[Owasp-board] Additional Brand Abuse

Josh Sokol josh.sokol at owasp.org
Tue Nov 18 15:53:23 UTC 2014


My personal opinion is that this is fine.  The OWASP Top 10 is a published
standard and Acunetix is claiming that they are capable of scanning for the
issues identified in the OWASP Top 10 standard.  I don't think that we
should be responsible for policing whether or not they actually do what
they say they do.  With that line being pretty blurry to begin with, I
doubt Acunetix is the only company advertising in this manner.  And as long
as they're not claiming to be "OWASP Certified", or the like, I think this
is not worth pursuing.

~josh

On Fri, Nov 14, 2014 at 8:13 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Folks,
>
> When we do a google search for "OWASP" I see that Acunetix is advertising
> that they are scanning for the OWASP Top Ten. The ad links to
> http://www.acunetix.com/vulnerability-scanner/scan-website-owasp-top-10-risks/
>
> I think this ad violates the following brand usage guidelines:
> https://www.owasp.org/index.php/Marketing/Resources#The_Brand_Usage_Rules
>
> 5) The OWASP Brand must not be used in a manner that suggests that The
> OWASP Foundation supports, advocates, or recommends any particular product
> or technology.
>
> 7) The OWASP Brand must not be used in a manner that suggests that a
> product or technology can enable compliance with any OWASP Materials other
> than an OWASP Published Standard.
>
> and
>
> 8) The OWASP Brand must not be used in any materials that could mislead
> readers by narrowly interpreting a broad application security category. For
> example, a vendor product that can find or protect against forced browsing
> must not claim that they address all of the access control category.
>
>
> I would like to file this with our compliance officer, but I think he is
> over-burdened right now. Do you think this is a clear violation and if so,
> should we approach them in a gentle way with suggestions to correct this?
>
> Aloha,
> Jim
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141118/89b0f748/attachment.html>


More information about the Owasp-board mailing list