[Owasp-leaders] OWASP Top 10/ Aspect Security Top 10

Dennis Groves dennis.groves at owasp.org
Sun Jun 2 19:23:05 UTC 2013

On 2 Jun 2013, at 11:28, Steven van der Baan wrote:

> Hi All,
> After all the discussions on the list about the Top 10 and the
> involvement of Aspect Security I expected that it would stay more 
> quite
> and relaxed until the final release of the OWASP top 10. Unfortunately
> the next posting was released - also via the OWASP Moderated New Feed:
> http://www.bankinfosecurity.com/blogs/owasp-top-ten-2013-p-1465 in 
> which
> Jeff Williams is telling about the new - 'and improved'  Top 10 (even
> when it still is listed as release candidate and OWASP as an
> organization hasn't officially released it).

So are you implying that it is an 'abuse of trust' for me to talk about 
the 'upcoming features of AppSensor.'  I don't follow your reasoning 
about why this is a problem?

Jeff is **the project leader** and has an obligation and duty to raise 
interest in the next version of the OWASP Top 10!

Can you share with me your view of a project leaders role and duties?

> When reading this blog post I got a negative feeling around it all. It
> appears to me that OWASP has lost the Top 10 as a project, and that it
> has become a marketing tool of Aspect Security (like the WhiteHat top
> 10, or Sans top 25). As far as I remember we pride ourselves in that 
> our
> projects are vendor neutral, but considering how  this project is 
> going
> I sincerely doubt that it's the case with this particular project
> (although I do hope that either Jeff or Dave have serious proof to
> convince me otherwise).

There is nothing about Aspect in the article; save Jeff's author bio. It 
talks about OWASP exclusively. This is nothing but good press for OWASP.

Without vendors, OWASP will cease to be relevant, what we do is created 
by and consumed by companies.

Can you explain to me and the others, your vision of how vendors and 
companies would interact with OWASP? Maybe we can work on getting those 
ideas into our policy documents?

> And as such I am curious what the board is planning to do about this
> abuse of trust. Because their reaction to this will definitely set a
> president for other companies to take ownership of projects and use 
> them
> as marketing tools.


[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 

> "Unless someone like you...cares a whole awful lot...nothing is going 
> to get better...It's not." -- The Lorax

More information about the OWASP-Leaders mailing list