[Owasp-board] Barracuda taking OWASP name in vain?

Dinis Cruz dinis at ddplus.net
Wed Feb 13 07:16:54 UTC 2008


Perfect, send this one by email and by posted letter (Alison, send both 10
times if you have to)

Of course they are going to ignore the first email :)

Let's see if they can ignore multiple emails and letter,

and if they do we then move to plan B , which I would propose to be sending
a forward of that email (with the timeline of when the emails and letters
were sent) to the owasp-leaders list asking 'does anybody here knows
somebody at Barracuda'


Btw Jeff, I think I recognize that Smart Audit reference ;)   I'm happy for
you (i.e. Alison) to try that again since I can follow it up from the
inside.

Dinis

On 2/13/08, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Here's one I sent to some company who was abusing OWASP a while back…  I
> got no response.
>
>
>
>
>
> Hi XXX,
>
>
>
> We've been notified from several sources that your company is referencing
> the OWASP Top Ten and actually it has caused a bit of concern.  You may not
> know that OWASP has a set of established brand usage rules that govern the
> use of the OWASP name and logo.
>
>
>
> http://www.owasp.org/index.php/OWASP_brand_usage_rules
>
>
>
> Could you provide us details of exactly how SmartAudit matches up with and
> covers the OWASP Top Ten?   See http://www.owasp.org/index.php/Top_10_2007for the latest version.
>
>
>
> Please don't hesitate to contact me to discuss any of the above. Thanks,
>
>
>
> --Jeff
>
>
>
> Jeff Williams, Chair
>
> The OWASP Foundation <http://www.owasp.org/>
>
> work: 410-707-1487
>
> main: 301-604-4882
>
>
>
> *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> *Sent:* Wednesday, February 13, 2008 12:10 AM
> *To:* Sebastien Deleersnyder
> *Cc:* Dave Wichers; jeff.williams at owasp.org; Andrew van der Stock; OWASP
> Board
> *Subject:* Re: [Owasp-board] Barracuda taking OWASP name in vain?
>
>
>
> This is probably one of the oldest recurring themes on OWASP that I can
> remember, i.e. how do deal with this type of abuse.
>
> In fact, Paulo's project on SpoC  was to handle this situations, before I
> hijacked him for SpoC Management (due to lack of time from the previous
> candidate (one of the italian guys))
>
> Since this is a bit of a can of worms and one that needs to be done with
> some sensitivity and follow up (because once we start this thread it will go
> on and on and on), unless one of you (board member) wants to take this
> personally, I would recommend a first mild approach and ask Alison to
> contact Barracuda 'Officially' from OWASP and ask for clarifications.
>
> I think Alison should send Barracuda two items: an Email and a posted
> letter (in OWASP's letter head) with a simple question: "We (OWASP) would
> like more clarifications from you on what exactly you mean by the statements
> bellow (include text), please advise. Thanks"
>
> And let's see how they react.
>
> Part of the problem with this issue is that at the moment it that we
> (OWASP) have not been very active in identifying what is acceptable, what is
> 'pushing the reality a bit' and what is NOT acceptable. A 'Wall of Shame' is
> inevitable :)  but we need to get there in baby steps. For example at Ounce
> Labs I don't have a good framework and practical guidelines to give the
> marketing guys (and I do give them some heat on some of the statements they
> do)
>
> What do you guys think? If you are Ok, Alison can work on that letter and
> post it here for review before sending it (in fact we should also send a
> copy of that letter to the owasp-leaders list)
>
> Dinis
>
> On 2/12/08, *Sebastien Deleersnyder* <Sebastien.Deleersnyder at telindus.be>
> wrote:
>
> Ok for me.
>
> Only to be used for extreme abuse, we should not waste efforts on witch
> hunting.
>
>
>
> Regards
>
>
>
> Seba
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Dave Wichers
> *Sent:* 12 February 2008 19:20
> *To:* jeff.williams at owasp.org; 'Andrew van der Stock'; 'OWASP Board'
> *Subject:* Re: [Owasp-board] Barracuda taking OWASP name in vain?
>
>
>
> Seems reasonable to me.
>
>
>
> -Dave
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Jeff Williams
> *Sent:* Tuesday, February 12, 2008 1:18 PM
> *To:* 'Andrew van der Stock'; 'OWASP Board'
> *Subject:* Re: [Owasp-board] Barracuda taking OWASP name in vain?
>
>
>
> Yes – Curphey blogged about it and it's been on the OWASP feed too.  The
> question is whether/how to respond to ridiculous abuses of the OWASP name
> like this.  I'd like to have some kind of protocol to follow here, like…
>
>
>
> 1)      Nice letter explaining the brand and the violation
>
> 2)      If unfixed, warning letter explaining consequences (wall of shame)
>
> 3)      If unfixed, wall of shame
>
>
>
> Agree?
>
>
>
> --Jeff
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Andrew van der Stock
> *Sent:* Tuesday, February 12, 2008 1:36 AM
> *To:* OWASP Board
> *Subject:* [Owasp-board] Barracuda taking OWASP name in vain?
>
>
>
> Hi guys,
>
>
>
> You might have seen this.
>
>
>
> From
> http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20080207005234&newsLang=en
>
>
>
> *About Barracuda Web Application Controllers*
>
> Barracuda Web Application Controllers, including both the Barracuda Web
> Application Firewall and Barracuda Application Gateway, protect Web sites
> from attackers leveraging protocol or application vulnerabilities to
> instigate unauthorized access, data theft, denial of service or defacement.
> Designed to deliver comprehensive Web security, Barracuda Web Application
> Controllers act as a proxy for Web traffic to insulate Web servers from
> direct access by hackers, enforces data security standards, such as the
> Payment Card Industry Data Security Standard (PCI DSS), and secures Web
> sites against the top 10 major Web vulnerabilities compiled by Open Web
> Application Security Project (OWASP). Available in two models, the
> Barracuda Web Application Firewall provides Web applications and Web
> services with complete protection against malicious attacks. The Barracuda
> Application Gateway, also available in three models, enhances the
> powerful Barracuda Web Application Firewall to integrate traffic management
> capabilities for increased performance and availability.
>
> I don't think *anything* can. I deliberately made some of the Top 10 NP
> hard problems to avoid claims such as this.
>
>
>
> thanks,
>
> Andrew
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080213/c73b30b3/attachment-0002.html>


More information about the Owasp-board mailing list