[Owasp-board] Promotion of OWASP by Non-"non-profits"

Jim Manico jim.manico at owasp.org
Sat Feb 22 00:22:17 UTC 2014

My take? Anyone can and should be allowed to participate, but project
leaders decide how.

ie: As a leader, I'm not taking your shitty low-quality patch if I deem it
bad - but under an open license you should be able to fork.

Jim Manico
(808) 652-3805

On Feb 21, 2014, at 3:04 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

Should a private entity whom promotes an owasp project be obliged to let
team members who are not part of the private entity be part of the team?

Or is it open project, closed team like the top 10??

Eoin Keary
Owasp Global Board
+353 87 977 2988

On 19 Feb 2014, at 22:15, Michael Coates <michael.coates at owasp.org> wrote:


I'd like to understand everyone's thoughts on promotion of OWASP from other
entities - specifically those that are either corporations, private
entities and generally companies with different motives then us and a

More specifically, what expectations to do you feel should be placed on a
company that wants to promote an owasp project or contribute time and
resources to the betterment of owasp that of course also benefit themselves
too (e.g. being a good person has tangential benefits for the person and
those associated with the person)?

A few questions for consideration
1. Does an owasp project or initiative need to live only on the owasp wiki?
2. Can a company push forward with an owasp project and promote that
project on their website too?
3. Do questions 1 and 2 matter provided the company/person acts per our
brand usage guidelines here?

I certainly have my opinions but want to open up the discussion.

I ask these larger questions because the overall issue is more important.
However, we can also later dive into this idea with a concrete example. We
have a great scenario where someone is funded by a company to do things
that benefit OWASP - the podcast series. If we have concerns about any
aspect of that situation, I'd like to understand them in the overall
context of how we encourage company participation.

Also, if our expectations don't match our stated guidance we need to
quickly update our guidance. It's hard for us to expect people to follow
rules if we don't publish them :)


Michael Coates

Owasp-board mailing list
Owasp-board at lists.owasp.org

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140221/4a5986c6/attachment-0001.html>

More information about the Owasp-board mailing list