[Owasp-leaders] OWASP "Certification"

Dirk Wetter dirk.wetter at owasp.org
Tue Jul 2 21:16:15 UTC 2013


Chris,


Am 07/02/2013 11:00 PM, schrieb Chris Schmidt:
> The Qualys example is quite different IMHO - they are not making any
> claims that they are "Certified" or "Preferred" or any of the other
> buzz-words that I have seen in the past. 
yes, but it's still clearly an abuse of our brand if someone claims to
make an "OWASP Audit". I read it not as "we do an assessment according
to OWASP top 10" but it insinuates that there's something like an official OWASP
assessment. And there's not such thing.

They are overdoing the wording here.


> This is nothing new. Qualys is
> stating that they will run a report that uses OWASP Guidelines, which
> tells me they are basically using the T10 as a guide for vulnerability
> reporting and using OWASP Guidance for remediation of those issues. 
Pls read the title tag of the website and H1>, <h2>

> The
> aforementioned example blatantly lies saying that they are "OWASP
> Certified" - no such thing exists and is a blatant violation of the OWASP
> Brand Usage.
ACK

Thx,

Dirk
>
> On 7/2/13 2:48 PM, "Dirk Wetter" <dirk.wetter at owasp.org> wrote:
>
>>
>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>> I believe the board is aware and we reached out. How great are we that
>>> people want to rip off our
>>> brand, congrats all :)
>>> I'd probably expect more of this to come from countries which do not
>>> respect intellectual property
>>> or tradark rights.
>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>>
>> Dear board: pls set up a plan how to deal with those case appropriately
>> and then just do it.
>>
>> Cheers,
>>
>> Dirk
>>
>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 2 Jul 2013, at 15:33, Jason Johnson <jason.johnson at owasp.org
>>> <mailto:jason.johnson at owasp.org>>
>>> wrote:
>>>
>>>> These people pop up all the time. We need a wall of shame.
>>>>
>>>> Jason Johnson
>>>> OWASP
>>>> Oklahoma City, OK
>>>>
>>>> On Jul 2, 2013 8:15 AM, "Ludovic Petit" <ludovic.petit at owasp.org
>>>> <mailto:ludovic.petit at owasp.org>> wrote:
>>>>
>>>>     Hi there,
>>>>
>>>>     Jason (Alexander, @0wasp) tweeted this a couple of weeks ago on 14
>>>> june:
>>>>
>>>>     Anyone seen
>>>> this?http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm Š
>>>> the
>>>>     firewall recieved WAF certification from @owasp ??
>>>>
>>>>     http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm
>>>>
>>>>     I was just wondering about "... OWASP does not endorse or
>>>> recommend commercial products or
>>>>     services..."
>>>>
>>>>     Did I missed something?
>>>>
>>>>     -- 
>>>>     Ludovic
>>>>
>>>>     _______________________________________________
>>>>     OWASP-Leaders mailing list
>>>>     OWASP-Leaders at lists.owasp.org
>>>> <mailto:OWASP-Leaders at lists.owasp.org>
>>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> -- 
>> German OWASP Board, Conference Chair AppSec EU 2013
>> http://appsec.eu/       |                 @appseceu
>> skype://drwetter.de     |      tel:+49-40-2442035-1
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
German OWASP Board, Conference Chair AppSec EU 2013 
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1



More information about the OWASP-Leaders mailing list