<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    I support building up java.owasp.org and will have jowasp.org
    transferred to OWASP and suggest that it be redirected to
    java.owasp.org.<br>
    <br>
    And Yvan, may I politely suggest a little Shakespeare for you
    non-tech reading? From Romeo and Juliet....<br>
    <br>
    <meta charset="utf-8">
    <p style="margin: 0.5em 0px; line-height: 22.3999996185303px; color:
      rgb(37, 37, 37); font-family: sans-serif; font-size: 14px;
      font-style: normal; font-variant: normal; font-weight: normal;
      letter-spacing: normal; orphans: auto; text-align: start;
      text-indent: 0px; text-transform: none; white-space: normal;
      widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
      background-color: rgb(255, 255, 255);"><b>Juliet:</b></p>
    <p style="margin: 0.5em 0px; line-height: 22.3999996185303px; color:
      rgb(37, 37, 37); font-family: sans-serif; font-size: 14px;
      font-style: normal; font-variant: normal; font-weight: normal;
      letter-spacing: normal; orphans: auto; text-align: start;
      text-indent: 0px; text-transform: none; white-space: normal;
      widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
      background-color: rgb(255, 255, 255);">'Tis but thy name that is
      my enemy;<br>
      Thou art thyself, though not a Montague.<br>
      What's Montague? it is nor hand, nor foot,<br>
      Nor arm, nor face, nor any other part<br>
      Belonging to a man. O, be some other name!<br>
      <big><b><u>What's in a name? that which we call a rose</u></b><b><br>
        </b><b><u>By any other name would smell as sweet</u></b><b>;</b></big><br>
      So Romeo would, were he not Romeo call'd,<br>
      Retain that dear perfection which he owes<br>
      Without that title. Romeo, doff thy name,<br>
      And for that name which is no part of thee<br>
      Take all myself.</p>
    <br>
    Aloha,<br>
    Jim<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 8/27/14, 3:54 PM, Yvan Boily wrote:<br>
    </div>
    <blockquote
cite="mid:CAD_ZbKwYLUgcDPQMJdJJ-SNVznYhM-XydcBzpO+MCLJcL==E0g@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>On the contrary, naming *is* very important[1].  One of
              the single most significant protections that any open
              source project can leverage is trademark protection, and a
              proliferation and acceptance of domain names (even from a
              board member) that riff of OWASP have multiple effects:<br>
              <br>
            </div>
            * They weaken the claim to a trademark.  Not that this is a
            significant fear for OWASP, but one should tread cautiously
            and defend trademarks vigorously<br>
          </div>
          * They train users to treat 'non-owasp' domains as canonical
          resources<br>
        </div>
        * Privately owned OWASP-related domains weaken OWASP (as a legal
        entity) capabilities to ensure that OWASP values and commitments
        are upheld<br>
        <div>
          <div>
            <div>
              <div>
                <div>
                  <div>
                    <div><br>
                    </div>
                    <div>I don't have any concerns about what Jim is
                      trying to accomplish, but I do think that having a
                      CNAME to <a moz-do-not-send="true"
                        href="http://java.owasp.org">java.owasp.org</a>
                      or something similar is a far better approach.<br>
                      <br>
                    </div>
                    <div>Just my $0.02!<br>
                      <br>
                      <br>
                    </div>
                    <div>Regards,<br>
                      Yvan Boily<br>
                    </div>
                    <div><br>
                      <br>
                      [1] "There are only two hard problems in Computer
                      Science: cache invalidation, naming things, and
                      off-by-one errors." - unknown because I am lazy.<br>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Aug 27, 2014 at 3:09 PM, Adil
          Aliyev <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:adil.aliyev@owasp.org" target="_blank">adil.aliyev@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear all,
            <div><br>
            </div>
            <div>Anyway the idea is great because of the following
              reasons:</div>
            <div><br>
            </div>
            <div>1. Java is popular and more relevant today. Even PIC,
              Atmel folks who need more high-level features starting to
              use raspberry and ideal platform for it is Java+Linux. I
              dont know how about .NET, last time I used it 7 years
              ago. </div>
            <div><br>
            </div>
            <div>2. A lot of people turns to Java web from PHP recent
              years as Java has more powerful and easy to use frameworks
              for web, mvc, db abstraction, mapping etc. that makes web
              development easier and scalable. Such people need to be
              careful and they need to be educated. PHP is not Java, PHP
              "compilers" are not bytecode, forking is not direct
              multithreading and apache httpd, nginx etc are not
              application servers. They all have too many differences.
              In my experience I've seen a lot of people who confuses
              these basics. </div>
            <div><br>
            </div>
            <div>3. People who used Java and C++ only for desktop apps
              mostly writing unsecure code when writing for web. Once I
              have seen in very big company one wrote a program where
              authentication process is just for hiding login screen
              visually and assigning username to a global variable. Very
              sensitive information could be sent, received or sniffed
              via tcp. Another case was also in big company where
              programmer used session and serverside processing just for
              selecting DIV-based listbox item. I see that on internet
              also often. They all need serious experience. Web is not
              closed environment without malicious users.</div>
            <div><br>
            </div>
            <div>4. Java is not like PHP, JavaScript, Ruby etc as
              mentioned in previous mails. I mean from market point
              view. They all are not such relevant for enterprise
              systems for today. </div>
            <div><br>
            </div>
            P.S. My friends, please judge and tell your opinions on
            idea. The naming is very little thing to discuss. There is
            almost no difference between jowasp or java.owasp. <span></span><br>
            <div><br>
            </div>
            Best Regards,
            <div>Adil
              <div>
                <div class="h5"><br>
                  <div><br>
                  </div>
                  <div> </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div>On Thursday, August 28, 2014, Jim Manico <<a
                      moz-do-not-send="true"
                      href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div bgcolor="#FFFFFF" text="#000000"> Thank you
                        Jerry. I want to experiment *responsibly* and
                        respect the OWASP brand rules! And by the way, I
                        do not intend to follow any of rule #3 because
                        this goal is not to advertise my or any company;
                        I want to do this as an OWASP property.<br>
                        <br>
                        So with respect I plan to "go for it". If this
                        is successful then by all means we can figure
                        out what to do next as a team.<br>
                        <br>
                        Aloha,<br>
                        Jim<br>
                        <br>
                        <h4
                          style="color:black;font-weight:bold;margin:0px
                          0px
                          0.3em;overflow:hidden;padding-top:0.5em;padding-bottom:0.17em;border-bottom-style:none;font-size:15px;font-family:sans-serif;font-style:normal;font-variant:normal;letter-spacing:normal;line-height:19.2000007629395px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background:none
                          rgb(242,245,247)">
                          <span>OWASP Brand Usage Rules</span><br>
                          <a moz-do-not-send="true"
href="https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES"
                            target="_blank">https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES</a><br>
                        </h4>
                        <p style="margin:0.4em 0px
0.5em;line-height:19.2000007629395px;color:rgb(54,43,54);font-family:sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(242,245,247)">The
                          following rules make reference to the OWASP
                          Materials, meaning any tools, documentation,
                          or other content from OWASP. The rules also
                          make reference to "OWASP Published Standards"
                          which are currently in the process of being
                          developed and released. Currently there are no
                          OWASP Published Standards.</p>
                        <ol
                          style="line-height:19.2000007629395px;margin:0.3em
                          0px 0px
3.2em;padding:0px;color:rgb(54,43,54);font-family:sans-serif;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(242,245,247)">
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand may be used to direct people to the
                            OWASP website for information about
                            application security.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand may be used in commentary about the
                            materials found on the OWASP website.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand may be used by OWASP Members in good
                            standing to promote a person or company's
                            involvement in OWASP.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand may be used in association with an
                            application security assessment only if a
                            complete and detailed methodology,
                            sufficient to reproduce the results, is
                            disclosed.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand must not be used in a manner that
                            suggests that The OWASP Foundation supports,
                            advocates, or recommends any particular
                            product or technology.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand must not be used in a manner that
                            suggests that a product or technology is
                            compliant with any OWASP Materials other
                            than an OWASP Published Standard.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand must not be used in a manner that
                            suggests that a product or technology can
                            enable compliance with any OWASP Materials
                            other than an OWASP Published Standard.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand must not be used in any materials that
                            could mislead readers by narrowly
                            interpreting a broad application security
                            category. For example, a vendor product that
                            can find or protect against forced browsing
                            must not claim that they address all of the
                            access control category.</li>
                          <li style="margin-bottom:0.1em">The OWASP
                            Brand may be used by special arrangement
                            with The OWASP Foundation.</li>
                        </ol>
                        <br>
                        <div>On 8/27/14, 12:15 PM, Jerry Hoff wrote:<br>
                        </div>
                        <blockquote type="cite">
                          <div>Just to be clear - there are no owasp
                            restrictions regarding this, right ? <br>
                            <br>
                            I think all the ideas are good, and we
                            should implement them all - but I think Jim
                            should still build out jowasp. I think owasp
                            needs a bit more risk-taking and
                            experimentation like this. I'm a fan!</div>
                          <div><br>
                          </div>
                          <div><br>
                          </div>
                          <div><br>
                            --
                            <div>Jerry Hoff</div>
                            <div><a moz-do-not-send="true">jerry@owasp.com</a></div>
                            <div>@jerryhoff</div>
                          </div>
                          <div><br>
                            On Aug 27, 2014, at 21:56, Jim Manico <<a
                              moz-do-not-send="true">jim.manico@owasp.org</a>>

