[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

Gregory Disney-Leugers gregory.disney at owasp.org
Tue Feb 19 20:58:00 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why not give a place on the project page for sponsors? seems simpler
then having direct branding on the end product.

On 02/19/2013 03:31 PM, Konstantinos Papapanagiotou wrote:
> The primary goal of such organizations is to make money. They won't
> support OWASP because it's the "right thing to do". They will
> support us because eventually they want to make money out of it. So
> they ask for promotion. If we want them to support projects, yes,
> some of them might want their logo quite visible in them and I
> think this is quite reasonable. Personally I'd like to see more
> companies actively supporting projects even if this means that we
> place their logo somewhere. If the majority disagrees, that's fine
> but let's not ask for project support then. It's quite simple as I
> see it.
> 
> Kostas
> 
> On 19 ??? 2013, at 18:41, psiinon <psiinon at gmail.com> wrote:
> 
>> I agree that we need organisations supporting OWASP and its
>> projects, but I am also concerned about things like company logos
>> splashed all across OWASP projects, whether documentation
>> projects or tools. Firstly I think it can be taken as an
>> endorsement of that company by OWASP. Secondly it can be seen as
>> that company owning or controlling a project and can therefore
>> put off other potential contributors.
>> 
>> Someone mentioned use and abuse cases - I think it would be
>> really useful to have a set of these so that we can have clear
>> examples of what we as an organization think is acceptable and
>> unacceptable.
>> 
>> I'd like to see the corporate logos removed from OWASP projects,
>> or at least moved to non intrusive places. I have no problems
>> with listing the relevant companies and their logos in the
>> credits both in the projects themselves and on their OWASP wiki
>> pages. And companies should be free to trumpet their OWASP
>> contributions on their own websites to their hearts content :)
>> 
>> But thats just my view - can we collectively come up with a set
>> of use/abuse cases and then discuss and vote on them?
>> 
>> Cheers,
>> 
>> Simon
>> 
>> 
>> On Tue, Feb 19, 2013 at 4:12 PM, Abbas Naderi
>> <abbas.naderi at owasp.org> wrote:
>>> Hi all folks, I don't know if any of you are also members of
>>> the top-10 list, but since the RC release, at least a couple
>>> dozen people have sent valuable comments. Nobody in there is
>>> charge of managing and applying the comments and they just go
>>> unnoticed. At least 5 people have commented that A9 does not
>>> have the correct title and also that A4 and A7 are practically
>>> the same thing.
>>> 
>>> I'd appreciate it if someone allowed community to also work on
>>> this.
>>> 
>>> 
>>> Also everyone knows that Top 10 is one of the key projects at
>>> OWASP. I personally like the document, but I always hate it to
>>> see some company's logo there. All I'm thinking at that moment
>>> is why them? My company would be more than glad to sponsor and
>>> contribute to Top Ten or any other project, and have its logo
>>> added to the project, but hey that's not the spirit of OWASP.
>>> 
>>> I agree that they should be mentioned, but why not provide a
>>> link on the wiki to their website, and then have all the logos
>>> and texts about how Aspect made Top 10? I don't know if anyone
>>> is against this one.
>>> 
>>> 
>>> So, please first introduce someone to me who is in charge of
>>> Top 10 right now so that I can help him/her manage comments and
>>> apply changes, and second define how deep can the company's
>>> influence be there on any project. (i.e my company is creating
>>> WebGoatPHP from scratch with a lot of work, but we're not
