[Owasp-leaders] OWASP Top 10 quiz

Jason Li jason.li at owasp.org
Wed Aug 3 11:37:34 EDT 2011


Christian,

There is a difference between openness and establishing identity.

For example, all of the Apache projects are open source, but it would be
inappropriate for you or I to setup a website with the Apache Foundation
logo that hosts a service that could be mistaken for something done by the
Apache Foundation.

The Brand Usage Rules exist to *enable* people to properly use the OWASP
brand (#1-4, #9) and also remind people of various misuse cases (#5-8). In
that sense, they are not unlike standard security practices of whitelisting
allowed cases (#1-4, #9) and blacklisting obvious undesired cases
(#5-8). The OWASP Brand Usage Rules are not meant to be an exhaustive list
of disallowed uses. Like you, I am not a lawyer, but I believe standard
rules and laws regarding use of trademarks still apply to the OWASP brand.

Anurag has already stated his intention to eventually create an open source
OWASP project out of his effort. As it stands, I'm sure he will agree that
the intention of his site is just to pilot some concepts and implementation
details and not to misrepresent the site as an OWASP web property.

-Jason

On Wed, Aug 3, 2011 at 3:17 AM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Jeff,
>
> Considering "OWASP is about making application security ideas free and
> open to everyone, not about locking them up" is your statement which I
> quote from within
>
> https://lists.owasp.org/pipermail/global-projects-committee/2011-August/002250.html
>
> I don't believe Anurag has violated
> https://www.owasp.org/index.php/OWASP_brand_usage_rules
>
> On Mon, Aug 1, 2011 at 9:56 PM, Anurag Agarwal (OWASP)
> <anurag.agarwal at owasp.org> wrote:
> > Jeff - I actually meant to make it as an OWASP project and wanted to
> start
> > with a PoC and get the leaders feedback before making it a full blown
> OWASP
> > project. That is the only reason I used OWASP name and logo.
> >
> > My apologies for not asking with the OWASP board earlier. I will remove
> the
> > OWASP logo.
> >
> > Thanks
> > Anurag
> >
> >
> >
> > -----Original Message-----
> > From: Jeff Williams [mailto:jeff.williams at owasp.org]
> > Sent: Monday, August 01, 2011 1:30 AM
> > To: 'Anurag Agarwal (OWASP)'; owasp-leaders at lists.owasp.org
> > Subject: RE: [Owasp-leaders] OWASP Top 10 quiz
> >
> > Hi Anurag,
> >
> > I think this is a cool little project, that could help some folks get a
> > handle on what their developers actually know.  But I'm concerned that
> this
> > is being run at owasp.myappsecurity.com with full OWASP branding.  It
> > appears to be an official OWASP project.  If you want it to be an OWASP
> > project, then it should be free and open and run as a real OWASP project
> --
> > which we'll help support.   If you want it to be proprietary, you can
> keep
> > it at myappsecurity and drop the OWASP branding.
> >
> > I appreciate your understanding.
> >
> > Thanks,
> >
> > --Jeff
> >
> >
> > -----Original Message-----
> > From: owasp-leaders-bounces at lists.owasp.org
> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Anurag
> Agarwal
> > (OWASP)
> > Sent: Friday, July 29, 2011 11:38 PM
> > To: owasp-leaders at lists.owasp.org
> > Subject: [Owasp-leaders] OWASP Top 10 quiz
> >
> > Hi Everyone - I created a very small quiz for a client to test their
> > developer's knowledge of OWASP top 10. I thought it  would be a good idea
> to
> > make it public and let other organization use it for their development
> teams
> > as well. This is a very basic quiz but I do plan to add different levels
> and
> > more questions to it and bring randomness in the questions as well.
> >
> > I would greatly appreciate any feedback or suggestions that others may
> have.
> >
> >
> > http://owasp.myappsecurity.com/2011/07/12/quiz/
> >
> >
> > Thanks,
> >
> > Anurag Agarwal
> > MyAppSecurity Inc
> > Cell - 919-244-0803
> > Email - anurag at myappsecurity.com
> > Website - http://www.myappsecurity.com
> > Blog - http://myappsecurity.blogspot.com LinkedIn -
> > http://www.linkedin.com/in/myappsecurity
> >
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
>
>
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110803/b2223d62/attachment.html 


More information about the OWASP-Leaders mailing list