[Owasp-leaders] Proposal: Remove all commercial/non-OWASP logos from OWASP.org

Paolo Perego thesp0nge at gmail.com
Thu Apr 4 10:03:22 UTC 2013

Definitely agree with you

On 4 April 2013 12:00, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> (Resending this email, since for some reason I got a bounce from the email I
> sent to owasp-leaders a couple days ago).
> (I also blogged this at
> http://blog.diniscruz.com/2013/04/proposal-remove-all-commercialnon-owasp.html
> , and there are already a couple good comments in there from Michael and
> Mark)
> Following the recent threads about the commercialization of OWASP, I think
> the time as come for a simple move, that will be a little bit painful, but
> will clear the water and send a nice big message of what OWASP stands for.
> Remove all commercial/non-owasp-projects logos from OWASP.org
> This move has a log of advantages:
> it is generic so it doesn't single out anybody
> it can be done since there are no 'real' contractual obligations for OWASP
> to put company's XYZ logo on the OWASP site
> note that OWASP can change the content of any content hosted on owasp.org ,
> as long as the changed content is released in an compatible license :)
> in fact anybody can start the http://owasp-without-logos.org site with all
> content from owasp.org, expect the 3rd party logos
> it will push the cases where sponsor-logos are expected to exist, to be
> placed in separate/dedicated 3rd party websites (like what happens with
> AppSec conferences)
> and if there ARE execptions, they should be treated as one-of exceptions
> (and be fully documented)
> it will stop the current 'F1/NASCAR logo parade' that is the OWASP main
> page, and some of its projects
> it will stop the nasty and non-productive "hey that company shouldn't have
> their logo in that project" threads
> it will send a strong message that OWASP is about sharing information and
> all information/tools/projects that are 'donated' to owasp are supposed to
> be shared in a no-strings/logos attached mode
> it will clarify that the OWASP logo, name, tools and content CAN be used in
> commercial situations, as long as it is done outside of OWASP.org
> it shows a sign of maturity for OWASP, where OWASP doesn't need (anymore) to
> sell a bit of its soul in exchange for good content and tools
> it shows that OWASP's value to the corporate sponsors, is NOT a logo on
> owasp.org, but the amazing value provided by the multiple OWASP activities,
> events and projects.
> it shows that OWASP can learn from others, and in this case, follow (as Jim
> recommended) the Apache foundation example (see
> http://www.apache.org/foundation/marks/responsibility.html )
> There are a couple disadvantages:
> Some OWASP leaders and supporting companies will be annoyed and fell that
> 'OWASP changed the value-added they would get by contributing to OWASP'
> Some OWASP corporate sponsors might even be so angry that they don't renew
> their anual membership
> Some OWASP leaders might be so annoyed that they stop contributing at all to
> This is one of those issues that has the potential to generate a gazilion of
> emails, with lots of opinions and no decisions in the end. Btw, the faster
> 'a' decision is made the better (Yes or No).
> I believe that OWASP today (April 2013) is in the perfect situation to make
> this move. There is enough money to sustain any financial loss (which I
> don't think will happen) and the OWASP projects are still in a state where a
> drop of a couple OWASP leaders wouldn't have a dramatic effect (which again
> i don't think will happen)
> So what do you say, fellow OWASP friends, should we make this jump?
> My vote is YES, lets get rid of the commercial logos in OWASP and start a
> new generation of OWASP content and tools
> Dinis Cruz
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

$ cd /pub
$ more beer

The Application Security blog you really want to read: http://armoredcode.com

More information about the OWASP-Leaders mailing list