[Owasp-topten] Apologies

Mark Curphey mark at curphey.com
Fri Aug 19 02:26:31 EDT 2005

After a hectic few weeks I am afraid I am having to withdraw from leading the effort to re-write the OWASP Top Ten. I am over committed and need to prioriize my efforts on things where I think I can have the most impact and things that are aligned with my train of thought / philosophy. 

Having received emails from various people its clear to me that a large body of people seem to care as much about the fact that vendors are using the current top ten (mostly in BS marketing IMHO BTW) and would have to re-tool as they do about the fact it needs to be optimized and refactored to continue to be accurate, relevant and timely.

I have been lucky enough to spend time this week with Ward Cunningham http://en.wikipedia.org/wiki/Ward_Cunningham and we spoke about communities, OWASP and his experience of situations like this. I think I concluded that in life you grow apart from some things and I think I am just continuing to grow apart from OWASP. This is perfectly fine and natural, but forcing myself to fix things I think are wrong is a disruptive pattern (ignore pun) and I just dont have the fight left in me to deal with some opinions expressed to me in mail on the T10 ;-) I originally set up OWASP to cut through vendor BS in the industry and not have to work with it. 

I hope you understand and I hope someone takes up the effort. 

Kind regards,


More information about the Owasp-topten mailing list