[Owasp-leaders] OWASP "Certification"
dennis.groves at owasp.org
Thu Jul 25 04:31:12 UTC 2013
Thank you for this Yune. :-)
On 7 Jul 2013, at 17:36, Yune Sung wrote:
> Hi folks,
> This is Yune from Korea chapter.
> For the issues of profiting OWASP, I agree with Dennis. It is no doubt
> we need money to run OWASP, and I guess it does not mean pursuing
> hurts OWASP brand value, but it could increase it.
> If we are concerning about negative things, we can set up detailed
> rules to
> prevent them.
> In Korea we see lots of entities and people use OWASP name or
> and they are making money a lot, but we can not see many of them are
> supporting OWASP activities in Korea.
> I guess it's right time for OWASP to turn to new way and policy.
> FYI, in Korea, we think that we are planning OWASP top 10 pen testing
> verification service. It comes from the reality that there are so many
> websites to say we get OWASP top 10 compliant pen test. but who
> the result? This could be really effective. We are looking for the way
> how we could approach. Please give us any feedback for this:-)
> Thank you very much!
> On Wed, Jul 3, 2013 at 6:22 AM, Boris Hemkemeier <boris at owasp.org>
>> Can not agree. "Free marketing for OWASP"? What is the stronger
>> brand in
>> web app security? Qualis or OWASP?
>> Of course, "OWASP" is the stronger brand! That's the reason for
>> OWASP. Qualys writes about an "OWASP Web App Audit" (see
>> which *looks* like an OWASP product or standard but it is not. They
>> write about a "free scan for vulnerabilities from the OWASP Top Ten
>> but they do not.
>> IMHO their web page is a violation of the OWASP brand usage rules (
>> in particular of Rule 4 "The OWASP Brand may be used in association
>> with an
>> application security assessment only if a complete and detailed
>> methodology, sufficient to reproduce the results, is disclosed. "
>> Am 02.07.2013 23:02, schrieb Dennis Groves:
>> This is really great, it is essentially free marketing for OWASP.
>>> However, this is an example of how we fail to capture value. What is
>>> is an opportunity to license the use of the 'OWASP' brand - which is
>>> way we have historically left money on the table. (Samantha's
>>> A non-profit can not exist on handouts alone; that is we will be
>>> before long if we keep asking for sponsorships. This is why it is
>>> **critical** we start acting like a proper business, and move to
>>> generating revenue models.
>>> On 2 Jul 2013, at 13:48, Dirk Wetter wrote:
>>> Am 07/02/2013 04:22 PM, schrieb Owasp:
>>>>> I believe the board is aware and we reached out. How great are we
>>>>> people want to rip off our
>>>>> brand, congrats all :)
>>>>> I'd probably expect more of this to come from countries which do
>>>>> respect intellectual property
>>>>> or tradark rights.
>>>> Dear board: pls set up a plan how to deal with those case
>>>> and then just do it.
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
Unless someone like you...cares a whole awful lot...
nothing is going to get better...It's not."
-- The Lorax
More information about the OWASP-Leaders