[Owasp-board] Owasp-argentina - owasp brand

Paulo Coimbra paulo.coimbra at owasp.org
Tue Nov 16 19:21:02 UTC 2010

Hello Fabio,


Thank you for offering help. The text/situation below, available at the Argentina Chapter wiki page, is what got our attention.


“Jun 2010 - Web Application Security Training - Descuentos miembros OWASP 

 <http://www.bonsai-sec.com> Bonsai Information Security los invita al Curso de Seguridad en Aplicaciones Web que se estará presentando los dias 14 y 15 de Julio en la ciudad de Buenos Aires.
Interesados, visitar el siguiente  <http://www.bonsai-sec.com/es/education/web-security-buenos-aires.php> enlace.
Cabe destacar que los miembros de OWASP (registrados antes del 1 de Junio) obtienen un descuento especial del 20%.”


The issue has been discussed by our Board and so it was decided that the email that Dinis has sent November, 8th, to the OWASP leaders’ mailing list with the subject “[Owasp-leaders] Question about owasp logos”, should also be forward to the Argentina Chapter mailing list to help the Chapter to better understand OWASP’s positioning regarding this kind of matters.


I believe it has been also decided not to emphasise too much the idea of any wrong doing. 



- Paulo



Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager


From: fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie] 
Sent: segunda-feira, 15 de Novembro de 2010 11:50
To: paulo.coimbra at owasp.org
Subject: Owasp-argentina - owasp brand


hi Paulo, 

Are you aware of any OWASP brand abuse in Argentina? I could contact the chapter leader no problem to clarify. 

Fabio Cerullo
Divisional Information Security 
Bankcentre D1, 
Dublin 4,

Tel: +353 1 772 6309
Email: fabio.e.cerullo at aib.ie

----- Forwarded by Fabio E Cerullo/IR/AIB on 15/11/2010 11:48 ----- 

owasp-argentina-request at lists.owasp.org 
Sent by: owasp-argentina-bounces at lists.owasp.org 

12/11/2010 17:00 
Please respond to owasp-argentina 

        To:        owasp-argentina at lists.owasp.org 
        Subject:        Resumen de Owasp-argentina, Vol 28, Envío 3 

Envíe los mensajes para la lista Owasp-argentina a
                owasp-argentina at lists.owasp.org

Para subscribirse o anular su subscripción a través de la WEB

O por correo electrónico, enviando un mensaje con el texto "help" en
el asunto (subject) o en el cuerpo a:
                owasp-argentina-request at lists.owasp.org

Puede contactar con el responsable de la lista escribiendo a:
                owasp-argentina-owner at lists.owasp.org

Si responde a algún contenido de este mensaje, por favor, edite la
linea del asunto (subject) para que el texto sea mas especifico que:
"Re: Contents of Owasp-argentina digest...". Además, por favor,
incluya en la respuesta sólo aquellas partes del mensaje a las que
está respondiendo.

Asuntos del día:

  1. FW: [Owasp-leaders] Question about owasp logos (Paulo Coimbra)


Message: 1
Date: Thu, 11 Nov 2010 23:00:26 -0000
From: "Paulo Coimbra" <paulo.coimbra at owasp.org>
Subject: [Owasp-argentina] FW: [Owasp-leaders] Question about owasp
To: <owasp-argentina at lists.owasp.org>
Cc: 'OWASP Foundation Board List' <owasp-board at lists.owasp.org>
Message-ID: <4cdc7646.1e07e30a.3346.ffff8d30 at mx.google.com>
Content-Type: text/plain; charset="iso-8859-1"

Hello Argentina Chapter,

The OWASP Leader’s mailing list has produced the thread below and it was
thought it would be useful if you had knowledge of it.


- Paulo

Paulo Coimbra,

<http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: segunda-feira, 8 de Novembro de 2010 14:34
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Question about owasp logos

I just took a look at this and at first sight they are doing a lot of things
right (remember that our objective is to have OWASP materials and brand as
widely used as possible)

#1) They are not calling it an 'OWASP Web Application Security' course
(which usually implies that it is an OWASP Activity)

#3) When OWASP in mentioned on the course description it says '...based on
OWASP.." (which again is the right way to place it)

#3) The branding is clearly not OWASP and it should be obvious to the
attendees that this is not an OWASP-run event.

Now, the problem with #3 (Branding of the course) is that they also use
OWASP Logo (and name) in the banner. This is a fuzzy area and as long as the
impression is not given that this is an OWASP-driven and organized event, we
should actually be encouraging this type of activity (instead of 'hitting
them hard'). 

The only two things I can think of to ask them is 

1) to use a logo that has the text 'based on' inside it (as in : "...based
on OWASP materials...") and to include a link to OWASP's website were we
make it very explicit that we/OWASP :

- supports the use of OWASP materials by training companies 

- but are DO NOT responsible for the course content or delivery

- and DO NOT endorse or recommend it.

The question/issue that I think we should focus on is how to find a way to
link from OWASP's website to this course (so that it encourages more like
this). The http://www.owasp.org/index.php/OWASP_Related_Commercial_Services
is still in early days, but that would be the place to do it.

Note that what we CAN'T put on OWASP's website is:

*                 Marketing text provided by commercial companies about what they do
*                 Directly link to external commercial services not organized by OWASP
*                 Advertize commercial activities at OWASP's Chapter/Conferences
events or pages (unless managed and controlled by the Conference
Organization team or by the OWASP
<http://www.owasp.org/index.php/OWASP_Related_Commercial_Services>  Related
Commercial Services project)

Note that the Chapter's Committee is currently inactive, so chapter leaders
please take a moment to look at your chapter and make sure that there is a
very big and explicit separation between OWASP Activities and the inevitable
commercial interests that exist in your chapter (for more details see the
OWASP Chapter <http://www.owasp.org/index.php/Category:Chapter_Handbook>

Recapping, we need to find more ways to encourage the use of OWASP
materials, and what is really needed are a number of 'use-case' in our WIKI
that help individuals/companies to understand the rules-of-the-game and the
best way to leverage the amazing materials that our leaders create.

Dinis Cruz

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2

On 8 November 2010 08:57, John Vargas <johnvargas at gmail.com> wrote:

Hi Leaders!

I have a question .. I just learned that a company is conducting a workshop
to explain the OWASP TOP10 and web application security, which will cost $
60 and is using the logos of "OWASP" on the flyers and website.
I'm sure this is not allowed by the license type OWASP trademark, but I want
to confirm it.

Here is the link of the flyer


John Vargas P.  - LRU # 357244
IT Security Consultant - OWASP Perú Chapter Leader
Visita: http://www.owasp.org/index.php/Peru

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

------------ próxima parte ------------
Se ha borrado un texto insertado con un juego de caracteres sin especificar...
Nombre: ATT00103.txt
Url: https://lists.owasp.org/pipermail/owasp-argentina/attachments/20101111/85f0adef/attachment-0001.txt 


Owasp-argentina mailing list
Owasp-argentina at lists.owasp.org

Fin de Resumen de Owasp-argentina, Vol 28, Envío 3

This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. Allied Irish Banks, 
AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173.
~~~~~~~Please consider the environment before printing this Email~~~~~~~~
This email has been scanned by an external Email Security System.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101116/63838a9c/attachment-0002.html>

More information about the Owasp-board mailing list