[Owasp-board] FW: [Owasp-leaders] Question about owasp logos

Paulo Coimbra paulo.coimbra at owasp.org
Thu Nov 11 23:00:26 UTC 2010


Hello Argentina Chapter,

 

The OWASP Leader’s mailing list has produced the thread below and it was
thought it would be useful if you had knowledge of it.

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: segunda-feira, 8 de Novembro de 2010 14:34
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Question about owasp logos

 

I just took a look at this and at first sight they are doing a lot of things
right (remember that our objective is to have OWASP materials and brand as
widely used as possible)

 

#1) They are not calling it an 'OWASP Web Application Security' course
(which usually implies that it is an OWASP Activity)

#3) When OWASP in mentioned on the course description it says '...based on
OWASP.." (which again is the right way to place it)

#3) The branding is clearly not OWASP and it should be obvious to the
attendees that this is not an OWASP-run event.

 

Now, the problem with #3 (Branding of the course) is that they also use
OWASP Logo (and name) in the banner. This is a fuzzy area and as long as the
impression is not given that this is an OWASP-driven and organized event, we
should actually be encouraging this type of activity (instead of 'hitting
them hard'). 

 

The only two things I can think of to ask them is 

1) to use a logo that has the text 'based on' inside it (as in : "...based
on OWASP materials...") and to include a link to OWASP's website were we
make it very explicit that we/OWASP :

 - supports the use of OWASP materials by training companies 

 - but are DO NOT responsible for the course content or delivery

 - and DO NOT endorse or recommend it.

 

The question/issue that I think we should focus on is how to find a way to
link from OWASP's website to this course (so that it encourages more like
this). The http://www.owasp.org/index.php/OWASP_Related_Commercial_Services
is still in early days, but that would be the place to do it.

 

Note that what we CAN'T put on OWASP's website is:

*	Marketing text provided by commercial companies about what they do
*	Directly link to external commercial services not organized by OWASP
*	Advertize commercial activities at OWASP's Chapter/Conferences
events or pages (unless managed and controlled by the Conference
Organization team or by the OWASP
<http://www.owasp.org/index.php/OWASP_Related_Commercial_Services>  Related
Commercial Services project)

Note that the Chapter's Committee is currently inactive, so chapter leaders
please take a moment to look at your chapter and make sure that there is a
very big and explicit separation between OWASP Activities and the inevitable
commercial interests that exist in your chapter (for more details see the
OWASP Chapter <http://www.owasp.org/index.php/Category:Chapter_Handbook>
Handbook).

 

Recapping, we need to find more ways to encourage the use of OWASP
materials, and what is really needed are a number of 'use-case' in our WIKI
that help individuals/companies to understand the rules-of-the-game and the
best way to leverage the amazing materials that our leaders create.

 

Dinis Cruz


Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2



On 8 November 2010 08:57, John Vargas <johnvargas at gmail.com> wrote:

Hi Leaders!

I have a question .. I just learned that a company is conducting a workshop
to explain the OWASP TOP10 and web application security, which will cost $
60 and is using the logos of "OWASP" on the flyers and website.
I'm sure this is not allowed by the license type OWASP trademark, but I want
to confirm it.

Here is the link of the flyer
http://www.laboratoriovirus.com/owaspnoviembre2010.html



Regards,

-- 
---------------------------------------------------------------
John Vargas P.  - LRU # 357244
IT Security Consultant - OWASP Perú Chapter Leader
Visita: http://www.owasp.org/index.php/Peru





_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101111/85f0adef/attachment-0002.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00103.txt
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101111/85f0adef/attachment-0002.txt>


More information about the Owasp-board mailing list