[Owasp-leaders] OWASP Top 10 quiz

Christian Heinrich christian.heinrich at owasp.org
Thu Aug 4 23:47:27 EDT 2011


Jason,

On Thu, Aug 4, 2011 at 1:35 AM, Jason Li <li.jason.c at gmail.com> wrote:
> Christian,
> There is a difference between openness and establishing identity.
> For example, all of the Apache projects are open source, but it would be
> inappropriate for you or I to setup a website with the Apache Foundation
> logo that hosts a service that could be mistaken for something done by the
> Apache Foundation.
> The Brand Usage Rules exist to *enable* people to properly use the OWASP
> brand (#1-4, #9) and also remind people of various misuse cases (#5-8). In
> that sense, they are not unlike standard security practices of whitelisting
> allowed cases (#1-4, #9) and blacklisting obvious undesired cases
> (#5-8). The OWASP Brand Usage Rules are not meant to be an exhaustive list
> of disallowed uses. Like you, I am not a lawyer, but I believe standard
> rules and laws regarding use of trademarks still apply to the OWASP brand.
> Anurag has already stated his intention to eventually create an open source
> OWASP project out of his effort. As it stands, I'm sure he will agree that
> the intention of his site is just to pilot some concepts and implementation
> details and not to misrepresent the site as an OWASP web property.

IMHO it is in OWASP's best interest for Anurag, as an officer of WASC,
to promote the OWASP Brand in good standing as he has considering the
proposed merger of WASC and OWASP i.e.
http://www.google.com.au/search?hl=en&q=WASC+site%3Alists.owasp.org+inurl%3A%22owasp-board%22

That stated, some other officers of WASC have expressed their own
concern of OWASP e.g.
http://twitter.com/#!/jeremiahg/status/94449886602334208

Therefore, Anurag could allege "selective prosecution" against
Jeff/Aspect Security considering
http://www.google.com.au/search?q=site%3Aaspectsecurity.com+owasp and
in the interests of fairness this is *not* limited to Aspect Security
either.

To avoid this situation, I recommend that OWASP incorporate the
additional content from http://www.apache.org/foundation/marks/ (as
well as other Foundations) into
https://www.owasp.org/index.php/OWASP_brand_usage_rules were
applicable and with attribution and then launch an independent "brand"
audit and apply discretion to its findings.


-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the OWASP-Leaders mailing list