[Owasp-leaders] OWASP "Certification"

Dinis Cruz dinis.cruz at owasp.org
Wed Jul 3 12:52:31 UTC 2013


Dennis you are wrong with your logic. Selling access to the OWASP brand
will dilute it and make things worse

I'm with Martin (and others on this thread) that this is a really bad idea

Ironically if we sold the use of the OWASP brand, it would actually
increase its abuse, since it would legitimise the bad behaviour
On 3 Jul 2013 09:35, <martin.knobloch at owasp.org> wrote:

> Dennis,
>
> I have been talking with brand-watching people for major companies.
> Just to hire a  solicitor or lawyer is just the visual top of the ice berg
> what you have to deal with!
>
> To sell the brand will not prevent the abusage!
>
> As I see this, the community is very active in detecting abuse of the
> OWASP brand.
> We need a transparent process to report possible abusage and handling
> those!
>
> Cheers,
> -martin
>
> Sent from my BlackBerry® smartphone
>
> -----Original Message-----
> From: "Dennis Groves" <dennis.groves at owasp.org>
> Date: Wed, 03 Jul 2013 01:27:33
> To: <martin.knobloch at owasp.org>
> Cc: <owasp-leaders-bounces at lists.owasp.org>; Tobias Glemser<
> tobias.glemser at owasp.org>; <owasp-leaders at lists.owasp.org>; Andrew van
> der Stock<vanderaj at owasp.org>
> Subject: Re: [Owasp-leaders] OWASP "Certification"
>
> Hello Martin,
>
> Your voice is a voice I love to hear. You have dedicated years and years
> of hard work building the OWASP community. So, I take what you say very
> seriously. I am not saying I have any answers here; and I for certain
> don't know everything. So let me propose a question.
>
> Martin, people are already using and abusing the OWASP brand. Is it
> really 'selling out' for us to at least 'charge a fee' for the use of
> the brand?
>
> Of course, I am assuming that if we did charge a fee, we would hire a
> Solicitor/Lawyer to clarify the conditions on how the brand maybe used
> and what the fee's are.
>
> Dennis
>
> On 3 Jul 2013, at 1:16, martin.knobloch at owasp.org wrote:
>
> > Dennis,
> >
> > Yes, OWASP needs money to pursuit the mission.
> > But..
> > OWASP has gained reputation because of being independent!
> > If we sell-out OWASP, we can kill the reputation!
> >
> > We do have money for out employees and initiatives as 'OWASP on the
> > Move', so I do not see where this comes from!
> >
> > Cheers,
> > -martin
> >
> >
> >
> > Sent from my BlackBerry® smartphone
> >
> > -----Original Message-----
> > From: "Dennis Groves" <dennis.groves at owasp.org>
> > Sender: owasp-leaders-bounces at lists.owasp.org
> > Date: Wed, 03 Jul 2013 01:04:18
> > To: Tobias Glemser<tobias.glemser at owasp.org>
> > Cc: <owasp-leaders at lists.owasp.org>
> > Subject: Re: [Owasp-leaders] OWASP "Certification"
> >
> > On 3 Jul 2013, at 0:12, Tobias Glemser wrote:
> >
> >> Dennis,
> >>
> >> what is our goal? Make money or keep up the fantastic work of
> >> volunteers
> >> which made the brand what it is today.
> >
> > I believe our goal is very clear, it is definitely a machine to enable
> > volunteers! And in a perfect world we could pursue our altruism
> > exclusively. Unfortunately, we live in a world that requires money to
> > pursue our mission.
> >
> > They say you have to be able to help yourself before you can help
> > another person.
> > Warren Buffet and Bill Gates are arguably able to help more people
> > than
> > you and I through their notorious charities, which are enabled a
> > result
> > of their wealth.
> >
> > Similarly for a non-profit like OWASP; if we do not pay the bills - we
> > are not going to be able to help anybody for very long. Therefore, I
> > do
> > not see the question as an XOR as you described above; I see it as AND
> > -
> > how do we marry our mission and money?
> >
> > Let me ask you another question - do you think we should fire the
> > employee's or do you think they create value for the organisation? Do
> > you think things like AppSec conferences are valuable to the community
> > or should we abandon them? What about having world class speakers,
> > speak
> > at your local chapter like Jim Manico, Dinis Cruz, John Wilander or
> > Jerry Hoff through 'OWASP on the move'??
> >
> > Did you know that our 'sponsorships and memberships' are not paying
> > the
> > bills? Did you know we finance OWASP entirely through the AppSec
> > conferences? Did you know that if we loose money at any AppSec event,
