[Owasp-leaders] OWASP "Certification"

Boris Hemkemeier boris at owasp.org
Tue Jul 2 21:22:06 UTC 2013

Can not agree.  "Free marketing for OWASP"? What is the stronger brand 
in web app security? Qualis or OWASP?

Of course, "OWASP" is the stronger brand! That's the reason for quoting 
OWASP. Qualys writes about an "OWASP Web App Audit" (see 
https://www.qualys.com/forms/freescan/owasp/ ) which *looks* like an 
OWASP product or standard but it is not. They could write about a "free 
scan for vulnerabilities from the OWASP Top Ten (R)" but they do not.

IMHO their web page is a violation of the OWASP brand usage rules 
(https://www.owasp.org/index.php/OWASP_brand_usage_rules), in particular 
of Rule 4 "The OWASP Brand may be used in association with an 
application security assessment only if a complete and detailed 
methodology, sufficient to reproduce the results, is disclosed. "


Am 02.07.2013 23:02, schrieb Dennis Groves:
> This is really great, it is essentially free marketing for OWASP.
> However, this is an example of how we fail to capture value. What is 
> lost is an opportunity to license the use of the 'OWASP' brand - which 
> is one way we have historically left money on the table. (Samantha's 
> Idea...)
> A non-profit can not exist on handouts alone; that is we will be 
> bankrupt before long if we keep asking for sponsorships. This is why 
> it is **critical** we start acting like a proper business, and move to 
> profit generating revenue models.
> Cheers,
> Dennis
> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>> I believe the board is aware and we reached out. How great are we 
>>> that people want to rip off our
>>> brand, congrats all :)
>>> I'd probably expect more of this to come from countries which do not 
>>> respect intellectual property
>>> or tradark rights.
>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>> Dear board: pls set up a plan how to deal with those case 
>> appropriately and then just do it.
>> Cheers,
>> Dirk

More information about the OWASP-Leaders mailing list