[Owasp-leaders] Proposal: Remove all commercial/non-OWASP logos from OWASP.org

psiinon psiinon at gmail.com
Thu Apr 4 10:47:31 UTC 2013


I'm siding with Tobias.

We can treat this as a yes/no question, ie ban all logos etc vs the current
free for all, but I'd much rather we take a position between these 2
extremes.

I'd like us to agree a way to recognise the great contributions corporate
supporters bring in a way that means OWASP is (and is perceived to be)
vendor neutral. And I dont think we've got it right yet.

Cheers,

Simon


On Thu, Apr 4, 2013 at 11:21 AM, Tobias Glemser <tobias.glemser at owasp.org>wrote:

> Hi,
>
> just wanted to add:
>
> > *     it can be done since there are no 'real' contractual obligations
> for
> > OWASP to put company's XYZ logo on the OWASP site
> For the german chapter sponsorship this is false. One of the advantages for
> a chapter sponsor is a logo on the chapters website.
>
> From my point of view (personal, not german chapter, we didn't discuss this
> issue yet):
>
> Yes, let's clarify how to deal with corporate supporters. But I don't think
> it's good to remove the information of their support completely. We need
> clear rules in which context we're happy to name our sponsors and we need
> to
> define them. If someone or some company supports us, I don't think it's
> false to name them, the problem is we didn't define how and where.
>
> But you wanted a yes or a no. So for me in this moment it's a no, even if I
> clearly vote yes to clarify this issue.
>
> Br
> Tobias
>
> > -----Ursprüngliche Nachricht-----
> > Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
> > bounces at lists.owasp.org] Im Auftrag von Dinis Cruz
> > Gesendet: Donnerstag, 4. April 2013 12:00
> > An: owasp-leaders at lists.owasp.org
> > Betreff: [Owasp-leaders] Proposal: Remove all commercial/non-OWASP
> > logos from OWASP.org [ Z1 UNGESICHERT ]
> >
> > (Resending this email, since for some reason I got a bounce from the
> email
> I
> > sent to owasp-leaders a couple days ago).
> >
> > (I also blogged this at
> http://blog.diniscruz.com/2013/04/proposal-remove-
> > all-commercialnon-owasp.html , and there are already a couple good
> > comments in there from Michael and Mark)
> >
> > Following the recent threads about the commercialization of OWASP, I
> think
> > the time as come for a simple move, that will be a little bit painful,
> but
> will
> > clear the water and send a nice big message of what OWASP stands for.
> >
> > Remove all commercial/non-owasp-projects logos from OWASP.org
> >
> >
> > This move has a log of advantages:
> >
> > *     it is generic so it doesn't single out anybody
> > *     it can be done since there are no 'real' contractual obligations
> for
> > OWASP to put company's XYZ logo on the OWASP site
> >
> >       *       note that OWASP can change the content of any content
> > hosted on owasp.org , as long as the changed content is released in an
> > compatible license :)
> >       *       in fact anybody can start the
> http://owasp-without-logos.org
> > site with all content from owasp.org, expect the 3rd party logos
> >
> > *     it will push the cases where sponsor-logos are expected to exist,
> to
> > be placed in separate/dedicated 3rd party websites (like what happens
> with
> > AppSec conferences)
> >
> >       *       and if there ARE execptions, they should be treated as
> one-of
> > exceptions (and be fully documented)
> >
> > *     it will stop the current 'F1/NASCAR logo parade' that is the OWASP
> > main page, and some of its projects
> > *     it will stop the nasty and non-productive "hey that company
> > shouldn't have their logo in that project" threads
> > *     it will send a strong message that OWASP is about sharing
> > information and all information/tools/projects that are 'donated' to
> owasp
> > are supposed to be shared in a no-strings/logos attached mode
> > *     it will clarify that the OWASP logo, name, tools and content CAN be
> > used in commercial situations, as long as it is done outside of OWASP.org
> > *     it shows a sign of maturity for OWASP, where OWASP doesn't need
> > (anymore) to sell a bit of its soul in exchange for good content and
> tools
> > *     it shows that OWASP's value to the corporate sponsors, is NOT a
> logo
> > on owasp.org, but the amazing value provided by the multiple OWASP
> > activities, events and projects.
> > *     it shows that OWASP can learn from others, and in this case, follow
> > (as Jim recommended) the Apache foundation example (see
> > http://www.apache.org/foundation/marks/responsibility.html )
> >
> > There are a couple disadvantages:
> >
> > *     Some OWASP leaders and supporting companies will be annoyed and
> > fell that 'OWASP changed the value-added they would get by contributing
> to
> > OWASP'
> > *     Some OWASP corporate sponsors might even be so angry that they
> > don't renew their anual membership
> > *     Some OWASP leaders might be so annoyed that they stop
> > contributing at all to OWASP
> > *     This is one of those issues that has the potential to generate a
> > gazilion of emails, with lots of opinions and no decisions in the end.
> Btw, the
> > faster 'a' decision is made the better (Yes or No).
> >
> > I believe that OWASP today (April 2013) is in the perfect situation to
> make
> > this move. There is enough money to sustain any financial loss (which I
> don't
> > think will happen) and the OWASP projects are still in a state where a
> drop of
> > a couple OWASP leaders wouldn't have a dramatic effect (which again i
> don't
> > think will happen)
> >
> > So what do you say, fellow OWASP friends, should we make this jump?
> >
> > My vote is YES, lets get rid of the commercial logos in OWASP and start a
> new
> > generation of OWASP content and tools
> >
> > Dinis Cruz
> >
> >
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130404/ee595318/attachment.html>


More information about the OWASP-Leaders mailing list