[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

Eoin Keary eoin.keary at owasp.org
Tue Feb 19 14:46:54 UTC 2013


Jim,
I disagree old boy.

Now i have to kick ur ass in front of 450 people at RSA next week :) Don't
learn any Taekwondo in Korea, ok?

Look at webgoat lessons. - every lesson has the creators company logo.
Should we remove these also?

Getting associated with a project is decent payment for letting your staff
burn time on it. " I pay my staff to work on OWASP stuff..." - this is how
it should be.

Anyways Jeff mentioned to me about statistical models and did not like to
idea of the Application Security Survey (in 2011)  (Now called the CISO
survey). - my question is what sample-space was used to develop the Top 10?
How were the stats gathered as I see 4 companies in the credit list but
there are circa 644,000,000 active websites on the Internet. - Just a
thought.  I think the Top 10 rocks and so does Jeff and Dave for devoting
lots of time to OWASP.



so there!!




On Tue, Feb 19, 2013 at 2:35 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Eoin,
>
> Everyone contributes time to projects. If "time spent on projects" is
> enough of a
> criteria for logo sponsorship, then all projects would be littered with
> corporate logos like NASDAR drivers, something that is clearly against
> event a loose interpretation of our guidelines.
>
> Aspect did not pay for project sponsorship, this is a "time invested"
> trade, which does not at all give them the right to have their logo on the
> project.
>
> But hey, Dave is a reasonable chap and I want to give him a chance to do
> the right thing. He might just be using the template from 2010.
>
> As for the "closed project", that is another matter. I am also concerned
> that the current revision going around is a PDF. Wiki or at least
> Google docs is more appropriate.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Feb 19, 2013, at 11:22 PM, Eoin <eoin.keary at owasp.org> wrote:
>
> little emotive. Please everyone be cool.
>
> Re the top 10, it is obvious Aspect have put significant time into this
> document. I feel their chargeable time should be recognised in some way.
> -fair?
>
> I don't remember the project asking for volunteers which is a concern for
> me. It seems the top 10 is a "closed shop".
>
> Many many organisations could of (if asked) contributed to the stats to
> deliver the top 10 which would if increased the sample space for the
> statistical model. -that is my concern.
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 19 Feb 2013, at 13:51, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>
> On 19 Feb 2013, at 22:34, Tom Brennan wrote:
>
> Here let me help you Dennis/Jim with intent.
> https://www.owasp.org/index.php/How_to_Start_an_OWASP_Project
>
> Tom - don't even get what you are on about?
>
> Marijuana is illegal at a federal level, state laws do not supersede the
> federal law, unless the federal government gives up that power to the
> states. Similarly, OWASP<https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project>(look under integrity - it is a
> *CORE* OWASP value…) foundation rules apply even to projects, a separate
> policy for projects is not required.
>
> Dennis
> ------------------------------
>
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> .
>
> *This email is licensed under a CC BY-ND 3.0<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>license.
> *
>
> *Please do not send me Microsoft Office/Apple iWork documents.*
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> Stand up for your freedom to install free software<http://www.fsf.org/campaigns/secure-boot/statement>
> .
>
> The idea that some lives matter less is the root of all that’s wrong with
> the world. -- Paul Farmer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Global Board Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/c4da2422/attachment-0001.html>


More information about the OWASP-Leaders mailing list