[Owasp-leaders] OWASP Top 10 quiz

Christian Heinrich christian.heinrich at owasp.org
Fri Aug 5 00:32:58 EDT 2011


Antonio,

On Wed, Aug 3, 2011 at 10:03 PM, AF <antonio.fontes at gmail.com> wrote:
> Does it mean that security services/products companies can actually
> built interactive material fully branded under OWASP but hosted under
> their own systems, and then exploit collected data (including answers
> and other traffic related information such as the source IP address)
> without infringing the OWASP brand usage rules?

I am lead to believe that this has occurred in the past e.g. "just
ping me with your desired username and password" quoted from
https://lists.owasp.org/pipermail/owasp-leaders/2010-July/003285.html

I believe that if the intent is collect to PII then it is clearly
stated in their Privacy Policy and we should make this a mandate of
our Brand Usage policy.


-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the OWASP-Leaders mailing list