[Owasp-leaders] Commercial delivery of courses based on OWASP materials

Jim Manico jim.manico at owasp.org
Wed Jun 9 15:59:20 EDT 2010


Thanks, Andrew. I'm a big fan of this direction. It's inline with open 
source and 501c3 values and keeps the brand "clean".

The main issue that has come up over "guarding the brand" is the expense 
to "legally challenge" those who are not using the brand with integrity.

I think a "wall of shame" at OWASP which describes brand use violations 
may be enough for now. Or for the whitelist inclined, we could provide a 
list of those who ARE using the brand with integrity implying that all 
others are not.

I prefer "responsible open" not "goatse open" when it comes to the OWASP 

- Jim

> Hi there,
> The power of open source is that you are free to use it and re-purpose it for any reason. If you can make money off it (especially when it's freely downloadable), good on you.
> Generally, you can't make money writing for OWASP projects (trust me, I've tried), so the only method to make money is to deliver services based upon them. There should be no restrictions on this. It's the One True Open Source Way(tm).
> I think there are many viable mechanisms to make a good living from getting OWASP's message out there. We shouldn't get in the way of this.
> - I think delivering a copy of the relevant standard, project or similar in its original format or with extensions is perfectly acceptable.
> - I think buying a copy from OWASP and providing it to participants is a nice to have but we shouldn't hard wire it into our licenses as that's no longer open source
> I think the OWASP brand and logo needs to be jealously guarded.
> - I think folks purporting to be OWASP certified trainers etc ... that has to be frowned on until such time we have such a program. Maybe we should do this. I don't know.
> - I think folks purporting to deliver OWASP syllabus should make it clear it's their own work as we have no such teaching standards or guidelines. Maybe we should do this. I don't know.
> But putting additional restrictions on our materials (CC or GFDL or whatever) I think it taking it out of the hands of the original contributors and definitely violates our commitments to open source both in the letter and spirit of the licenses we use.
> thanks,
> Andrew
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

More information about the OWASP-Leaders mailing list