[Owasp-board] Additional Brand Abuse

Jim Manico jim.manico at owasp.org
Fri Dec 5 18:26:22 UTC 2014


*> All the site is saying that they claim it scans for owasp top 10. 
Where is the issue??*

Per 
https://www.owasp.org/index.php/Marketing/Resources#The_Brand_Usage_Rules

Highlighted for emphasis.

1) The OWASP Brand may be used to direct people to the OWASP website for 
information about application security.

*> Accunetix is using the OWASP brand to direct folks to their website*

2) The OWASP Brand may be used in commentary about the materials found 
on the OWASP website.

*> Accunetix is using the OWASP brand in conjunction with their product*

3) The OWASP Brand may be used by OWASP Members in good standing to 
promote a person or company's involvement in OWASP.

*> Accunetix is using the OWASP brand in conjunction with their 
product**for sales purposes where the product is highlighted, not OWASP 
involvement*

4) The OWASP Brand may be used in association with an application 
security assessment only if a complete and detailed methodology, 
sufficient to reproduce the results, is disclosed.

*> Accunetix is using the OWASP brand in Google searches that direct to 
their product. Complete methodology is not at all published, in fact, A5 
and other OWASP Top Ten items are not scannable.*

5) The OWASP Brand must not be used in a manner that suggests that The 
OWASP Foundation supports, advocates, or recommends any particular 
product or technology.

*> Accunetix is using the OWASP brand in conjunction with their product 
in a way that directs folks to buy their product.*

6) The OWASP Brand must not be used in a manner that suggests that a 
product or technology is compliant with any OWASP Materials other than 
an OWASP Published Standard.

*> Accunetix is implying that their product satisfies the requirements 
of the OWASP Top Ten *

7) The OWASP Brand must not be used in a manner that suggests that a 
product or technology can enable compliance with any OWASP Materials 
other than an OWASP Published Standard.

*> Accunetix is implying that their product satisfies the requirements 
of the OWASP Top Ten*

8) The OWASP Brand must not be used in any materials that could mislead 
readers by narrowly interpreting a broad application security category. 
For example, a vendor product that can find or protect against forced 
browsing must not claim that they address all of the access control 
category.

9) The OWASP Brand may be used by special arrangement with The OWASP 
Foundation.



On 12/5/14 10:07 AM, Eoin Keary wrote:
> All the site is saying that they claim it scans for owasp top 10.
> Where is the issue??
>
> Sent from my iPhone
>
> On 15 Nov 2014, at 02:13, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>> Folks,
>>
>> When we do a google search for "OWASP" I see that Acunetix is 
>> advertising that they are scanning for the OWASP Top Ten. The ad 
>> links to 
>> http://www.acunetix.com/vulnerability-scanner/scan-website-owasp-top-10-risks/
>>
>> I think this ad violates the following brand usage guidelines: 
>> https://www.owasp.org/index.php/Marketing/Resources#The_Brand_Usage_Rules
>>
>> 5) The OWASP Brand must not be used in a manner that suggests that 
>> The OWASP Foundation supports, advocates, or recommends any 
>> particular product or technology.
>>
>> 7) The OWASP Brand must not be used in a manner that suggests that a 
>> product or technology can enable compliance with any OWASP Materials 
>> other than an OWASP Published Standard.
>>
>> and
>>
>> 8) The OWASP Brand must not be used in any materials that could 
>> mislead readers by narrowly interpreting a broad application security 
>> category. For example, a vendor product that can find or protect 
>> against forced browsing must not claim that they address all of the 
>> access control category.
>>
>>
>> I would like to file this with our compliance officer, but I think he 
>> is over-burdened right now. Do you think this is a clear violation 
>> and if so, should we approach them in a gentle way with suggestions 
>> to correct this?
>>
>> Aloha,
>> Jim
>>
>>
>>
>> <Screen Shot 2014-11-15 at 10.05.36 AM.jpg>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141205/60ddb0bc/attachment.html>


More information about the Owasp-board mailing list