[Owasp-board] Additional Brand Abuse

Noreen Whysel noreen.whysel at owasp.org
Tue Nov 18 19:15:42 UTC 2014


Not specifically with regard to events or conferences. The Banner page in
the guidelines only says that the logo "can be used" not "must be used".

The guidelines seem to be more generally about when the brand can be used
by external entities, not when it should be used by OWASP chapters.

On Tue, Nov 18, 2014 at 2:11 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Noreen,
>
> Do our brand guidelines cover this at all. Do we have a gap in our
> policies about this?
>
> https://www.owasp.org/index.php/Marketing/Resources#BRAND_GUIDELINES
>
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Nov 18, 2014, at 10:58 AM, Noreen Whysel <nwhysel at gmail.com> wrote:
>
> Hi Jim,
>
> We have had a request from the NZ chapter regarding conference banner
> logos. We may want to address this in the guidelines as well. None of the
> current events appear to be using the banner on the BANNER page, but do
> seem to have the OWASP name and some version of the wasp image.
>
> I like allowing local chapters to customize logos to the venue and local
> tastes but perhaps we should request at minimum to have "OWASP" and wasp
> image in the banner, and then provide a series of template layered images
> with a variety of color/transparency/shadow/etc.?
>
> Noreen
>
> On Tue, Nov 18, 2014 at 12:44 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> The language in the add is:
>>
>> "OWASP Top Ten Web Scanner", which I feel is wrong. There are several
>> areas which DAST scanners cannot assess in the Top Ten, to say the least.
>>
>> This leads to "OWASP Top Ten Education" and "OWASP Top Ten Code Analysis"
>> which blurs the line between the OWASP brand and the commercial world.
>>
>> Also, from my research I've noted that all of the foundations similar to
>> OWASP have much more clear rules about brand usage. I hope the board is
>> interested in some kind of cleanup. The current brand guidelines are vague
>> to some degree.
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Nov 18, 2014, at 9:05 AM, Paul Ritchie <paul.ritchie at owasp.org> wrote:
>>
>> Jim, Josh, all:
>>
>> I tend to agree with the "Lets be vigilant & educate the community,
>> rather than 'police' the community" approach.
>>
>> Noreen Whysel, our new Community Manager, has training, education &
>> Community outreach in her area of responsibility.  One training topic could
>> easily be "Cool OWASP Marketing tools, and How to Use the OWASP
>> Brand/Logo".
>>
>> Unless we see a truly blatant case of misuse, I'll be asking Noreen to go
>> down the education path first.
>> Paul
>>
>>
>>
>>
>> Best Regards, Paul Ritchie
>> OWASP Interim Executive Director
>> paul.ritchie at owasp.org
>>
>>
>> On Tue, Nov 18, 2014 at 7:53 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> My personal opinion is that this is fine.  The OWASP Top 10 is a
>>> published standard and Acunetix is claiming that they are capable of
>>> scanning for the issues identified in the OWASP Top 10 standard.  I don't
>>> think that we should be responsible for policing whether or not they
>>> actually do what they say they do.  With that line being pretty blurry to
>>> begin with, I doubt Acunetix is the only company advertising in this
>>> manner.  And as long as they're not claiming to be "OWASP Certified", or
>>> the like, I think this is not worth pursuing.
>>>
>>> ~josh
>>>
>>> On Fri, Nov 14, 2014 at 8:13 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>>
>>>>  Folks,
>>>>
>>>> When we do a google search for "OWASP" I see that Acunetix is
>>>> advertising that they are scanning for the OWASP Top Ten. The ad links to
>>>> http://www.acunetix.com/vulnerability-scanner/scan-website-owasp-top-10-risks/
>>>>
>>>> I think this ad violates the following brand usage guidelines:
>>>> https://www.owasp.org/index.php/Marketing/Resources#The_Brand_Usage_Rules
>>>>
>>>> 5) The OWASP Brand must not be used in a manner that suggests that The
>>>> OWASP Foundation supports, advocates, or recommends any particular product
>>>> or technology.
>>>>
>>>> 7) The OWASP Brand must not be used in a manner that suggests that a
>>>> product or technology can enable compliance with any OWASP Materials other
>>>> than an OWASP Published Standard.
>>>>
>>>> and
>>>>
>>>> 8) The OWASP Brand must not be used in any materials that could mislead
>>>> readers by narrowly interpreting a broad application security category. For
>>>> example, a vendor product that can find or protect against forced browsing
>>>> must not claim that they address all of the access control category.
>>>>
>>>>
>>>> I would like to file this with our compliance officer, but I think he
>>>> is over-burdened right now. Do you think this is a clear violation and if
>>>> so, should we approach them in a gentle way with suggestions to correct
>>>> this?
>>>>
>>>> Aloha,
>>>> Jim
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
>
> --
> Noreen Whysel
> nwhysel at gmail.com
> http://www.whysel.com
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Noreen Whysel
Community Manager
OWASP Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141118/aa972d27/attachment-0001.html>


More information about the Owasp-board mailing list