[Owasp-leaders] OWASP connector

Todd Grotenhuis todd.grotenhuis at owasp.org
Mon Apr 24 21:18:41 UTC 2017


The reason we're still talking about it is because it is a weakness that
keeps getting exploited.

Because the Top 10 have been turned into false Compliance benchmarks,
companies are saying they help with them or are compliant with them. And
because there is business incentive to do that (e.g. PCI money), we see
corporate manipulation of the Top 10 (e.g. new A7) to support companies
that are compliant with or deal with certain Top 10 issues. It's not going
to go away until we are more clear what the Top 10 represents and what it
may and may not be used for. It remains an open weakness in our design.

On Mon, Apr 24, 2017 at 5:08 PM, Ian Gorrie <ian.gorrie at owasp.org> wrote:

> Isn't this the same kind of thing that everyone lost their mind over with
> Contrast?
>
> Surprising that it would be repeated a year later.
>
> -i
>
> On Mon, Apr 24, 2017 at 11:16 AM, Larry Conklin <larry.conklin at owasp.org>
> wrote:
>
>> On this month's OWASP connector what does vendor Kiuwan mean in their ad
>> saying their product is "Full OWASP Compliance"?
>>
>> I understand right below the add in small print it says "Ads are not
>> endorsements and reflect the messages of the advertiser only. They
>> represent co-marketing arrangements with other organizations in
>> support of the OWASP Community."
>>
>> But saying something is "Full OWASP Compliance" in larger print on our
>> own email used to communicate to the entire community seems to fly in the
>> face of being vendor agnostic.
>>
>> Larry Conklin, CISSP, CSSLP
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170424/64560748/attachment-0001.html>


More information about the OWASP-Leaders mailing list