[Owasp-board] Contrast Marketing / OWASP Benchmark Project

Michael Coates michael.coates at owasp.org
Wed Oct 21 18:24:43 UTC 2015


I don't think the brand usage policy needs adjusting. It seems to correctly
capture this situation as not in line with the policy. But let me know if
you're seeing something that's being missed and would warrant a brand usage
policy update.


--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board





On Tue, Oct 20, 2015 at 11:52 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Michael,
>
> Good analysis and resolution suggestions. Do you think the brand usage
> policy needs adjusting as well?
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me in Rome for AppSecEU 2016!
>
> On Oct 20, 2015, at 10:11 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
> I think we definitely have an issue here.
>
> 1)It is quite clear, at it's current state, the project has a conflict of
> interest.
>
> The concept of the project could be great. But a conflict is present in
> it's current state. As a result, everything achieved by the project is
> under a shadow. I also don't think there's any disagreement about conflict
> of interest either (see chapter leader response
> http://lists.owasp.org/pipermail/owasp-benchmark-project/2015-October/000031.html).
> This isn't to say that anyone is purposively influencing results, but a
> "conflict of interest' is about relationships and impartiality, not about
> specific actions. As a result I feel the conflict of interest is here and
> should be acted on.
>
> Suggested action:
> 1a - we should label the project as such (idea: a banner across the wiki
> page with "outstanding issues: conflict of interest)' just like wikipedia
> does.
> 1b - we should ask the project committee to consider updating the project
> maturity process such that a project cannot advance out of the most initial
> phase if a conflict of interest is present.
>
>
> 2) Branding
> The quotes you mention are not inline with our branding requirements. I
> also don't believe the logo is to be used on vendor literature.
>
> https://www.owasp.org/index.php/Marketing/Resources
> The OWASP Brand must not be used in a manner that suggests that The OWASP
> Foundation supports, advocates, or recommends any particular product or
> technology.
>
> Suggested action:
> 2a - Paul to reach out to Contrast to discuss how to work with OWASP
> correctly.
>
>
> Thoughts from others?
>
>
> --
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
>
>
>
>
>
> On Tue, Oct 20, 2015 at 11:39 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> Did anyone see this?
>>
>> https://cdn2.hubspot.net/hubfs/203759/Contrast_Benchmark092215.pdf
>>
>> It is a vendor "Whitepaper" using the OWASP Benchmark Project along with
>> the Foundation brand and logo.  A couple of choice quotes from the
>> whitepaper:
>>
>> "Any product that doesn’t score highly on the OWASP Benchmark puts
>> organizations at serious risk of missing major vulnerabilities in their
>> real-world applications and generating lots of false alarms."
>>
>> "Contrast Enterprise, which the OWASP Benchmark demonstrated is both fast
>> and accurate, is a natural choice to augment or replace existing SAST and
>> DAST solutions."
>>
>> ~josh
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151021/714cc65b/attachment.html>


More information about the Owasp-board mailing list