Jeff,<br><br>Sonatype has published <a href="http://www.sonatype.com/news/software-component-vulnerability-cited-as-latest-application-security-threat-in-owasp-top-ten-list-sonatype-first-to-provide-comprehensive-solution" target="_blank">http://www.sonatype.com/news/software-component-vulnerability-cited-as-latest-application-security-threat-in-owasp-top-ten-list-sonatype-first-to-provide-comprehensive-solution</a> which has quoted you <b>to the detriment of OWASP Brand</b> and <b>in violation of <a href="https://www.owasp.org/index.php?title=Quotes" target="_blank">https://www.owasp.org/index.php?title=Quotes</a></b> which has the following incorrect statements:<div>

<ol><li>"<i>... the just released 2013 Open Web Application Security Project (OWASP) Top Ten ...</i>" when <a href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities" target="_blank">https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities</a> states that "... <i>is a release candidate intended only for comments.</i>" hence the final release has *not* been ratified.</li>

<li>"<i>... Jeff Williams, CEO of Aspect Security and founding member of OWASP.</i>" yet you are aware that you are *not* a founder of OWASP as per <a href="http://lists.owasp.org/pipermail/owasp-leaders/2012-September/007810.html" target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2012-September/007810.html</a></li>
</ol><div><div><br></div><div>This accusation is further compounded since it appears that you:</div><div><ul><li><b>Have deliberately ignored the OWASP media quotes policy and process that you established</b> i.e. <a href="https://www.owasp.org/index.php?title=Quotes&action=history" target="_blank">https://www.owasp.org/index.php?title=Quotes&action=history</a></li>
<li>Are <b>aware that Sonatype have issued this press release </b>due to your own prior "alert" triggered for other vendors i.e.  <a href="http://lists.owasp.org/pipermail/owasp-board/2007-July/005767.html">http://lists.owasp.org/pipermail/owasp-board/2007-July/005767.html</a> and <a href="http://lists.owasp.org/pipermail/owasp-board/2008-September/006845.html">http://lists.owasp.org/pipermail/owasp-board/2008-September/006845.html</a>, etc.</li>
</ul></div><div><br></div><div>Since you advocate <a href="https://www.owasp.org/index.php/Top_10_2013-Note_About_Risks">https://www.owasp.org/index.php/Top_10_2013-Note_About_Risks</a>, can you explain <b>how you intent to address this catastrophic damage to OWASP </b>as the resulting media articles from the Sonatype press release quote OWASP (and not Aspect Security) which I have sampled (i.e. there may be more entries) from <a href="http://www.sonatype.com/about/media/">http://www.sonatype.com/about/media/</a> below:</div>
<div><ol><li><a href="http://sdt.bz/51683">http://sdt.bz/51683</a></li><li><a href="http://www.drdobbs.com/open-source/open-source-usage-up-as-controls-and-pro/240153975">http://www.drdobbs.com/open-source/open-source-usage-up-as-controls-and-pro/240153975</a></li>
<li><a href="http://sdt.bz/45654">http://sdt.bz/45654</a> </li></ol></div><div> </div><div><div><div>-- <br>Regards,<br>Christian Heinrich<br><br><a href="http://cmlh.id.au/contact" target="_blank">http://cmlh.id.au/contact</a></div>
</div></div></div></div>