> > OWASP faces bankruptcy and may fail to exist entirely?
> >
> > All that stuff costs money, and there is so much, much more we could
> > do
> > if we had more money! Currently, OWASP operates on a very nearly break
> > even basis. If we want to do more, we need more money! Licensing the
> > brand is one very obvious and low maintenance way to provide that
> > revenue so we can do more awesome stuff at OWASP!
> >
> > Did you know that we pay Matt only $12k per year to maintain the
> > entire
> > IT operations of OWASP? Matt works a full-time job elsewhere and takes
> > his personal holidays to volunteer for OWASP. This time belongs to him
> > and his family, not to OWASP! While I am very grateful for his
> > service,
> > Matt totally deserves a living wage, and OWASP should be providing him
> > time with his family on his holidays not taking it from him! In fact
> > he
> > really should have enough money to hire some relief! While Matt does
> > an
> > incredible job for the community, I think that OWASP can and should be
> > doing much better than this.
> >
> > And, that is a single example, I could go on for days… And I have no
> > doubt that I am not alone in how money can be used to make OWASP
> > better.
> >
> > Josh Sokol, for example has one of the most successful and profitable
> > OWASP chapters in the United States, and he very definitely knows how
> > his chapter benefits from money, but he also knows how to make those
> > investments support OWASP. His chapter recently provided $150k to the
> > OWASP foundation, which is being used to enable AppSec New York.
> > Without
> > Josh, OWASP would be much poorer indeed. Josh is a chapter leader we
> > can
> > all learn from, and I bet he runs his chapter like a business.
> >
> > As a community I believe we need to accept the fact that when OWASP
> > profits, we are all in a much better position to pursue our altruistic
> > mission.
> >
> > Dennis
> >
> >>> -----Ursprüngliche Nachricht-----
> >>> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
> >>> bounces at lists.owasp.org] Im Auftrag von Dennis Groves
> >>> Gesendet: Dienstag, 2. Juli 2013 23:03
> >>> An: Dirk Wetter
> >>> Cc: owasp-leaders at lists.owasp.org
> >>> Betreff: Re: [Owasp-leaders] OWASP "Certification" [ Z1 UNGESICHERT
> >>> ]
> >>>
> >>> This is really great, it is essentially free marketing for OWASP.
> >>>
> >>> However, this is an example of how we fail to capture value. What is
> >>> lost
> >> is an
> >>> opportunity to license the use of the 'OWASP' brand - which is one
> >>> way we
> >>> have historically left money on the table. (Samantha's
> >>> Idea...)
> >>>
> >>> A non-profit can not exist on handouts alone; that is we will be
> >>> bankrupt
> >>> before long if we keep asking for sponsorships. This is why it is
> >> **critical**
> >>> we start acting like a proper business, and move to profit
> >>> generating
> >> revenue
> >>> models.
> >>>
> >>> Cheers,
> >>> Dennis
> >>>
> >>>
> >>>
> >>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
> >>>
> >>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
> >>>>> I believe the board is aware and we reached out. How great are we
> >>>>> that people want to rip off our brand, congrats all :) I'd
> >>>>> probably
> >>>>> expect more of this to come from countries which do not respect
> >>>>> intellectual property or tradark rights.
> >>>>
> >>>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
> >>>>
> >>>> Dear board: pls set up a plan how to deal with those case
> >>>> appropriately and then just do it.
> >>>>
> >>>> Cheers,
> >>>>
> >>>> Dirk
> >
> >
> > --
> > [Dennis Groves](http://about.me/dennis.groves), MSc
> > [Email me](mailto:dennis.groves at owasp.org) or [schedule a
> > meeting](http://goo.gl/8sPIy).
> >
> >> "Unless someone like you...cares a whole awful lot...nothing is going
> >> to get better...It's not." -- The Lorax
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> --
> [Dennis Groves](http://about.me/dennis.groves), MSc
> [Email me](mailto:dennis.groves at owasp.org) or [schedule a
> meeting](http://goo.gl/8sPIy).
>
> > "Unless someone like you...cares a whole awful lot...nothing is going
> > to get better...It's not." -- The Lorax
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130703/342194f6/attachment.html>


More information about the OWASP-Leaders mailing list