[Owasp-leaders] OWASP "Certification"

Dirk Wetter dirk.wetter at owasp.org
Wed Jul 3 18:19:10 UTC 2013


HI Martin.,

Am 07/03/2013 10:33 AM, schrieb martin.knobloch at owasp.org:
> Dennis,
> 
> I have been talking with brand-watching people for major companies.
> Just to hire a  solicitor or lawyer is just the visual top of the ice berg what you have to deal with!

basically not a bad idea, as they know the legal situation better. However: Those kind of lawyers
charge a ridiculous amount of money.

IMO also threating with a lawyer is kind of a last resort thing. The eye-for-an-eye strategy ends
up with losses not necessarily for the party which is right. Also don't forget: some
companies OWASP has a relationship with (e.g. sponsoring) and maybe OWASP wants to not
all of a sudden to throw this away. Please note that this is not a reason
for me to be silent. The right approach is needed.



> To sell the brand will not prevent the abusage!
> 
> As I see this, the community is very active in detecting abuse of the OWASP brand.
> We need a transparent process to report possible abusage and handling those!

ACK, as I said b4 too

BR, Dirk




> 
> Cheers,
> -martin
>   
> Sent from my BlackBerry® smartphone
> 
> -----Original Message-----
> From: "Dennis Groves" <dennis.groves at owasp.org>
> Date: Wed, 03 Jul 2013 01:27:33 
> To: <martin.knobloch at owasp.org>
> Cc: <owasp-leaders-bounces at lists.owasp.org>; Tobias Glemser<tobias.glemser at owasp.org>; <owasp-leaders at lists.owasp.org>; Andrew van der Stock<vanderaj at owasp.org>
> Subject: Re: [Owasp-leaders] OWASP "Certification"
> 
> Hello Martin,
> 
> Your voice is a voice I love to hear. You have dedicated years and years 
> of hard work building the OWASP community. So, I take what you say very 
> seriously. I am not saying I have any answers here; and I for certain 
> don't know everything. So let me propose a question.
> 
> Martin, people are already using and abusing the OWASP brand. Is it 
> really 'selling out' for us to at least 'charge a fee' for the use of 
> the brand?
> 
> Of course, I am assuming that if we did charge a fee, we would hire a 
> Solicitor/Lawyer to clarify the conditions on how the brand maybe used 
> and what the fee's are.
> 
> Dennis
> 
> On 3 Jul 2013, at 1:16, martin.knobloch at owasp.org wrote:
> 
>> Dennis,
>>
>> Yes, OWASP needs money to pursuit the mission.
>> But..
>> OWASP has gained reputation because of being independent!
>> If we sell-out OWASP, we can kill the reputation!
>>
>> We do have money for out employees and initiatives as 'OWASP on the 
>> Move', so I do not see where this comes from!
>>
>> Cheers,
>> -martin
>>
>>
>>
>> Sent from my BlackBerry® smartphone
>>
>> -----Original Message-----
>> From: "Dennis Groves" <dennis.groves at owasp.org>
>> Sender: owasp-leaders-bounces at lists.owasp.org
>> Date: Wed, 03 Jul 2013 01:04:18
>> To: Tobias Glemser<tobias.glemser at owasp.org>
>> Cc: <owasp-leaders at lists.owasp.org>
>> Subject: Re: [Owasp-leaders] OWASP "Certification"
>>
>> On 3 Jul 2013, at 0:12, Tobias Glemser wrote:
>>
>>> Dennis,
>>>
>>> what is our goal? Make money or keep up the fantastic work of
>>> volunteers
>>> which made the brand what it is today.
>>
>> I believe our goal is very clear, it is definitely a machine to enable
>> volunteers! And in a perfect world we could pursue our altruism
>> exclusively. Unfortunately, we live in a world that requires money to
>> pursue our mission.
>>
>> They say you have to be able to help yourself before you can help
>> another person.
>> Warren Buffet and Bill Gates are arguably able to help more people 
>> than
>> you and I through their notorious charities, which are enabled a 
>> result
>> of their wealth.
>>
>> Similarly for a non-profit like OWASP; if we do not pay the bills - we
>> are not going to be able to help anybody for very long. Therefore, I 
>> do
>> not see the question as an XOR as you described above; I see it as AND 
>> -
>> how do we marry our mission and money?
>>
>> Let me ask you another question - do you think we should fire the
>> employee's or do you think they create value for the organisation? Do
>> you think things like AppSec conferences are valuable to the community
>> or should we abandon them? What about having world class speakers, 
