[Owasp-leaders] Proposal: Remove all commercial/non-OWASP logos from OWASP.org

Dinis Cruz dinis.cruz at owasp.org
Thu Apr 4 10:00:11 UTC 2013

*(Resending this email, since for some reason I got a bounce from the email
I sent to owasp-leaders a couple days ago).*
*(I also blogged this at
and there are already a couple good comments in there from Michael and

Following the recent threads about the commercialization of OWASP, I think
the time as come for a simple move, that will be a little bit painful, but
will clear the water and send a nice big message of what OWASP stands for.

*Remove all commercial/non-owasp-projects logos from OWASP.org*

This move has a log of advantages:

   - it is generic so it doesn't single out anybody
   - it can be done since there are no 'real' contractual obligations for
   OWASP to put company's XYZ logo on the OWASP site
      - note that OWASP can change the content of any content hosted on
      owasp.org , as long as the changed content is released in an
      compatible license :)
      - in fact anybody can start the http://owasp-without-logos.org site
      with all content from owasp.org, expect the 3rd party logos
   - it will push the cases where sponsor-logos are expected to exist, to
   be placed in separate/dedicated 3rd party websites (like what happens with
   AppSec conferences)
      - and if there ARE execptions, they should be treated as one-of
      exceptions (and be fully documented)
   - it will stop the current *'F1/NASCAR logo parade'* that is the OWASP
   main page, and some of its projects
   - it will stop the nasty and non-productive *"hey that
   company shouldn't have their logo in that project"* threads
   - it will send a strong message that OWASP is about sharing information
   and all information/tools/projects that are 'donated' to owasp are supposed
   to be shared in a no-strings/logos attached mode
   - it will clarify that *the OWASP logo, name, tools and content CAN be
   used in commercial situations, as long as it is done outside of OWASP.org
   - it shows a sign of maturity for OWASP, where OWASP doesn't need
   (anymore) to sell a bit of its soul in exchange for good content and tools
   - it shows that OWASP's value to the corporate sponsors, is NOT a logo
   on owasp.org, but the amazing value provided by the multiple OWASP
   activities, events and projects.
   - it shows that OWASP can learn from others, and in this case, follow
   (as Jim recommended) the Apache foundation example (see
   http://www.apache.org/foundation/marks/responsibility.html )

There are a couple disadvantages:

   - Some OWASP leaders and supporting companies will be annoyed and fell
   that *'OWASP changed the value-added they would get by contributing to
   - Some OWASP corporate sponsors might even be so angry that they don't
   renew their anual membership
   - Some OWASP leaders might be so annoyed that they stop contributing at
   all to OWASP
   - This is one of those issues that has the potential to generate a
   gazilion of emails, with lots of opinions and no decisions in the end. Btw,
   the faster 'a' decision is made the better (Yes or No).

I believe that OWASP today (April 2013) is in the perfect situation to make
this move. There is enough money to sustain any financial loss (which I
don't think will happen) and the OWASP projects are still in a state where
a drop of a couple OWASP leaders wouldn't have a dramatic effect (which
again i don't think will happen)

So what do you say, fellow OWASP friends, should we make this jump?

*My vote is YES, lets get rid of the commercial logos in OWASP and start a
new generation of OWASP content and tools*

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130404/cca18914/attachment.html>

More information about the OWASP-Leaders mailing list