[Owasp-board] On vendor neutrality and projects....

Jim Manico jim.manico at owasp.org
Sat Sep 27 17:45:24 UTC 2014


A member of our community asked me a few questions about OWASP projects 
and our commercial stance. Here are my answers, did I answer these 
correctly?

*> **If someone at an OWASP event asks for my card, is it permitted to 
have my company info on the card?*

I tend to give people two cards when I can. One OWASP card (this is my 
non-profit card) and my commercial card (this is my business). I do not 
put the OWASP logo on my commercial card and I do not put my company 
logo on an OWASP card. I'm going to check with the board on this to make 
sure I'm communicating this properly.

My suggesting is that you should not initiate commercial activities on 
any OWASP communication channel (OWASP email, OWASP lists, etc). But if 
someone asks YOU and initiates a commercial conversation, move it to a 
different email address and knock yourself out. :)*

 > Does this change if I'm presenting or not?*

No, but when presenting at OWASP conferences, please do not use that 
platform to sell your commercial product or service. It's part of our 
speaker agreement. And in general, /*never ever imply that OWASP 
endorses your commercial product or service*/. Cool? There are of course 
vendor options at OWASP conferences.*

 > do I have to close down the open source project as it exists, and 
move everything to OWASP, or can I point the OWASP pages at the existing 
open source project?*

We prefer that you use the OWASP wiki to describe your project, and then 
point to a _open source public repository_ of your code. In our project 
template there is a section for "external resources" where you can link 
to other resources. I do not think you have the close down what you are 
doing now, but the OWASP project page should be non-commercial and 
should not point to commercial activities, other than a neutral sponsor 
page.

Helpful?

Aloha,
Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140927/be72f6cf/attachment.html>


More information about the Owasp-board mailing list