[Owasp-board] On vendor neutrality and projects....

Michael Coates michael.coates at owasp.org
Sun Sep 28 19:35:03 UTC 2014


Two thoughts

1. I believe this was discussed before and is ok

2. We should make sure it's written down and clear to everyone. It may be and I can't recall (didn't look). If it's not let's get it solidified and added. 

> On Sep 28, 2014, at 12:32 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> 
> So if Simon wanted to charge for ZAP training or support services, since ZAP is an OWASP tool, he would be in violation of our brand usage guidelines?  Or is it only if he mentions those services somewhere in the open source project materials?   FWIW, this is the exact reason why I have hesitated any time someone has asked me to make SimpleRisk an OWASP tool.  I'm not saying its wrong or that I disagree with the approach,  but it will definitely turn away some projects and project leaders who may otherwise be willing to be on the OWASP projects platform.
> 
> ~josh
> 
>> On Sep 28, 2014 12:27 PM, "Jim Manico" <jim.manico at owasp.org> wrote:
>> > Why would we be against anyone promoting a free and open project?
>> 
>> Fair question, when someone ties promoting a FOSS project with promoting their commercial services, they would be in violation of our brand usage guides.
>> 
>> As board members, the board rules also state that we should avoid even the •appearance• of commercial promotion, so we have a mandate to be even more "pure" in our endorsement of OWASP projects.
>> 
>> I can give you exact citations from our current board and project rules if you like.
>> 
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On Sep 28, 2014, at 9:58 AM, Michael Coates <michael.coates at owasp.org> wrote:
>>> 
>>> Why would we be against anyone promoting a free and open project? Eg company x says Owasp project y is a good thing and devs should use it. Perhaps I'm not fully understanding what you mean. 
>>> 
>>>> On Sep 28, 2014, at 8:53 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>> 
>>>> I'm against promoting owasp projects using respective orgs we work for unless they sponsored the project. 
>>>> 
>>>> Our global owasp training events have no BCC or  manicode branding and we give  out our owasp credentials.
>>>> 
>>>> Adding links or associations to projects without real associations (sponsorship) is a bad thing.
>>>> 
>>>> I certainly don't think any board member should leverage such associations unless official and mandated.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>> 
>>>> 
>>>>> On 28 Sep 2014, at 16:42, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> 
>>>>> Eoin, thats the same answer I gave, excellent and thanks.
>>>>> 
>>>>> Aloha,
>>>>> --
>>>>> Jim Manico
>>>>> @Manicode
>>>>> (808) 652-3805
>>>>> 
>>>>> On Sep 28, 2014, at 6:15 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>>> 
>>>>>>> > If someone at an OWASP event asks for my card, is it permitted to have my company info on the card?
>>>>>> - depends on the reasons they are asking? Owasp related or commercial?
>>>>>> 
>>>>>> Eoin Keary
>>>>>> Owasp Global Board
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140928/fdde510d/attachment-0001.html>


More information about the Owasp-board mailing list