[Owasp-leaders] Proposal: Remove all commercial/non-OWASP logos from OWASP.org

psiinon psiinon at gmail.com
Thu Apr 4 14:18:23 UTC 2013

Hey Jim,

You mean like this: http://code.google.com/p/zaproxy/wiki/HelpCredits :)
That is the official list of credits which is also included in the ZAP help
file in every release.
I could just copy that onto the OWASP wiki, but its hard to keep all the
information in sync ;)

Just so you all know, none of the companies on the 'Supporters' page has
required me to add there names there.
I added that page because I thought it was a good idea to recognise their
contributions, and because I think it shows the amount of support that ZAP
is receiving.

So theres actually nothing stopping me from just removing that page, and
I'll do that if thats the direction we decide to go in.
Obviously I like the idea of having that page (as I added it) but its not
something I feel really strongly about.
I'd much rather we move all of the logos off the OWASP front page to an
OWASP supporters page as per Apache (as many of you have suggested).



On Thu, Apr 4, 2013 at 2:10 PM, Jim Manico <jim.manico at owasp.org> wrote:

> If we went with the Apache model (Apache is of course a very
> project-driven vendor-neutral non-profit), then projects would list a table
> of •individual contributors• (which could include a company name if the
> contributor wished).
> For example: http://hadoop.apache.org/who.html
> Projects would link back to the global sponsorship page as well.
> Basically, project sponsors (for content and tools) would go away. But
> individual contributors could list their company on the project contributor
> page.
> The purpose of this is:
> 1) To focus on celebrating individuals who work on projects
> 2) Ensure neutrality and branding of projects as "OWASP Projects"
> This is just an idea to consider, Simon.
> As leader of one of our most active, well maintained, and feature rich
> OWASP tools, Simon, your opinion on this really matters to me. What do you
> think?
> Imagine your Zap "sponsor" page morphing to a "list of contributors" page
> where individual contributors could list the organization they work for.
> The other reason Apache is so against project sponsors is the following:
> imagine if a bunch of volunteers worked on a project for many many hours
> and then a sponsor jumped in at the end and paid to have their logo or name
> associated with it. This is why Apache only allows conference or "global"
> sponsors, I believe.
> Cheers,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Apr 4, 2013, at 7:26 PM, psiinon <psiinon at gmail.com> wrote:
> That sounds good to me.
> Can projects still refer to their sponsors by name without using their
> logo?
> Eg is this allowed:
> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#Sponsors
> Cheers,
> Simon
> On Thu, Apr 4, 2013 at 12:20 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> The only other place Apache allows for corporate logos is for conference
>> sponsorships.
>> Example: http://na.apachecon.com/sponsors/
>> I'm not a fan of logos on chapter pages, but my opinion aside, many
>> organizations sponsor a location for chapter meetings as well as food and
>> drink. We need these locations for chapters to thrive.
>> So perhaps logos only go in three locations:
>> 1) Wiki dedicated sponsorship page
>> 2) Chapter wiki pages
>> 3) Conference pages
>> And let those be the only allowed locations.
>> This means that we remove logos from the homepage, project pages and
>> project deliverables. (But we link to the main sponsorship pages from these
>> locations).
>> Fair?
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> On Apr 4, 2013, at 6:56 PM, Seba <seba at owasp.org> wrote:
>> how about the sponsor logos on the conference / chapter pages?
>> they represent a significant budget to keep our events afloat
>> regards
>> Seba
>> On Thu, Apr 4, 2013 at 12:00 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>> *(Resending this email, since for some reason I got a bounce from the
>>> email I sent to owasp-leaders a couple days ago).*
>>>  *(I also blogged this at
>>> http://blog.diniscruz.com/2013/04/proposal-remove-all-commercialnon-owasp.html, and there are already a couple good comments in there from Michael and
>>> Mark)*
>>> Following the recent threads about the commercialization of OWASP, I
>>> think the time as come for a simple move, that will be a little bit
>>> painful, but will clear the water and send a nice big message of what OWASP
>>> stands for.
>>> *Remove all commercial/non-owasp-projects logos from OWASP.org*
>>> This move has a log of advantages:
>>>    - it is generic so it doesn't single out anybody
>>>    - it can be done since there are no 'real' contractual obligations
>>>    for OWASP to put company's XYZ logo on the OWASP site
>>>       - note that OWASP can change the content of any content hosted on
>>>       owasp.org , as long as the changed content is released in an
>>>       compatible license :)
>>>       - in fact anybody can start the http://owasp-without-logos.orgsite with all content from
>>>       owasp.org, expect the 3rd party logos
>>>    - it will push the cases where sponsor-logos are expected to exist,
>>>    to be placed in separate/dedicated 3rd party websites (like what happens
>>>    with AppSec conferences)
>>>       - and if there ARE execptions, they should be treated as one-of
>>>       exceptions (and be fully documented)
>>>    - it will stop the current *'F1/NASCAR logo parade'* that is the
>>>    OWASP main page, and some of its projects
>>>    - it will stop the nasty and non-productive *"hey that
>>>    company shouldn't have their logo in that project"* threads
>>>    - it will send a strong message that OWASP is about sharing
>>>    information and all information/tools/projects that are 'donated' to owasp
>>>    are supposed to be shared in a no-strings/logos attached mode
>>>    - it will clarify that *the OWASP logo, name, tools and content CAN
>>>    be used in commercial situations, as long as it is done outside of
>>>    OWASP.org*
>>>    - it shows a sign of maturity for OWASP, where OWASP doesn't need
>>>    (anymore) to sell a bit of its soul in exchange for good content and tools
>>>    - it shows that OWASP's value to the corporate sponsors, is NOT a
>>>    logo on owasp.org, but the amazing value provided by the multiple
>>>    OWASP activities, events and projects.
>>>    - it shows that OWASP can learn from others, and in this case,
>>>    follow (as Jim recommended) the Apache foundation example (see
>>>    http://www.apache.org/foundation/marks/responsibility.html )
>>> There are a couple disadvantages:
>>>    - Some OWASP leaders and supporting companies will be annoyed and
>>>    fell that *'OWASP changed the value-added they would get by
>>>    contributing to OWASP'*
>>>    - Some OWASP corporate sponsors might even be so angry that they
>>>    don't renew their anual membership
>>>    - Some OWASP leaders might be so annoyed that they stop contributing
>>>    at all to OWASP
>>>    - This is one of those issues that has the potential to generate a
>>>    gazilion of emails, with lots of opinions and no decisions in the end. Btw,
>>>    the faster 'a' decision is made the better (Yes or No).
>>> I believe that OWASP today (April 2013) is in the perfect situation to
>>> make this move. There is enough money to sustain any financial loss (which
>>> I don't think will happen) and the OWASP projects are still in a state
>>> where a drop of a couple OWASP leaders wouldn't have a dramatic effect
>>> (which again i don't think will happen)
>>> So what do you say, fellow OWASP friends, should we make this jump?
>>> *My vote is YES, lets get rid of the commercial logos in OWASP and
>>> start a new generation of OWASP content and tools*
>>> Dinis Cruz
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader

OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130404/9074aac6/attachment.html>

More information about the OWASP-Leaders mailing list