[Owasp-leaders] OWASP "Certification"

Chris Schmidt chris.schmidt at aspectsecurity.com
Tue Jul 2 21:00:46 UTC 2013


The Qualys example is quite different IMHO - they are not making any
claims that they are "Certified" or "Preferred" or any of the other
buzz-words that I have seen in the past. This is nothing new. Qualys is
stating that they will run a report that uses OWASP Guidelines, which
tells me they are basically using the T10 as a guide for vulnerability
reporting and using OWASP Guidance for remediation of those issues. The
aforementioned example blatantly lies saying that they are "OWASP
Certified" - no such thing exists and is a blatant violation of the OWASP
Brand Usage.

On 7/2/13 2:48 PM, "Dirk Wetter" <dirk.wetter at owasp.org> wrote:

>
>
>Am 07/02/2013 04:22 PM, schrieb Owasp:
>> I believe the board is aware and we reached out. How great are we that
>>people want to rip off our
>> brand, congrats all :)
>> I'd probably expect more of this to come from countries which do not
>>respect intellectual property
>> or tradark rights.
>
>e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>
>Dear board: pls set up a plan how to deal with those case appropriately
>and then just do it.
>
>Cheers,
>
>Dirk
>
>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 2 Jul 2013, at 15:33, Jason Johnson <jason.johnson at owasp.org
>><mailto:jason.johnson at owasp.org>>
>> wrote:
>>
>>> These people pop up all the time. We need a wall of shame.
>>>
>>> Jason Johnson
>>> OWASP
>>> Oklahoma City, OK
>>>
>>> On Jul 2, 2013 8:15 AM, "Ludovic Petit" <ludovic.petit at owasp.org
>>> <mailto:ludovic.petit at owasp.org>> wrote:
>>>
>>>     Hi there,
>>>
>>>     Jason (Alexander, @0wasp) tweeted this a couple of weeks ago on 14
>>>june:
>>>
>>>     Anyone seen
>>>this?http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm Š
>>>the
>>>     firewall recieved WAF certification from @owasp ??
>>>
>>>     http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm
>>>
>>>     I was just wondering about "... OWASP does not endorse or
>>>recommend commercial products or
>>>     services..."
>>>
>>>     Did I missed something?
>>>
>>>     -- 
>>>     Ludovic
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org
>>><mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>-- 
>German OWASP Board, Conference Chair AppSec EU 2013
>http://appsec.eu/       |                 @appseceu
>skype://drwetter.de     |      tel:+49-40-2442035-1
>
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list