                            wrote:<br>
                            <br>
                          </div>
                          <blockquote type="cite">
                            <div>
                              <div>Timur,</div>
                              <div><br>
                              </div>
                              <div>I would use all of the OWASP brand
                                usage rules and style guidelines and
                                make the work transparent to the
                                community. At some point early in the
                                process, I plan to transfer ownership of
                                the domain to OWASP.</div>
                              <div><br>
                              </div>
                              <div>> a) <a moz-do-not-send="true"
                                  href="http://owasp.org/"
                                  target="_blank">owasp.org</a> has
                                non-attractive design. But there is web
                                redesign project under way, so why
                                duplicate design efforts?!</div>
                              <div><br>
                              </div>
                              <div>I have a different vision. I want to
                                only highlight Java developer projects,
                                not do a full redesign of the main
                                website.</div>
                              <div><br>
                              </div>
                              <div>And if it's successful I say keep
                                supporting and enhancing it as opposed
                                to kill it. ;)</div>
                              <div><br>
                              </div>
                              <div>Aloha,</div>
                              <div>
                                <div>--</div>
                                <div>Jim Manico</div>
                                <div>@Manicode</div>
                                <div><a moz-do-not-send="true"
                                    href="tel:%28808%29%20652-3805"
                                    value="+18086523805" target="_blank">(808)
                                    652-3805</a></div>
                              </div>
                              <div><br>
                                On Aug 27, 2014, at 11:48 AM, "Timur 'x'
                                Khrotko (owasp)" <<a
                                  moz-do-not-send="true">timur@owasp.org</a>>

