Some comments on HN suggested that it is more a starting point and a rehashing of OWASP without covering the details that well in Go, so I was wondering if that was the sense others got.