[Owasp-topten] OWASP Quotes Violation by Aspect Security for Sonatype

Christian Heinrich christian.heinrich at cmlh.id.au
Sat May 18 05:50:18 UTC 2013


Jeff,

Sonatype has published
http://www.sonatype.com/news/software-component-vulnerability-cited-as-latest-application-security-threat-in-owasp-top-ten-list-sonatype-first-to-provide-comprehensive-solution
which
has quoted you *to the detriment of OWASP Brand* and *in violation of
https://www.owasp.org/index.php?title=Quotes* which has the following
incorrect statements:

   1. "*... the just released 2013 Open Web Application Security Project
   (OWASP) Top Ten ...*" when
   https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilitiesstates
that "...
   *is a release candidate intended only for comments.*" hence the final
   release has *not* been ratified.
   2. "*... Jeff Williams, CEO of Aspect Security and founding member of
   OWASP.*" yet you are aware that you are *not* a founder of OWASP as per
   http://lists.owasp.org/pipermail/owasp-leaders/2012-September/007810.html


This accusation is further compounded since it appears that you:

   - *Have deliberately ignored the OWASP media quotes policy and process
   that you established* i.e.
   https://www.owasp.org/index.php?title=Quotes&action=history
   - Are *aware that Sonatype have issued this press release *due to your
   own prior "alert" triggered for other vendors i.e.
   http://lists.owasp.org/pipermail/owasp-board/2007-July/005767.html and
   http://lists.owasp.org/pipermail/owasp-board/2008-September/006845.html,
   etc.


Since you advocate
https://www.owasp.org/index.php/Top_10_2013-Note_About_Risks, can you
explain *how you intent to address this catastrophic damage to OWASP *as
the resulting media articles from the Sonatype press release quote OWASP
(and not Aspect Security) which I have sampled (i.e. there may be more
entries) from http://www.sonatype.com/about/media/ below:

   1. http://sdt.bz/51683
   2.
   http://www.drdobbs.com/open-source/open-source-usage-up-as-controls-and-pro/240153975
   3. http://sdt.bz/45654


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130518/a7ea4f0d/attachment.html>


More information about the Owasp-topten mailing list