[Owasp-topten] OWASP Quotes Violation by Aspect Security for Sonatype

Christian Heinrich christian.heinrich at cmlh.id.au
Sun May 19 01:40:37 UTC 2013


Jeff,

On Sun, May 19, 2013 at 6:17 AM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
> I do not speak for OWASP. Nobody does. The OWASP Quotes idea was my failed
> attempt to try to create such a voice.

There are six mentions of the OWASP brand within
http://www.sonatype.com/news/software-component-vulnerability-cited-as-latest-application-security-threat-in-owasp-top-ten-list-sonatype-first-to-provide-comprehensive-solution
so the claim that you did not abuse your project leadership of the
OWASP Top Ten Project OWASP to endorse a vendor that Aspect Security
have a commercial relationship with i.e.
https://www.google.com.au/search?q=sonatype+%22Aspect+Security%22 is
false.

Furthermore, you deliberately withheld the disclosure to OWASP to the
publication of their Press Release in light of you highlighting these
from other vendors in the past i.e.
http://lists.owasp.org/pipermail/owasp-board/2007-July/005767.html,
http://lists.owasp.org/pipermail/owasp-board/2008-September/006845.html,
for Aspect Security's commercial gain.

There is *no* recorded failure of
https://www.owasp.org/index.php/Quotes according to
http://lists.owasp.org/pipermail/owasp-board/2010-August/008831.html.
However I would welcome you to come forward with evidence that
disputes this?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-topten mailing list