[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

Abbas Naderi abbas.naderi at owasp.org
Tue Feb 19 16:12:02 UTC 2013


Hi all folks,
I don't know if any of you are also members of the top-10 list, but since the RC release, at least a couple dozen people have sent valuable comments. Nobody in there is charge of managing and applying the comments and they just go unnoticed. At least 5 people have commented that A9 does not have the correct title and also that A4 and A7 are practically the same thing.

I'd appreciate it if someone allowed community to also work on this. 


Also everyone knows that Top 10 is one of the key projects at OWASP. I personally like the document, but I always hate it to see some company's logo there. All I'm thinking at that moment is why them? My company would be more than glad to sponsor and contribute to Top Ten or any other project, and have its logo added to the project, but hey that's not the spirit of OWASP.

I agree that they should be mentioned, but why not provide a link on the wiki to their website, and then have all the logos and texts about how Aspect made Top 10? I don't know if anyone is against this one.


So, please first introduce someone to me who is in charge of Top 10 right now so that I can help him/her manage comments and apply changes,
and second define how deep can the company's influence be there on any project. (i.e my company is creating WebGoatPHP from scratch with a lot of work, but we're not mentioned almost anywhere in it, we just mention on out website that we have done this.)

Thanks and sorry for long mail,
-Abbas
On ۱ اسفند ۱۳۹۱, at ۱۹:۱۰, Eoin Keary <eoin.keary at owasp.org> wrote:

> Non profit != no money :)
> 
> 
>  
> On Tue, Feb 19, 2013 at 3:35 PM, Jim Manico <jim.manico at owasp.org> wrote:
> I'm happy to have a smaller OWASP with less vendor involvement, fewer
> but higher quality projects, and a smaller budget. We are in the (non
> profit) business of spreading AppSec awareness, not making more money.
> 
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Feb 20, 2013, at 12:27 AM, Eoin Keary <eoinkeary at gmail.com> wrote:
> 
> > I believe in what ur saying but our corporate sponsors won't.
> >
> > Why do we have corporate sponsor logos on the wiki at all, following this thought process?
> >
> > We need to balance revenue generation to do stuff with our open source ideals. Corporate sponsorship is important to the foundation for conferences, events, etc.
> >
> > We need industry inclusion /support or we die.
> >
> > Eoin Keary
> > Owasp Global Board
> > +353 87 977 2988
> >
> >
> > On 19 Feb 2013, at 15:12, Jim Manico <jim.manico at owasp.org> wrote:
> >
> >>> Look at webgoat lessons. - every lesson has the creators company logo. Should we remove these also?
> >>
> >> Absolutely! This is not NASCAR, this is a not for profit charitable,
> >> altruistic organization where serving the community at the expense of
> >> personal gain in a vendor-neutral way is the norm.
> >>
> >> And PS: Bruce Mayhew continues to support WebGoat in his free time and
> >> he works for a different company now. WebGoat 5.4 actually removed
> >> some of the sponsorship garbage and future versions will do so to an
> >> even greater extent.
> >>
> >> I'm lucky enough to have traveled the world and visited a large number
> >> of chapters along the way. I also track several dozen active OWASP
> >> projects. I also consulted a non-profit speciality lawyer before
> >> joining the board. I'm not shooting from the hip here, I'm well
> >> prepared, I did my homework, and I'm not picking this fight lightly.
> >>
> >> --
> >> Jim Manico
> >> @Manicode
> >> (808) 652-3805
> >>
> >> On Feb 19, 2013, at 11:46 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
> >>
> >>> Look at webgoat lessons. - every lesson has the creators company logo. Should we remove these also?
> 
> 
> 
> -- 
> Global Board Member
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/0818c3d3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/0818c3d3/attachment.bin>


More information about the OWASP-Leaders mailing list