[Owasp-board] Promotion of OWASP by Non-"non-profits"

Tobias tobias.gondrom at owasp.org
Fri Feb 21 19:47:49 UTC 2014


Hm,

well, a few thoughts to answer your questions, still in the rough:
1. I would like to see for at least every OWASP project the primary
project page under OWASP control. That is on owasp.org or on a domain
that OWASP owns.
But IMHO it does not have to be the only URI used by the project. E.g.
code may be on github, googlecode, working drafts may be discussed in
google docs or potentially even other wikis.
However, I would expect OWASP to host the _primary_ page.
2. Yes. depending on the license, if it is CC attribute commercial use,
in fact every company can use and reference the material as long as it
is attributed. Note, that means other companies can copy and host the
content as well!
Of course, if it is a non-commercial license, things may get complicated
if a company would do anything that would violate the license (e.g. try
to charge for free content) - but that is kind of obvious.
3. use of our brand guidelines is assumed implicitly for all cases.

Best regards, Tobias


On 19/02/14 22:15, Michael Coates wrote:
> Board,
>
> I'd like to understand everyone's thoughts on promotion of OWASP from
> other entities - specifically those that are either corporations,
> private entities and generally companies with different motives then
> us and a non-profit.
>
> More specifically, what expectations to do you feel should be placed
> on a company that wants to promote an owasp project or contribute time
> and resources to the betterment of owasp that of course also benefit
> themselves too (e.g. being a good person has tangential benefits for
> the person and those associated with the person)?
>
> A few questions for consideration
> 1. Does an owasp project or initiative need to live only on the owasp
> wiki?
> 2. Can a company push forward with an owasp project and promote that
> project on their website too?
> 3. Do questions 1 and 2 matter provided the company/person acts per
> our brand usage guidelines here?
> https://www.owasp.org/index.php/Category:OWASP_Project#tab=Brand_Resources
>
> I certainly have my opinions but want to open up the discussion.
>
> I ask these larger questions because the overall issue is more
> important. However, we can also later dive into this idea with a
> concrete example. We have a great scenario where someone is funded by
> a company to do things that benefit OWASP - the podcast series. If we
> have concerns about any aspect of that situation, I'd like to
> understand them in the overall context of how we encourage company
> participation.
>
> Also, if our expectations don't match our stated guidance we need to
> quickly update our guidance. It's hard for us to expect people to
> follow rules if we don't publish them :)
>
>
> Thanks!
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140221/6db17699/attachment.html>


More information about the Owasp-board mailing list