[Owasp-leaders] Proposal: Remove all commercial/non-OWASP logos from OWASP.org

Ludovic Petit ludovic.petit at owasp.org
Thu Apr 4 13:52:52 UTC 2013

Clever topic introduced by Dinis, and +1 with Antonio about the metrics.

However, regardless of the choice in perspective, we have to keep in mind
that OWASP has to establish a clear strategy towards  members and sponsors,
so that their commitment be valued somewhere around the wiki. Logo or else
on a wiki such as OWASP, this is somehow a kind of incentive for members or

This is also part of the "marketing business" that we need to keep in mind,

Let's start a new generation of OWASP content. Btw, why not also solicit
SisterWorks Publishing, the marketing company working with the Board, in
order to have inputs and advices about this, based on their experience and
in the aim to answer the expectations of both the Community and our


On 4 April 2013 12:00, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> *(Resending this email, since for some reason I got a bounce from the
> email I sent to owasp-leaders a couple days ago).*
> *(I also blogged this at
> http://blog.diniscruz.com/2013/04/proposal-remove-all-commercialnon-owasp.html, and there are already a couple good comments in there from Michael and
> Mark)*
> Following the recent threads about the commercialization of OWASP, I think
> the time as come for a simple move, that will be a little bit painful, but
> will clear the water and send a nice big message of what OWASP stands for.
> *Remove all commercial/non-owasp-projects logos from OWASP.org*
> This move has a log of advantages:
>    - it is generic so it doesn't single out anybody
>    - it can be done since there are no 'real' contractual obligations for
>    OWASP to put company's XYZ logo on the OWASP site
>       - note that OWASP can change the content of any content hosted on
>       owasp.org , as long as the changed content is released in an
>       compatible license :)
>       - in fact anybody can start the http://owasp-without-logos.org site
>       with all content from owasp.org, expect the 3rd party logos
>    - it will push the cases where sponsor-logos are expected to exist, to
>    be placed in separate/dedicated 3rd party websites (like what happens with
>    AppSec conferences)
>       - and if there ARE execptions, they should be treated as one-of
>       exceptions (and be fully documented)
>    - it will stop the current *'F1/NASCAR logo parade'* that is the OWASP
>    main page, and some of its projects
>    - it will stop the nasty and non-productive *"hey that
>    company shouldn't have their logo in that project"* threads
>    - it will send a strong message that OWASP is about sharing
>    information and all information/tools/projects that are 'donated' to owasp
>    are supposed to be shared in a no-strings/logos attached mode
>    - it will clarify that *the OWASP logo, name, tools and content CAN be
>    used in commercial situations, as long as it is done outside of OWASP.org
>    *
>    - it shows a sign of maturity for OWASP, where OWASP doesn't need
>    (anymore) to sell a bit of its soul in exchange for good content and tools
>    - it shows that OWASP's value to the corporate sponsors, is NOT a logo
>    on owasp.org, but the amazing value provided by the multiple OWASP
>    activities, events and projects.
>    - it shows that OWASP can learn from others, and in this case, follow
>    (as Jim recommended) the Apache foundation example (see
>    http://www.apache.org/foundation/marks/responsibility.html )
> There are a couple disadvantages:
>    - Some OWASP leaders and supporting companies will be annoyed and fell
>    that *'OWASP changed the value-added they would get by contributing to
>    OWASP'*
>    - Some OWASP corporate sponsors might even be so angry that they don't
>    renew their anual membership
>    - Some OWASP leaders might be so annoyed that they stop contributing
>    at all to OWASP
>    - This is one of those issues that has the potential to generate a
>    gazilion of emails, with lots of opinions and no decisions in the end. Btw,
>    the faster 'a' decision is made the better (Yes or No).
> I believe that OWASP today (April 2013) is in the perfect situation to
> make this move. There is enough money to sustain any financial loss (which
> I don't think will happen) and the OWASP projects are still in a state
> where a drop of a couple OWASP leaders wouldn't have a dramatic effect
> (which again i don't think will happen)
> So what do you say, fellow OWASP friends, should we make this jump?
> *My vote is YES, lets get rid of the commercial logos in OWASP and start
> a new generation of OWASP content and tools*
> Dinis Cruz
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Ludovic Petit
Chapter Leader OWASP France
Global Connections Committee

Mobile: +33 (0) 611 726 164
E-mail: ludovic.petit at owasp.org
LinkedIn: http://www.linkedin.com/in/lpetit
Homepage: https://www.owasp.org/index.php/France
Mailing list: https://lists.owasp.org/mailman/listinfo/owasp-france
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130404/40cd0017/attachment-0001.html>

More information about the OWASP-Leaders mailing list