This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Quotes"

Jump to: navigation, search
(Created page with '==Experimental Status== The OWASP Quotes project is currently in an experimental status. We are working out the process for generating and promoting quotes that support our miss…')
(No difference)

Revision as of 21:48, 28 July 2010

Experimental Status

The OWASP Quotes project is currently in an experimental status. We are working out the process for generating and promoting quotes that support our mission. The rules and process may and probably will change during this experimental period. If you have comments or ideas about how we can improve this function, please don't hesitate to let us know on the discussion page or email

OWASP Quotes

From time to time, OWASP needs to speak out about issues that affect our mission. We have done this throughout our history using tools like keynote addresses, open letters, interviews, presentations, and standards. Together, the combined voice of OWASP is a powerful force, and one that we can harness to help achieve our mission.


The "OWASP Quotes" project creates quotes subject to the following rules:

  • Quotes must focus on a topic that significantly affects our mission
  • Quotes must represent the "rough consensus" of the OWASP community
  • Quotes must promote application security and OWASP
  • Quotes must be consistent with our ethics and principles
  • Quotes must not endorse or recommend any vendor
  • The quote drafting, discussion, and approval process will be free and open to all

We may create quotes about commercial activities. This is not about OWASP "giving" quotes to companies, but about OWASP controlling the message. OWASP quotes may increase pressure on organizations to do the right thing. Nevertheless, our intent is to focus primarily on recognizing positive behavior in the market. Negative quotes will only be created after a reasonable attempt to work with the affected parties without progress.

OWASP is under no obligation to create quotes about anything, particularly commercial ventures. We also have no obligation to use any particular language or focus on any particular topic in our quotes.


OWASP welcomes the involvement of external companies and organizations. If you are doing something that you believe the OWASP community might be interested in, please don't hesitate to contact us at We would particularly like to hear if you are doing something innovative that will help us achieve our mission.

Quote Process

Quotes will be drafted by the OWASP Board based on submissions from anyone. All quotes will be listed in the table below and linked to an individual page with an appropriate title starting with "Quote-". Discussion on the quote should be carried out on the discussion page for that quote.

Date Status Discussion Title
July 28, 2010 Draft Discussion Quote-Veracode Provides Visibility into Their Verification Process for the OWASP Top 10