[Owasp-leaders] Question about owasp logos

dinis cruz dinis.cruz at owasp.org
Mon Nov 8 09:38:53 EST 2010

(sorry, sent the last one too soon by mistake, read this one instead (some
minor formatting and spelling changes)

I just took a look at this and at first sight they are doing a lot of
things right (remember that our objective is to have OWASP materials and
brand as widely used as possible)

#1) They are not calling it an 'OWASP Web Application Security' course
(which usually implies that it is an OWASP Activity)
#3) When OWASP in mentioned on the course description it says '...based on
OWASP.." (which again is the right way to place it)
#3) The branding is clearly not OWASP and it should be obvious to
the attendees that this is not an OWASP-run event.

Now, the problem with #3 (Branding of the course) is that they also use
OWASP Logo (and name) in the banner. This is a fuzzy area and as long as the
impression is not given that this is an OWASP-driven and organized event, we
should actually be encouraging this type of activity (instead of 'hitting
them hard' and sending the message to the industry that we are 'hard to deal

The only two things I can think of to ask them is to:

1) use an OWASP logo that has the text 'based on' inside it (as in :
"...based on OWASP materials...")
2) include a link to OWASP's website were we make it very explicit that
we/OWASP :
 - supports the use of OWASP materials by training companies
 - but are DO NOT responsible for the course content or delivery
 - and DO NOT endorse or recommend it.

Note that both items (logo and page) currently don't exist at OWASP (any
volunteers? :)  )

The question/issue that I think we should focus on, is how to find a way to
link from OWASP's website to this course (so that it encourages more like
this). The http://www.owasp.org/index.php/OWASP_Related_Commercial_Services is
still in early days, but that would be the place to do it.

Note that what we CAN'T put on OWASP's website is:

   - Marketing text provided by commercial companies about what they do
   - Directly link to external commercial services not organized by OWASP
   - Advertize commercial activities at OWASP's Website/Chapter/Conferences
   events or pages (unless managed and controlled by the Kate, the local
   Conference Organization team or by the OWASP Related Commercial

Note that the Chapter's Committee is currently inactive, *so chapter leaders
please take a moment to look at your chapter and make sure that there is a
very big and explicit separation between OWASP Activities and the inevitable
commercial interests that exist in your chapte*r (for more details see
Chapter Handbook <http://www.owasp.org/index.php/Category:Chapter_Handbook>

Recapping, we need to find more ways to encourage the use of OWASP
materials, and what is really needed are a number of 'use-case' in our WIKI
that help individuals/companies to understand the rules-of-the-game and the
best way to leverage the amazing materials that our leaders create.

Dinis Cruz

> On 8 November 2010 08:57, John Vargas <johnvargas at gmail.com> wrote:
>> Hi Leaders!
>> I have a question .. I just learned that a company is conducting a
>> workshop to explain the OWASP TOP10 and web application security, which will
>> cost $ 60 and is using the logos of "OWASP" on the flyers and website.
>> I'm sure this is not allowed by the license type OWASP trademark, but I
>> want to confirm it.
>> Here is the link of the flyer
>> http://www.laboratoriovirus.com/owaspnoviembre2010.html
>> Regards,
>> --
>> ---------------------------------------------------------------
>> John Vargas P.  - LRU # 357244
>> IT Security Consultant - OWASP Perú Chapter Leader
>> Visita: http://www.owasp.org/index.php/Peru
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101108/130b4d05/attachment.html 

More information about the OWASP-Leaders mailing list