[Owasp-board] Additional Brand Abuse
josh.sokol at owasp.org
Tue Nov 18 15:53:23 UTC 2014
My personal opinion is that this is fine. The OWASP Top 10 is a published
standard and Acunetix is claiming that they are capable of scanning for the
issues identified in the OWASP Top 10 standard. I don't think that we
should be responsible for policing whether or not they actually do what
they say they do. With that line being pretty blurry to begin with, I
doubt Acunetix is the only company advertising in this manner. And as long
as they're not claiming to be "OWASP Certified", or the like, I think this
is not worth pursuing.
On Fri, Nov 14, 2014 at 8:13 PM, Jim Manico <jim.manico at owasp.org> wrote:
> When we do a google search for "OWASP" I see that Acunetix is advertising
> that they are scanning for the OWASP Top Ten. The ad links to
> I think this ad violates the following brand usage guidelines:
> 5) The OWASP Brand must not be used in a manner that suggests that The
> OWASP Foundation supports, advocates, or recommends any particular product
> or technology.
> 7) The OWASP Brand must not be used in a manner that suggests that a
> product or technology can enable compliance with any OWASP Materials other
> than an OWASP Published Standard.
> 8) The OWASP Brand must not be used in any materials that could mislead
> readers by narrowly interpreting a broad application security category. For
> example, a vendor product that can find or protect against forced browsing
> must not claim that they address all of the access control category.
> I would like to file this with our compliance officer, but I think he is
> over-burdened right now. Do you think this is a clear violation and if so,
> should we approach them in a gentle way with suggestions to correct this?
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board