[Owasp-leaders] Question about owasp logos

dinis cruz dinis.cruz at owasp.org
Mon Nov 8 09:33:40 EST 2010


I just took a look at this and at first sight they are doing a lot of
things right (remember that our objective is to have OWASP materials and
brand as widely used as possible)

#1) They are not calling it an 'OWASP Web Application Security' course
(which usually implies that it is an OWASP Activity)
#3) When OWASP in mentioned on the course description it says '...based on
OWASP.." (which again is the right way to place it)
#3) The branding is clearly not OWASP and it should be obvious to
the attendees that this is not an OWASP-run event.

Now, the problem with #3 (Branding of the course) is that they also use
OWASP Logo (and name) in the banner. This is a fuzzy area and as long as the
impression is not given that this is an OWASP-driven and organized event, we
should actually be encouraging this type of activity (instead of 'hitting
them hard').

The only two things I can think of to ask them is
1) to use a logo that has the text 'based on' inside it (as in : "...based
on OWASP materials...") and to include a link to OWASP's website were we
make it very explicit that we/OWASP :
 - supports the use of OWASP materials by training companies
 - but are DO NOT responsible for the course content or delivery
 - and DO NOT endorse or recommend it.

The question/issue that I think we should focus on is how to find a way to
link from OWASP's website to this course (so that it encourages more like
this). The http://www.owasp.org/index.php/OWASP_Related_Commercial_Servicesis
still in early days, but that would be the place to do it.

Note that what we CAN'T put on OWASP's website is:

   - Marketing text provided by commercial companies about what they do
   - Directly link to external commercial services not organized by OWASP
   - Advertize commercial activities at OWASP's Chapter/Conferences events
   or pages (unless managed and controlled by the Conference Organization team
   or by the OWASP Related Commercial
Services<http://www.owasp.org/index.php/OWASP_Related_Commercial_Services>project)

Note that the Chapter's Committee is currently inactive, so chapter leaders
please take a moment to look at your chapter and make sure that there is a
very big and explicit separation between OWASP Activities and the inevitable
commercial interests that exist in your chapter (for more details see the OWASP
Chapter Handbook <http://www.owasp.org/index.php/Category:Chapter_Handbook>
).

Recapping, we need to find more ways to encourage the use of OWASP
materials, and what is really needed are a number of 'use-case' in our WIKI
that help individuals/companies to understand the rules-of-the-game and the
best way to leverage the amazing materials that our leaders create.

Dinis Cruz

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


On 8 November 2010 08:57, John Vargas <johnvargas at gmail.com> wrote:

> Hi Leaders!
>
> I have a question .. I just learned that a company is conducting a
> workshop to explain the OWASP TOP10 and web application security, which will
> cost $ 60 and is using the logos of "OWASP" on the flyers and website.
> I'm sure this is not allowed by the license type OWASP trademark, but I
> want to confirm it.
>
> Here is the link of the flyer
> http://www.laboratoriovirus.com/owaspnoviembre2010.html
>
>
> Regards,
>
> --
> ---------------------------------------------------------------
> John Vargas P.  - LRU # 357244
> IT Security Consultant - OWASP Perú Chapter Leader
> Visita: http://www.owasp.org/index.php/Peru
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101108/0f18f81e/attachment.html 


More information about the OWASP-Leaders mailing list