[Owasp-leaders] OWASP "Certification"

Dennis Groves dennis.groves at owasp.org
Thu Jul 25 04:31:12 UTC 2013


Thank you for this Yune. :-)

On 7 Jul 2013, at 17:36, Yune Sung wrote:

> Hi folks,
>
> This is Yune from Korea chapter.
> For the issues of profiting OWASP, I agree with Dennis. It is no doubt 
> that
> we need money to run OWASP, and I guess it does not mean pursuing 
> profit
> hurts OWASP brand value, but it could increase it.
> If we are concerning about negative things, we can set up detailed 
> rules to
> prevent them.
>
> In Korea we see lots of entities and people use OWASP name or 
> knowledge,
> and they are making money a lot, but we can not see many of them are
> supporting OWASP activities in Korea.
> I guess it's right time for OWASP to turn to new way and policy.
>
> FYI, in Korea, we think that we are planning OWASP top 10 pen testing
> verification service. It comes from the reality that there are so many
> websites to say we get OWASP top 10 compliant pen test. but who 
> verified
> the result? This could be really effective. We are looking for the way 
> of
> how we could approach. Please give us any feedback for this:-)
>
> Thank you very much!
>
> Regards,
>
> Yune
>
>
>
> On Wed, Jul 3, 2013 at 6:22 AM, Boris Hemkemeier <boris at owasp.org> 
> wrote:
>
>> Can not agree.  "Free marketing for OWASP"? What is the stronger 
>> brand in
>> web app security? Qualis or OWASP?
>>
>> Of course, "OWASP" is the stronger brand! That's the reason for 
>> quoting
>> OWASP. Qualys writes about an "OWASP Web App Audit" (see
>> https://www.qualys.com/forms/**freescan/owasp/<https://www.qualys.com/forms/freescan/owasp/>) 
>> which *looks* like an OWASP product or standard but it is not. They 
>> could
>> write about a "free scan for vulnerabilities from the OWASP Top Ten 
>> (R)"
>> but they do not.
>>
>> IMHO their web page is a violation of the OWASP brand usage rules (
>> https://www.owasp.org/index.**php/OWASP_brand_usage_rules<https://www.owasp.org/index.php/OWASP_brand_usage_rules>),
>> in particular of Rule 4 "The OWASP Brand may be used in association 
>> with an
>> application security assessment only if a complete and detailed
>> methodology, sufficient to reproduce the results, is disclosed. "
>>
>> Boris
>>
>>
>> Am 02.07.2013 23:02, schrieb Dennis Groves:
>>
>> This is really great, it is essentially free marketing for OWASP.
>>>
>>> However, this is an example of how we fail to capture value. What is 
>>> lost
>>> is an opportunity to license the use of the 'OWASP' brand - which is 
>>> one
>>> way we have historically left money on the table. (Samantha's 
>>> Idea...)
>>>
>>> A non-profit can not exist on handouts alone; that is we will be 
>>> bankrupt
>>> before long if we keep asking for sponsorships. This is why it is
>>> **critical** we start acting like a proper business, and move to 
>>> profit
>>> generating revenue models.
>>>
>>> Cheers,
>>> Dennis
>>>
>>>
>>>
>>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>>
>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>>
>>>>> I believe the board is aware and we reached out. How great are we 
>>>>> that
>>>>> people want to rip off our
>>>>> brand, congrats all :)
>>>>> I'd probably expect more of this to come from countries which do 
>>>>> not
>>>>> respect intellectual property
>>>>> or tradark rights.
>>>>>
>>>>
>>>> e.g. 
>>>> Qualys.https://www.qualys.com/**forms/freescan/owasp/<https://www.qualys.com/forms/freescan/owasp/>
>>>>
>>>> Dear board: pls set up a plan how to deal with those case 
>>>> appropriately
>>>> and then just do it.
>>>>
>>>> Cheers,
>>>>
>>>> Dirk
>>>>
>>>
>>>
>>>
>> ______________________________**_________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/**mailman/listinfo/owasp-leaders<https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


Dennis
-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

     Unless someone like you...cares a whole awful lot...
     nothing is going to get better...It's not."
                                             -- The Lorax


More information about the OWASP-Leaders mailing list