>> speak
>> at your local chapter like Jim Manico, Dinis Cruz, John Wilander or
>> Jerry Hoff through 'OWASP on the move'??
>>
>> Did you know that our 'sponsorships and memberships' are not paying 
>> the
>> bills? Did you know we finance OWASP entirely through the AppSec
>> conferences? Did you know that if we loose money at any AppSec event,
>> OWASP faces bankruptcy and may fail to exist entirely?
>>
>> All that stuff costs money, and there is so much, much more we could 
>> do
>> if we had more money! Currently, OWASP operates on a very nearly break
>> even basis. If we want to do more, we need more money! Licensing the
>> brand is one very obvious and low maintenance way to provide that
>> revenue so we can do more awesome stuff at OWASP!
>>
>> Did you know that we pay Matt only $12k per year to maintain the 
>> entire
>> IT operations of OWASP? Matt works a full-time job elsewhere and takes
>> his personal holidays to volunteer for OWASP. This time belongs to him
>> and his family, not to OWASP! While I am very grateful for his 
>> service,
>> Matt totally deserves a living wage, and OWASP should be providing him
>> time with his family on his holidays not taking it from him! In fact 
>> he
>> really should have enough money to hire some relief! While Matt does 
>> an
>> incredible job for the community, I think that OWASP can and should be
>> doing much better than this.
>>
>> And, that is a single example, I could go on for days… And I have no
>> doubt that I am not alone in how money can be used to make OWASP 
>> better.
>>
>> Josh Sokol, for example has one of the most successful and profitable
>> OWASP chapters in the United States, and he very definitely knows how
>> his chapter benefits from money, but he also knows how to make those
>> investments support OWASP. His chapter recently provided $150k to the
>> OWASP foundation, which is being used to enable AppSec New York. 
>> Without
>> Josh, OWASP would be much poorer indeed. Josh is a chapter leader we 
>> can
>> all learn from, and I bet he runs his chapter like a business.
>>
>> As a community I believe we need to accept the fact that when OWASP
>> profits, we are all in a much better position to pursue our altruistic
>> mission.
>>
>> Dennis
>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-
>>>> bounces at lists.owasp.org] Im Auftrag von Dennis Groves
>>>> Gesendet: Dienstag, 2. Juli 2013 23:03
>>>> An: Dirk Wetter
>>>> Cc: owasp-leaders at lists.owasp.org
>>>> Betreff: Re: [Owasp-leaders] OWASP "Certification" [ Z1 UNGESICHERT 
>>>> ]
>>>>
>>>> This is really great, it is essentially free marketing for OWASP.
>>>>
>>>> However, this is an example of how we fail to capture value. What is
>>>> lost
>>> is an
>>>> opportunity to license the use of the 'OWASP' brand - which is one
>>>> way we
>>>> have historically left money on the table. (Samantha's
>>>> Idea...)
>>>>
>>>> A non-profit can not exist on handouts alone; that is we will be
>>>> bankrupt
>>>> before long if we keep asking for sponsorships. This is why it is
>>> **critical**
>>>> we start acting like a proper business, and move to profit 
>>>> generating
>>> revenue
>>>> models.
>>>>
>>>> Cheers,
>>>> Dennis
>>>>
>>>>
>>>>
>>>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>>>
>>>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>>>> I believe the board is aware and we reached out. How great are we
>>>>>> that people want to rip off our brand, congrats all :) I'd 
>>>>>> probably
>>>>>> expect more of this to come from countries which do not respect
>>>>>> intellectual property or tradark rights.
>>>>>
>>>>> e.g. Qualys.https://www.qualys.com/forms/freescan/owasp/
>>>>>
>>>>> Dear board: pls set up a plan how to deal with those case
>>>>> appropriately and then just do it.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Dirk
>>
>>
>> -- 
>> [Dennis Groves](http://about.me/dennis.groves), MSc
>> [Email me](mailto:dennis.groves at owasp.org) or [schedule a
>> meeting](http://goo.gl/8sPIy).
>>
>>> "Unless someone like you...cares a whole awful lot...nothing is going
>>> to get better...It's not." -- The Lorax
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 


-- 
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1


More information about the OWASP-Leaders mailing list