10. The primary change is the addition of the new category: A9-Using Components with Known Vulnerabilities
> 
>  
> 
>  
> 
> We plan to release the final version of the OWASP Top 10 - 2013 in April or May 2013 after a public comment period ending March 30, 2013. 
> 
>  
> 
> Constructive comments on this OWASP Top 10 - 2013 Release Candidate should be forwarded via email to OWASP-TopTen at lists.owasp.org. Private comments may be sent to dave.wichers at owasp.org .  Anonymous comments are welcome.  All  non-private comments will be catalogued and published at the same time as the final public release.  Comments recommending changes to the items listed in the Top 10 should include a complete suggested list of 10 items, along with a rationale for any changes. All comments should indicate the specific relevant page and section.
> 
>  
> 
> Your feedback is critical to the continued success of the OWASP Top 10 Project. Thank you all for your dedication to improving the security of the world’s software for everyone.
> 
>  
> 
> Thanks, Dave
> 
>  
> 
> OWASP Top 10 Project Lead
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list