[Owasp-board] Handling donations and logos

Dinis Cruz dinis at ddplus.net
Fri Feb 2 03:54:35 UTC 2007


Couple of comments:


   - Forever is a long time (especially in technology :) )
   - There defenitely needs to be some common sense on derived works (so
   if I add some bits from WebGoat to SiteGenerator do I will need to add's
   Aspect's logo to SiteGenerator?
   - Also what happens when we merge most of the current content so that
      we normalize what we have there (is fortify, secure, etc.. logos
going to be
      in the new materials) ?
   - What happens when the initial contribution is very small when
   compared to what the project has become (again using common sense)
   - Assuming that OWASP is going to grow a lot in the next years, with
   more and more companies participating and donating code, isn't this going to
   become a nightmare with Logos everywhere???? (let's say that company X adds
   a big module for project Y, so what happens in the short term? and in the
   medium term? )
   - Are we going to force our project's to fork projects just to avoid
   logo hell?
   - The reason I put 3 years in my original document was that 3 years of
   exposure is quite a long time (we could push this to 3 years after active
   contribution as ended)
   - If we are following the Wikipedia model of 'no authors' in our
   content, as we grow bigger (and our tools and documents more complex) I
   think that we should be moving to having less logos in our materials and
   tools and not more.
   - Finally, these are the reasons why companies should donate they code
   tools to OWASP:
      - It is cheaper to have OWASP continue its development/maturing
      than to do it themselves
      - Doing it themselves is much more limiting (OWASP has a bigger
      community, brain power and (maybe) more financial resources to
invest in it)

      - OWASP can give a tool/document a 'quasi-standard' mark , which
      eases its buy-in and acceptance (even by the donor's internal employees)
      - OWASP is seen as an independent body (which is something that
      we need to always be protecting)
      - ultimately, OWASP is the perfect home (our should we say
      'host') for that companies' donation

Back to Jeff's guideline, the 2nd item sounds good to me:

2) Sponsors can be added to the project for effort, dollars, or technology.
Their logo lasts for a year after their sponsorship ends.

Dinis

On 2/1/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>
>  Hi,
>
>
>
> Over the years we have accepted several significant donations from
> commercial companies (Fortify, Secure SW, Aspect, Denim).  The deal I have
> negotiated with those donors is that we would promote their project and make
> it part of the OWASP family.  In exchange, these companies would get the
> benefit of branding those tools.
>
>
>
> We must honor the existing commitments since we agreed to them in exchange
> for the donations.  However, for future donations, we MAY want to allow for
> things to become unbranded at some time in the future, as the codebase or
> documentation migrates away from the original contribution.
>
>
>
> There's a balance here – we want to encourage BOTH donations AND ongoing
> contributions.
>
>
>
> Dinis has proposed the following guidelines…
>
>
>
> 1) The original donor will get project 'sponsor status' (logo on relevant
> webpage, logo on tool/document, and mentioned as one of the (or the only)
> sponsor(s), until:
>
>    a) the donated material has been substantially transformed into another
> tool or document
>
>    b) 3 years have passed since the original donation
>
>
>
> note that in both a) and b) cases the original donor should always be
> credited, but will not (depending on the current project leader) be a
> 'sponsor'
>
>
>
> 2) Major contributions for the project (as in time by an employee or
> $9,000+ membership allocation or grant) will also give these companies
> 'sponsor' status (and projects might have 2,3.5, 10 sponsors)
>
>
>
> I suggest the following revision…
>
>
>
> 1) The original donor gets "Donor" status (logo on webpages and in
> tool/document) on any derivative works forever.  There can be multiple
> donors if two companies contribute to the same work.
>
>
>
> 2) Sponsors can be added to the project for effort, dollars, or
> technology. Their logo lasts for a year after their sponsorship ends.
>
>
>
> Thoughts?
>
>
>
> --Jeff
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070202/ef006d66/attachment-0005.html>


More information about the Owasp-board mailing list