[Owasp-leaders] OWASP Top 10/ Aspect Security Top 10

Steven van der Baan steven.van.der.baan at owasp.org
Sun Jun 2 18:28:38 UTC 2013


Hi All,

After all the discussions on the list about the Top 10 and the
involvement of Aspect Security I expected that it would stay more quite
and relaxed until the final release of the OWASP top 10. Unfortunately
the next posting was released - also via the OWASP Moderated New Feed:
http://www.bankinfosecurity.com/blogs/owasp-top-ten-2013-p-1465 in which
Jeff Williams is telling about the new - 'and improved'  Top 10 (even
when it still is listed as release candidate and OWASP as an
organization hasn't officially released it).
When reading this blog post I got a negative feeling around it all. It
appears to me that OWASP has lost the Top 10 as a project, and that it
has become a marketing tool of Aspect Security (like the WhiteHat top
10, or Sans top 25). As far as I remember we pride ourselves in that our
projects are vendor neutral, but considering how  this project is going
I sincerely doubt that it's the case with this particular project
(although I do hope that either Jeff or Dave have serious proof to
convince me otherwise).

And as such I am curious what the board is planning to do about this
abuse of trust. Because their reaction to this will definitely set a
president for other companies to take ownership of projects and use them
as marketing tools.

Fool me once, shame on you; fool me twice, shame on me
Steven.


More information about the OWASP-Leaders mailing list