[Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now Available

psiinon psiinon at gmail.com
Thu Feb 21 09:29:43 UTC 2013


I think that there should only be OWASP and/or or the project logos on the
'front' and 'main' pages of a project.
So for a documentation one then that really would be the front page, and
for tools that would be the first and most commonly used screens.
I dont have a problem with reasonably sized Corporate logos on a Sponsors
or Supporters page.
So as it happens I'm fine with the Aspect logo on the new Top 10 RC,
although I cant comment on whether other logos should be there as well.
And the previous WebGoat would fail this test, but could pass if the logo
was moved onto a separate Sponsors page.
But I'm uncomfortable with the idea of sponsors of the cheat sheets - they
are all 'front' page and so should be sponsor free.

I think the key thing is whether someone new to the project would be
confused as to whether this was an OWASP project, a Company XYZ project or
a joint project. It should be obvious that its the first of these.

So yes, I think spelling out these sort of things is worthwhile, but its
the spirit of the thing thats important as theres always the possibility of
someone trying to subvert that while keeping to the 'letter of the law'.

Cheers,

Simon

On Thu, Feb 21, 2013 at 9:11 AM, Jim Manico <jim.manico at owasp.org> wrote:

> I like this idea and will suggest to Samantha that we codify it as a
> project rule moving forward.
>
> 1) So for WebGoat (as an example), this would mean we would remove the
> current logos in the next version and replace it with a link to the wiki
> sponsor page for WebGoat. I like this, reasonable?
>
> 2) What about content? Should we allow corporate logos on "release"
> versions of content like the different dev/testing guides, top ten or the
> cheat sheets?
>
> I know this is a bit pedantic, but I'd like to set a clear policy here so
> we are all playing with the same project rules. Your opinions all matter.
>
> Thanks all,
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Feb 21, 2013, at 5:43 PM, psiinon <psiinon at gmail.com> wrote:
>
> We do exactly that for ZAP:
> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#Sponsors
>
> So +1 from me
>
> On Wed, Feb 20, 2013 at 2:21 PM, Ryan Barnett <ryan.barnett at owasp.org>wrote:
>
>> I mentioned the same thing to Jim yesterday.  One idea is to add a TAB to
>> the default project template pages for "Project Sponsors" like this -
>>
>> https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Pr
>> oject#Project_Sponsors<https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#Project_Sponsors>
>>
>>
>> -Ryan
>>
>> On 2/20/13 2:40 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
>>
>> >> I would suggest having a dedicated page in the wiki that list project
>> >>sponsors instead of having logos everywhere.
>> >
>> >This is the kind of compromise over vendor-neutrality that I can get
>> >behind.
>> >
>> >I am not at all anti-vendor, I just want our community - especially
>> >leaders - to respect ethical boundaries that were set by the founders
>> >years ago.
>> >
>> >We have conferences with vendor showcases, that is not going to stop. We
>> >have "networking" events where vendors are allowed to participate. We
>> >have wonderful corporate sponsors who we place on our website. These are
>> >all reasonable OWASP/vendor relations.
>> >
>> >The devil is in the detail, and I agree we need to work on better "use
>> >and abuse" cases to make these boundaries a lot more clear to the
>> >community.
>> >
>> >Respectfully,
>> >--
>> >Jim O'Manic
>> >@Manicode
>> >
>> >
>> >
>> >On 2/19/13 2:03 PM, Amro wrote:
>> >> I would suggest having a dedicated page in the wiki that list project
>> >>sponsors instead of having logos everywhere.
>> >>
>> >> My 2 cents.
>> >> Sent from BlackBerry®. Excuse typo's and brevity.
>> >>
>> >> -----Original Message-----
>> >> From: Konstantinos Papapanagiotou <konstantinos at owasp.org>
>> >> Sender: owasp-leaders-bounces at lists.owasp.org
>> >> Date: Tue, 19 Feb 2013 22:31:29
>> >> To: psiinon<psiinon at gmail.com>
>> >> Cc: OWASP Leaders<owasp-leaders at lists.owasp.org>
>> >> Subject: Re: [Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now
>> >>      Available
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >
>> >
>> >> I would suggest having a dedicated page in the wiki that list project
>> >>sponsors instead of having logos everywhere.
>> >>
>> >> My 2 cents.
>> >> Sent from BlackBerry®. Excuse typo's and brevity.
>> >>
>> >> -----Original Message-----
>> >> From: Konstantinos Papapanagiotou <konstantinos at owasp.org>
>> >> Sender: owasp-leaders-bounces at lists.owasp.org
>> >> Date: Tue, 19 Feb 2013 22:31:29
>> >> To: psiinon<psiinon at gmail.com>
>> >> Cc: OWASP Leaders<owasp-leaders at lists.owasp.org>
>> >> Subject: Re: [Owasp-leaders] OWASP Top 10 - 2013 Release Candidate Now
>> >>      Available
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >
>> >_______________________________________________
>> >OWASP-Leaders mailing list
>> >OWASP-Leaders at lists.owasp.org
>> >https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130221/0121744a/attachment.html>


More information about the OWASP-Leaders mailing list