This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search

Experimental Status

The OWASP Quotes project is currently in an experimental status. We are working out the process for generating and promoting quotes that support our mission. The rules and process may and probably will change during this experimental period. If you have comments or ideas about how we can improve this function, please don't hesitate to let us know on the discussion page or email

OWASP Quotes

From time to time, OWASP needs to speak out about issues that affect our mission. We have done this throughout our history using tools like keynote addresses, open letters, interviews, presentations, and standards. This project is about capturing those thoughts, expressing them in a compelling way, getting our community behind them, and promoting them where they will do some good. Together, the combined voice of OWASP is a powerful force, and one that we can harness to help achieve our mission.

We may create quotes about commercial activities. This is not about OWASP "giving" quotes to companies, but about OWASP controlling the message. OWASP quotes may increase pressure on organizations to do the right thing. Nevertheless, our intent is to focus primarily on recognizing positive behavior in the market. Quotes that are critical will only be created after a reasonable attempt to work with the affected parties without progress.

Rules for Creating OWASP Quotes

The "OWASP Quotes" project creates quotes subject to the following rules:

  • Quotes must focus on a topic that significantly affects our mission
  • Quotes must represent the "rough consensus" of the OWASP community, as decided by the OWASP Board
  • Quotes must promote application security and OWASP
  • Quotes must be consistent with our ethics and principles
  • Quotes must not directly endorse or recommend any vendor
  • Quotes can be in any language, but an English version must be created so that the review process can proceed
  • The quote drafting, discussion, and approval process will be free and open to all
  • The official OWASP quote and all translations will be on our wiki

OWASP is under no obligation to create quotes about anything, particularly commercial ventures. We also have no obligation to use any particular language or focus on any particular topic in our quotes.

Rules for Using OWASP Quotes

In order to use an OWASP quote, we require that you observe the following terms:

  • You must indicate somewhere in close proximity to the quote that OWASP never endorses or recommends any organization, product, or service.
  • You must reference OWASP as the source of the quote and provide a link to the official quote on the wiki.
  • You must use the entire quote.


We would particularly like about things that are innovative, increase visibility, improve culture, increase assurance, and will help us achieve our mission.

Quotes can come from any sources. OWASP Leaders are encouraged to suggest quotations about things that are happening in the market. OWASP also welcomes the involvement of individuals, external companies, and organizations. We encourage you to become an OWASP member, but it has nothing to do with whether we will consider your quote.

If you are doing something that you believe the OWASP community might be interested in, please don't hesitate to contact us at

Quote Process

Quotes will be drafted by the OWASP Board based on submissions from anyone. All quotes will be listed in the table below and linked to an individual page with an appropriate title starting with "Quote-". Discussion on the quote should be carried out on the discussion page for that quote.

The comment period will stay open for a week. If a "rough consensus" can be achieved in that time, then the OWASP Board will move the quote to "approved" status and it will be final. Otherwise, the quote will be dropped and possibly reconsidered at a later date. In either case, discussion of the quote can, of course, continue. Quotes will not be changed once they have been approved. However, additional information and quotes can be added to the same page to update the status of the quote as events warrant.

Draft Quotes

Date Status Discussion Title
July 28, 2010 Draft Discussion Quote-Veracode Provides Visibility into Their Verification Process for the OWASP Top 10

Approved Quotes

Date Status Discussion Title
TBD Approved Discussion TBD