[Owasp-leaders] OWASP "Certification"

Dirk Wetter dirk.wetter at owasp.org
Tue Jul 2 21:22:39 UTC 2013


Am 07/02/2013 11:16 PM, schrieb Dirk Wetter:
> Chris,
>
>
> Am 07/02/2013 11:00 PM, schrieb Chris Schmidt:
>> The Qualys example is quite different IMHO - they are not making any
>> claims that they are "Certified" or "Preferred" or any of the other
>> buzz-words that I have seen in the past. 
> yes, but it's still clearly an abuse of our brand if someone claims to
> make an "OWASP Audit". I read it not as "we do an assessment according
> to OWASP top 10" but it insinuates that there's something like an official OWASP
> assessment. And there's not such thing.
correcting myself: Well, I suppose online scanning doesn't comply w/ the testing guide.

>
> They are overdoing the wording here.
>
>
>> This is nothing new. Qualys is
>> stating that they will run a report that uses OWASP Guidelines, which
>> tells me they are basically using the T10 as a guide for vulnerability
>> reporting and using OWASP Guidance for remediation of those issues. 
> Pls read the title tag of the website and H1>, <h2>
>
>> The
>> aforementioned example blatantly lies saying that they are "OWASP
>> Certified" - no such thing exists and is a blatant violation of the OWASP
>> Brand Usage.
> ACK
>
> Thx,
>
> Dirk
>> On 7/2/13 2:48 PM, "Dirk Wetter" <dirk.wetter at owasp.org> wrote:
>>
>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>> I believe the board is aware and we reached out. How great are we that
>>>> people want to rip off our
>>>> brand, congrats all :)
>>>> I'd probably expect more of this to come from countries which do not
>>>> respect intellectual property
>>>> or tradark rights.
>>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>>>
>>> Dear board: pls set up a plan how to deal with those case appropriately
>>> and then just do it.
>>>
>>> Cheers,
>>>
>>> Dirk
>>>
>>>
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>>
>>>>
>>>> On 2 Jul 2013, at 15:33, Jason Johnson <jason.johnson at owasp.org
>>>> <mailto:jason.johnson at owasp.org>>
>>>> wrote:
>>>>
>>>>> These people pop up all the time. We need a wall of shame.
>>>>>
>>>>> Jason Johnson
>>>>> OWASP
>>>>> Oklahoma City, OK
>>>>>
>>>>> On Jul 2, 2013 8:15 AM, "Ludovic Petit" <ludovic.petit at owasp.org
>>>>> <mailto:ludovic.petit at owasp.org>> wrote:
>>>>>
>>>>>     Hi there,
>>>>>
>>>>>     Jason (Alexander, @0wasp) tweeted this a couple of weeks ago on 14
>>>>> june:
>>>>>
>>>>>     Anyone seen
>>>>> this?http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm Š
>>>>> the
>>>>>     firewall recieved WAF certification from @owasp ??
>>>>>
>>>>>     http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm
>>>>>
>>>>>     I was just wondering about "... OWASP does not endorse or
>>>>> recommend commercial products or
>>>>>     services..."
>>>>>
>>>>>     Did I missed something?
>>>>>
>>>>>     -- 
>>>>>     Ludovic
>>>>>
>>>>>     _______________________________________________
>>>>>     OWASP-Leaders mailing list
>>>>>     OWASP-Leaders at lists.owasp.org
>>>>> <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> -- 
>>> German OWASP Board, Conference Chair AppSec EU 2013
>>> http://appsec.eu/       |                 @appseceu
>>> skype://drwetter.de     |      tel:+49-40-2442035-1
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


-- 
German OWASP Board, Conference Chair AppSec EU 2013 
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1



More information about the OWASP-Leaders mailing list