This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 01:01, 29 July 2010 by Jeff Williams (talk | contribs) (Quote History)

Jump to: navigation, search

Experimental Status

The OWASP Quotes project is currently in an experimental status. We are working out the process for generating and promoting quotes that support our mission. The rules and process may and probably will change during this experimental period. If you have comments or ideas about how we can improve this function, please don't hesitate to let us know on the discussion page or email [email protected]

OWASP Quotes

From time to time, OWASP needs to speak out about issues that affect our mission. We have done this throughout our history using tools like keynote addresses, open letters, interviews, presentations, and standards. This project is about capturing those thoughts, expressing them in a compelling way, getting our community behind them, and promoting them where they will do some good. Together, the combined voice of OWASP is a powerful force, and one that we can harness to help achieve our mission.

We may create quotes about commercial activities. This is not about OWASP "giving" quotes to companies, but about OWASP controlling the message. OWASP quotes may increase pressure on organizations to do the right thing. Nevertheless, our intent is to focus primarily on recognizing positive behavior in the market. Quotes that are critical will only be created after a reasonable attempt to work with the affected parties without progress.


The "OWASP Quotes" project creates quotes subject to the following rules:

  • Quotes must focus on a topic that significantly affects our mission
  • Quotes must represent the "rough consensus" of the OWASP community
  • Quotes must promote application security and OWASP
  • Quotes must be consistent with our ethics and principles
  • Quotes must not endorse or recommend any vendor
  • The quote drafting, discussion, and approval process will be free and open to all

OWASP is under no obligation to create quotes about anything, particularly commercial ventures. We also have no obligation to use any particular language or focus on any particular topic in our quotes.


OWASP welcomes the involvement of external companies and organizations. If you are doing something that you believe the OWASP community might be interested in, please don't hesitate to contact us at [email protected] We would particularly like to hear if you are doing something innovative that will help us achieve our mission.

Quote Process

Quotes will be drafted by the OWASP Board based on submissions from anyone. All quotes will be listed in the table below and linked to an individual page with an appropriate title starting with "Quote-". Discussion on the quote should be carried out on the discussion page for that quote.

The comment period will stay open for a week. If a "rough consensus" can be achieved in that time, then the OWASP Board will move the quote to "approved" status and it will be final. Discussion of the quote can, of course, continue. Quotes will not be changed once they have been approved. However, additional quotes can be added to the same page to update the status of the quote as events warrant.

Draft Quotes

Date Status Discussion Title
July 28, 2010 Draft Discussion Quote-Veracode Provides Visibility into Their Verification Process for the OWASP Top 10

Approved Quotes

Date Status Discussion Title
TBD Approved Discussion TBD