                                wrote:<br>
                                <br>
                              </div>
                              <blockquote type="cite">
                                <div>
                                  <div dir="ltr">Hello, Jim,
                                    <div> <br>
                                    </div>
                                    <div>(be careful with using owasp
                                      creative property, the design, for
                                      a body, site not recognized by
                                      owasp due to its not fitting the
                                      existing notions, as is it a
                                      project or a chapter? :))</div>
                                    <div><br>
                                    </div>
                                    <div>What you are saying, is two
                                      things for me:</div>
                                    <div><br>
                                    </div>
                                    <div>a) <a moz-do-not-send="true"
                                        href="http://owasp.org/"
                                        target="_blank">owasp.org</a> has

                                      non-attractive design. But there
                                      is web redesign project under way,
                                      so why duplicate design efforts?!</div>
                                    <div><br>
                                    </div>
                                    <div>b) When a developer visits <a
                                        moz-do-not-send="true"
                                        href="http://owasp.org"
                                        target="_blank">owasp.org</a>
                                      she (:) sees mess, while she
                                      probably came with one simple
                                      motivation in mind, to find Java
                                      related appsec advise. And while
                                      we spend energies to tell dev
                                      folks deal with security we make
                                      our own advice hardly accessible.
                                      Only if one does not insist that
                                      this page makes Java security
                                      visible and accessible:</div>
                                    <div><a moz-do-not-send="true"
                                        href="https://www.owasp.org/index.php/Category:Java"
                                        target="_blank">https://www.owasp.org/index.php/Category:Java</a><br>
                                    </div>
                                    <div><br>
                                    </div>
                                    <div>So if jowasp gets successful I
                                      propose to kill it in the very
                                      moment it proves your
                                      technology-centric approach right
                                      and asap create technology-centric
                                      web-face and section on <a
                                        moz-do-not-send="true"
                                        href="http://owasp.org"
                                        target="_blank">owasp.org</a>
                                      with all the modern technologies,
                                      js, java, dotnet, scala, argh php,
                                      etc. - according to the structure
                                      you invent.</div>
                                    <div><br>
                                    </div>
                                    <div>Regards:</div>
                                    <div>timur</div>
                                    <div><br>
                                    </div>
                                    <div class="gmail_extra"><br>
                                      <br>
                                      <div class="gmail_quote">On Wed,
                                        Aug 27, 2014 at 8:44 PM, Jerry
                                        Hoff <span dir="ltr"><<a
                                            moz-do-not-send="true">jerry@owasp.org</a>></span>
                                        wrote:<br>
                                        <blockquote class="gmail_quote"
                                          style="margin:0 0 0
                                          .8ex;border-left:1px #ccc
                                          solid;padding-left:1ex">
                                          <div dir="auto">
                                            <div>I like it - we need
                                              more experimentation like
                                              this - the owasp wiki
                                              style landing page needs
                                              some serious overhauling
                                              in my opinion - would love
                                              to see what a pro designer
                                              comes up with. If the
                                              jowasp design is a hit,
                                              maybe we can port it over
                                              to owasp.</div>
                                            <div><br>
                                            </div>
                                            <div>My vote would be to do
                                              it! </div>
                                            <div>
                                              <div><br>
                                              </div>
                                              <div>Jerry</div>
                                              <div><br>
                                                <br>
                                                --
                                                <div>Jerry Hoff</div>
                                                <div><a
                                                    moz-do-not-send="true">jerry@owasp.com</a></div>
                                                <div>@jerryhoff</div>
                                              </div>
                                            </div>
                                            <div>
                                              <div>
                                                <div><br>
                                                  On Aug 27, 2014, at
                                                  21:26, Jim Manico <<a
moz-do-not-send="true">jim.manico@owasp.org</a>> wrote:<br>
                                                  <br>
                                                </div>
                                                <blockquote type="cite">
                                                  <div> Duly noted,
                                                    Jerry. I agree a <a
moz-do-not-send="true" href="http://dot.net" target="_blank">dot.net</a>
                                                    "version" of OWASP
                                                    would be a GOOD
                                                    idea! <br>
                                                    <br>
                                                    For <a
                                                      moz-do-not-send="true"
href="http://jowasp.org" target="_blank">jowasp.org</a>, I was planning
                                                    on using a *very*
                                                    professional
                                                    designer to build
                                                    the site using <b>OWASP

