[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

psiinon psiinon at gmail.com
Tue Feb 19 16:41:41 UTC 2013


I agree that we need organisations supporting OWASP and its projects, but I
am also concerned about things like company logos splashed all across OWASP
projects, whether documentation projects or tools.
Firstly I think it can be taken as an endorsement of that company by OWASP.
Secondly it can be seen as that company owning or controlling a project and
can therefore put off other potential contributors.

Someone mentioned use and abuse cases - I think it would be really useful
to have a set of these so that we can have clear examples of what we as an
organization think is acceptable and unacceptable.

I'd like to see the corporate logos removed from OWASP projects, or at
least moved to non intrusive places.
I have no problems with listing the relevant companies and their logos in
the credits both in the projects themselves and on their OWASP wiki pages.
And companies should be free to trumpet their OWASP contributions on their
own websites to their hearts content :)

But thats just my view - can we collectively come up with a set of
use/abuse cases and then discuss and vote on them?

Cheers,

Simon


On Tue, Feb 19, 2013 at 4:12 PM, Abbas Naderi <abbas.naderi at owasp.org>wrote:

> Hi all folks,
> I don't know if any of you are also members of the top-10 list, but since
> the RC release, at least a couple dozen people have sent valuable comments.
> Nobody in there is charge of managing and applying the comments and they
> just go unnoticed. At least 5 people have commented that A9 does not have
> the correct title and also that A4 and A7 are practically the same thing.
>
> I'd appreciate it if someone allowed community to also work on this.
>
>
> Also everyone knows that Top 10 is one of the key projects at OWASP. I
> personally like the document, but I always hate it to see some company's
> logo there. All I'm thinking at that moment is why them? My company would
> be more than glad to sponsor and contribute to Top Ten or any other
> project, and have its logo added to the project, but hey that's not the
> spirit of OWASP.
>
> I agree that they should be mentioned, but why not provide a link on the
> wiki to their website, and then have all the logos and texts about how
> Aspect made Top 10? I don't know if anyone is against this one.
>
>
> So, please* first* introduce someone to me who is in charge of Top 10
> right now so that I can help him/her manage comments and apply changes,
> and *second* define how deep can the company's influence be there on any
> project. (i.e my company is creating WebGoatPHP from scratch with a lot of
> work, but we're not mentioned almost anywhere in it, we just mention on out
> website that we have done this.)
>
> Thanks and sorry for long mail,
> -Abbas
> On ۱ اسفند ۱۳۹۱, at ۱۹:۱۰, Eoin Keary <eoin.keary at owasp.org> wrote:
>
> Non profit != no money :)
>
>
>
> On Tue, Feb 19, 2013 at 3:35 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> I'm happy to have a smaller OWASP with less vendor involvement, fewer
>> but higher quality projects, and a smaller budget. We are in the (non
>> profit) business of spreading AppSec awareness, not making more money.
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Feb 20, 2013, at 12:27 AM, Eoin Keary <eoinkeary at gmail.com> wrote:
>>
>> > I believe in what ur saying but our corporate sponsors won't.
>> >
>> > Why do we have corporate sponsor logos on the wiki at all, following
>> this thought process?
>> >
>> > We need to balance revenue generation to do stuff with our open source
>> ideals. Corporate sponsorship is important to the foundation for
>> conferences, events, etc.
>> >
>> > We need industry inclusion /support or we die.
>> >
>> > Eoin Keary
>> > Owasp Global Board
>> > +353 87 977 2988
>> >
>> >
>> > On 19 Feb 2013, at 15:12, Jim Manico <jim.manico at owasp.org> wrote:
>> >
>> >>> Look at webgoat lessons. - every lesson has the creators company
>> logo. Should we remove these also?
>> >>
>> >> Absolutely! This is not NASCAR, this is a not for profit charitable,
>> >> altruistic organization where serving the community at the expense of
>> >> personal gain in a vendor-neutral way is the norm.
>> >>
>> >> And PS: Bruce Mayhew continues to support WebGoat in his free time and
>> >> he works for a different company now. WebGoat 5.4 actually removed
>> >> some of the sponsorship garbage and future versions will do so to an
>> >> even greater extent.
>> >>
>> >> I'm lucky enough to have traveled the world and visited a large number
>> >> of chapters along the way. I also track several dozen active OWASP
>> >> projects. I also consulted a non-profit speciality lawyer before
>> >> joining the board. I'm not shooting from the hip here, I'm well
>> >> prepared, I did my homework, and I'm not picking this fight lightly.
>> >>
>> >> --
>> >> Jim Manico
>> >> @Manicode
>> >> (808) 652-3805
>> >>
>> >> On Feb 19, 2013, at 11:46 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> >>
>> >>> Look at webgoat lessons. - every lesson has the creators company
>> logo. Should we remove these also?
>>
>
>
>
> --
> Global Board Member
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/35319f15/attachment.html>


More information about the OWASP-Leaders mailing list