>>> mentioned almost anywhere in it, we just mention on out website
>>> that we have done this.)
>>> 
>>> Thanks and sorry for long mail, -Abbas On ? ????? ????, at
>>> ??:??, Eoin Keary <eoin.keary at owasp.org> wrote:
>>> 
>>>> Non profit != no money :)
>>>> 
>>>> 
>>>> 
>>>> On Tue, Feb 19, 2013 at 3:35 PM, Jim Manico
>>>> <jim.manico at owasp.org> wrote:
>>>>> I'm happy to have a smaller OWASP with less vendor
>>>>> involvement, fewer but higher quality projects, and a
>>>>> smaller budget. We are in the (non profit) business of
>>>>> spreading AppSec awareness, not making more money.
>>>>> 
>>>>> -- Jim Manico @Manicode (808) 652-3805
>>>>> 
>>>>> On Feb 20, 2013, at 12:27 AM, Eoin Keary
>>>>> <eoinkeary at gmail.com> wrote:
>>>>> 
>>>>>> I believe in what ur saying but our corporate sponsors
>>>>>> won't.
>>>>>> 
>>>>>> Why do we have corporate sponsor logos on the wiki at
>>>>>> all, following this thought process?
>>>>>> 
>>>>>> We need to balance revenue generation to do stuff with
>>>>>> our open source ideals. Corporate sponsorship is
>>>>>> important to the foundation for conferences, events,
>>>>>> etc.
>>>>>> 
>>>>>> We need industry inclusion /support or we die.
>>>>>> 
>>>>>> Eoin Keary Owasp Global Board +353 87 977 2988
>>>>>> 
>>>>>> 
>>>>>> On 19 Feb 2013, at 15:12, Jim Manico
>>>>>> <jim.manico at owasp.org> wrote:
>>>>>> 
>>>>>>>> Look at webgoat lessons. - every lesson has the
>>>>>>>> creators company logo. Should we remove these also?
>>>>>>> 
>>>>>>> Absolutely! This is not NASCAR, this is a not for
>>>>>>> profit charitable, altruistic organization where
>>>>>>> serving the community at the expense of personal gain
>>>>>>> in a vendor-neutral way is the norm.
>>>>>>> 
>>>>>>> And PS: Bruce Mayhew continues to support WebGoat in
>>>>>>> his free time and he works for a different company now.
>>>>>>> WebGoat 5.4 actually removed some of the sponsorship
>>>>>>> garbage and future versions will do so to an even
>>>>>>> greater extent.
>>>>>>> 
>>>>>>> I'm lucky enough to have traveled the world and visited
>>>>>>> a large number of chapters along the way. I also track
>>>>>>> several dozen active OWASP projects. I also consulted a
>>>>>>> non-profit speciality lawyer before joining the board.
>>>>>>> I'm not shooting from the hip here, I'm well prepared,
>>>>>>> I did my homework, and I'm not picking this fight
>>>>>>> lightly.
>>>>>>> 
>>>>>>> -- Jim Manico @Manicode (808) 652-3805
>>>>>>> 
>>>>>>> On Feb 19, 2013, at 11:46 PM, Eoin Keary
>>>>>>> <eoin.keary at owasp.org> wrote:
>>>>>>> 
>>>>>>>> Look at webgoat lessons. - every lesson has the
>>>>>>>> creators company logo. Should we remove these also?
>>>> 
>>>> 
>>>> 
>>>> -- Global Board Member 
>>>> _______________________________________________ OWASP-Leaders
>>>> mailing list OWASP-Leaders at lists.owasp.org 
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> _______________________________________________ OWASP-Leaders
>>> mailing list OWASP-Leaders at lists.owasp.org 
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> 
>> -- OWASP ZAP Project leader 
>> _______________________________________________ OWASP-Leaders
>> mailing list OWASP-Leaders at lists.owasp.org 
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> _______________________________________________ OWASP-Leaders
> mailing list OWASP-Leaders at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRI+dYAAoJEJ3hMvh9604c7MgH/03L7gD3opHgNFfS6BrkLcsk
RzuTWhZ3U0MNTtuVzjQiRMFKre+Dx8/q3UDmvfXcfztyVTCl3Av/9wW3HRvoBW5k
R9FyROUneKPGcRnSVQoqKkV5GNnzSInY3lMVMTqFdJQKh4L8FUWwMR9iep5xXTmK
KWrbsFdF0BPps+Db+FggKSFqleeMGt/tBL6sV8XAZp/0SYUQkc52FmVjc9UvlUmx
cvkEUtwlZCFPhhwgi/CJiUIy98F9AlBBZg4+JOCchpuc3BH7xhUoA/opg1i/LHXM
EgqahmyhiNfNPSDhzuPFajwsTnzJzkmd42YHKcARvf28uqDDa89TffpDg/iWhkw=
=PKDn
-----END PGP SIGNATURE-----


More information about the OWASP-Leaders mailing list