                                                      brand rules and
                                                      style</b> and
                                                    POINT to <a
                                                      moz-do-not-send="true"
href="http://OWASP.org" target="_blank">OWASP.org</a> projects. I intend
                                                    to copy or fork
                                                    *nothing* just be a
                                                    "front page" to help
                                                    developers get to
                                                    good Java security
                                                    developer resources
                                                    easily. So yea, I
                                                    would not copy the
                                                    cheat sheets, just
                                                    point to them, for
                                                    example.<br>
                                                    <br>
                                                    Aloha,<br>
                                                    Jim<br>
                                                    <br>
                                                    <br>
                                                    <br>
                                                    <div>On 8/27/14,
                                                      11:24 AM, Jerry
                                                      Hoff wrote:<br>
                                                    </div>
                                                    <blockquote
                                                      type="cite">
                                                      <pre>I would say that OWASP is already largely the java view of application security! We need a <a moz-do-not-send="true" href="http://dotnetwasp.org" target="_blank">dotnetwasp.org</a>!! :) 

Joking aside I think it's a fun idea - almost like a filtered view of OWASP for java folk. Are you going to set up your own web page, or make some auto redirect to a particular page on the OWASP wiki?

Jerry

--
Jerry Hoff
<a moz-do-not-send="true">jerry@owasp.com</a>
@jerryhoff

</pre>
                                                      <blockquote
                                                        type="cite">
                                                        <pre>On Aug 27, 2014, at 21:11, Jim Manico <a moz-do-not-send="true"><jim.manico@owasp.org></a> wrote:

Leaders,

A while ago I registered <a moz-do-not-send="true" href="http://jowasp.org" target="_blank">jowasp.org</a> with the intention of providing a
view into OWASP specific to Java developers. I intended to do this is
a non-commercial way, but I realize that Java is tied to a commercial
entity fairly tightly.

What do you think?

Aloha,
--
Jim Manico
@Manicode
<a moz-do-not-send="true" href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808) 652-3805</a>
_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                                                      </blockquote>
                                                    </blockquote>
                                                    <br>
                                                  </div>
                                                </blockquote>
                                              </div>
                                            </div>
                                          </div>
                                          <br>
_______________________________________________<br>
                                          OWASP-Leaders mailing list<br>
                                          <a moz-do-not-send="true">OWASP-Leaders@lists.owasp.org</a><br>
                                          <a moz-do-not-send="true"
                                            href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                            target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                          <br>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                  </div>
                                  <br>
                                  <div><font color="#66cccc" face="times
                                      new roman, serif" size="1">Email
                                      us to enforce secure link with
                                      your mail servers (domain).</font></div>
                                  <span>This message may contain
                                    confidential information - you
                                    should handle it accordingly.</span><br>
                                  <span>Ez a levél bizalmas információt
                                    tartalmazhat, és ekként kezelendő.</span></div>
                              </blockquote>
                            </div>
                          </blockquote>
                        </blockquote>
                        <br>
                      </div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>