[Owasp-leaders] OWASP Top 10/ Aspect Security Top 10
dennis.groves at owasp.org
Sun Jun 2 19:23:05 UTC 2013
On 2 Jun 2013, at 11:28, Steven van der Baan wrote:
> Hi All,
> After all the discussions on the list about the Top 10 and the
> involvement of Aspect Security I expected that it would stay more
> and relaxed until the final release of the OWASP top 10. Unfortunately
> the next posting was released - also via the OWASP Moderated New Feed:
> http://www.bankinfosecurity.com/blogs/owasp-top-ten-2013-p-1465 in
> Jeff Williams is telling about the new - 'and improved' Top 10 (even
> when it still is listed as release candidate and OWASP as an
> organization hasn't officially released it).
So are you implying that it is an 'abuse of trust' for me to talk about
the 'upcoming features of AppSensor.' I don't follow your reasoning
about why this is a problem?
Jeff is **the project leader** and has an obligation and duty to raise
interest in the next version of the OWASP Top 10!
Can you share with me your view of a project leaders role and duties?
> When reading this blog post I got a negative feeling around it all. It
> appears to me that OWASP has lost the Top 10 as a project, and that it
> has become a marketing tool of Aspect Security (like the WhiteHat top
> 10, or Sans top 25). As far as I remember we pride ourselves in that
> projects are vendor neutral, but considering how this project is
> I sincerely doubt that it's the case with this particular project
> (although I do hope that either Jeff or Dave have serious proof to
> convince me otherwise).
There is nothing about Aspect in the article; save Jeff's author bio. It
talks about OWASP exclusively. This is nothing but good press for OWASP.
Without vendors, OWASP will cease to be relevant, what we do is created
by and consumed by companies.
Can you explain to me and the others, your vision of how vendors and
companies would interact with OWASP? Maybe we can work on getting those
ideas into our policy documents?
> And as such I am curious what the board is planning to do about this
> abuse of trust. Because their reaction to this will definitely set a
> president for other companies to take ownership of projects and use
> as marketing tools.
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
> "Unless someone like you...cares a whole awful lot...nothing is going
> to get better...It's not." -- The Lorax
More information about the OWASP-Leaders