[Owasp-leaders] OWASP "Certification"

Yune Sung yune.sung at owasp.org
Mon Jul 8 00:36:37 UTC 2013

Hi folks,

This is Yune from Korea chapter.
For the issues of profiting OWASP, I agree with Dennis. It is no doubt that
we need money to run OWASP, and I guess it does not mean pursuing profit
hurts OWASP brand value, but it could increase it.
If we are concerning about negative things, we can set up detailed rules to
prevent them.

In Korea we see lots of entities and people use OWASP name or knowledge,
and they are making money a lot, but we can not see many of them are
supporting OWASP activities in Korea.
I guess it's right time for OWASP to turn to new way and policy.

FYI, in Korea, we think that we are planning OWASP top 10 pen testing
verification service. It comes from the reality that there are so many
websites to say we get OWASP top 10 compliant pen test. but who verified
the result? This could be really effective. We are looking for the way of
how we could approach. Please give us any feedback for this:-)

Thank you very much!



On Wed, Jul 3, 2013 at 6:22 AM, Boris Hemkemeier <boris at owasp.org> wrote:

> Can not agree.  "Free marketing for OWASP"? What is the stronger brand in
> web app security? Qualis or OWASP?
> Of course, "OWASP" is the stronger brand! That's the reason for quoting
> OWASP. Qualys writes about an "OWASP Web App Audit" (see
> https://www.qualys.com/forms/**freescan/owasp/<https://www.qualys.com/forms/freescan/owasp/>) which *looks* like an OWASP product or standard but it is not. They could
> write about a "free scan for vulnerabilities from the OWASP Top Ten (R)"
> but they do not.
> IMHO their web page is a violation of the OWASP brand usage rules (
> https://www.owasp.org/index.**php/OWASP_brand_usage_rules<https://www.owasp.org/index.php/OWASP_brand_usage_rules>),
> in particular of Rule 4 "The OWASP Brand may be used in association with an
> application security assessment only if a complete and detailed
> methodology, sufficient to reproduce the results, is disclosed. "
>  Boris
> Am 02.07.2013 23:02, schrieb Dennis Groves:
>  This is really great, it is essentially free marketing for OWASP.
>> However, this is an example of how we fail to capture value. What is lost
>> is an opportunity to license the use of the 'OWASP' brand - which is one
>> way we have historically left money on the table. (Samantha's Idea...)
>> A non-profit can not exist on handouts alone; that is we will be bankrupt
>> before long if we keep asking for sponsorships. This is why it is
>> **critical** we start acting like a proper business, and move to profit
>> generating revenue models.
>> Cheers,
>> Dennis
>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>  Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>> I believe the board is aware and we reached out. How great are we that
>>>> people want to rip off our
>>>> brand, congrats all :)
>>>> I'd probably expect more of this to come from countries which do not
>>>> respect intellectual property
>>>> or tradark rights.
>>> e.g. Qualys.https://www.qualys.com/**forms/freescan/owasp/<https://www.qualys.com/forms/freescan/owasp/>
>>> Dear board: pls set up a plan how to deal with those case appropriately
>>> and then just do it.
>>> Cheers,
>>> Dirk
> ______________________________**_________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130708/bc60dcd9/attachment.html>

More information about the OWASP-Leaders mailing list