[Owasp-leaders] jowasp.org

Jim Manico jim.manico at owasp.org
Wed Aug 27 19:28:40 UTC 2014


Thank you Jerry. I want to experiment *responsibly* and respect the 
OWASP brand rules! And by the way, I do not intend to follow any of rule 
#3 because this goal is not to advertise my or any company; I want to do 
this as an OWASP property.

So with respect I plan to "go for it". If this is successful then by all 
means we can figure out what to do next as a team.

Aloha,
Jim


        OWASP Brand Usage Rules
        https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES

The following rules make reference to the OWASP Materials, meaning any 
tools, documentation, or other content from OWASP. The rules also make 
reference to "OWASP Published Standards" which are currently in the 
process of being developed and released. Currently there are no OWASP 
Published Standards.

 1. The OWASP Brand may be used to direct people to the OWASP website
    for information about application security.
 2. The OWASP Brand may be used in commentary about the materials found
    on the OWASP website.
 3. The OWASP Brand may be used by OWASP Members in good standing to
    promote a person or company's involvement in OWASP.
 4. The OWASP Brand may be used in association with an application
    security assessment only if a complete and detailed methodology,
    sufficient to reproduce the results, is disclosed.
 5. The OWASP Brand must not be used in a manner that suggests that The
    OWASP Foundation supports, advocates, or recommends any particular
    product or technology.
 6. The OWASP Brand must not be used in a manner that suggests that a
    product or technology is compliant with any OWASP Materials other
    than an OWASP Published Standard.
 7. The OWASP Brand must not be used in a manner that suggests that a
    product or technology can enable compliance with any OWASP Materials
    other than an OWASP Published Standard.
 8. The OWASP Brand must not be used in any materials that could mislead
    readers by narrowly interpreting a broad application security
    category. For example, a vendor product that can find or protect
    against forced browsing must not claim that they address all of the
    access control category.
 9. The OWASP Brand may be used by special arrangement with The OWASP
    Foundation.


On 8/27/14, 12:15 PM, Jerry Hoff wrote:
> Just to be clear - there are no owasp restrictions regarding this, 
> right ?
>
> I think all the ideas are good, and we should implement them all - but 
> I think Jim should still build out jowasp. I think owasp needs a bit 
> more risk-taking and experimentation like this. I'm a fan!
>
>
>
> -- 
> Jerry Hoff
> jerry at owasp.com <mailto:jerry at owasp.com>
> @jerryhoff
>
> On Aug 27, 2014, at 21:56, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>> Timur,
>>
>> I would use all of the OWASP brand usage rules and style guidelines 
>> and make the work transparent to the community. At some point early 
>> in the process, I plan to transfer ownership of the domain to OWASP.
>>
>> > a) owasp.org <http://owasp.org/> has non-attractive design. But 
>> there is web redesign project under way, so why duplicate design 
>> efforts?!
>>
>> I have a different vision. I want to only highlight Java developer 
>> projects, not do a full redesign of the main website.
>>
>> And if it's successful I say keep supporting and enhancing it as 
>> opposed to kill it. ;)
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Aug 27, 2014, at 11:48 AM, "Timur 'x' Khrotko (owasp)" 
>> <timur at owasp.org <mailto:timur at owasp.org>> wrote:
>>
>>> Hello, Jim,
>>>
>>> (be careful with using owasp creative property, the design, for a 
>>> body, site not recognized by owasp due to its not fitting the 
>>> existing notions, as is it a project or a chapter? :))
>>>
>>> What you are saying, is two things for me:
>>>
>>> a) owasp.org <http://owasp.org/> has non-attractive design. But 
>>> there is web redesign project under way, so why duplicate design 
>>> efforts?!
>>>
>>> b) When a developer visits owasp.org <http://owasp.org> she (:) sees 
>>> mess, while she probably came with one simple motivation in mind, to 
>>> find Java related appsec advise. And while we spend energies to tell 
>>> dev folks deal with security we make our own advice hardly 
>>> accessible. Only if one does not insist that this page makes Java 
>>> security visible and accessible:
>>> https://www.owasp.org/index.php/Category:Java
>>>
>>> So if jowasp gets successful I propose to kill it in the very moment 
>>> it proves your technology-centric approach right and asap create 
>>> technology-centric web-face and section on owasp.org 
>>> <http://owasp.org> with all the modern technologies, js, java, 
>>> dotnet, scala, argh php, etc. - according to the structure you invent.
>>>
>>> Regards:
>>> timur
>>>
>>>
>>>
>>> On Wed, Aug 27, 2014 at 8:44 PM, Jerry Hoff <jerry at owasp.org 
>>> <mailto:jerry at owasp.org>> wrote:
>>>
>>>     I like it - we need more experimentation like this - the owasp
>>>     wiki style landing page needs some serious overhauling in my
>>>     opinion - would love to see what a pro designer comes up with.
>>>     If the jowasp design is a hit, maybe we can port it over to owasp.
>>>
>>>     My vote would be to do it!
>>>
>>>     Jerry
>>>
>>>
>>>     -- 
>>>     Jerry Hoff
>>>     jerry at owasp.com <mailto:jerry at owasp.com>
>>>     @jerryhoff
>>>
>>>     On Aug 27, 2014, at 21:26, Jim Manico <jim.manico at owasp.org
>>>     <mailto:jim.manico at owasp.org>> wrote:
>>>
>>>>     Duly noted, Jerry. I agree a dot.net <http://dot.net> "version"
>>>>     of OWASP would be a GOOD idea!
>>>>
>>>>     For jowasp.org <http://jowasp.org>, I was planning on using a
>>>>     *very* professional designer to build the site using *OWASP
>>>>     brand rules and style* and POINT to OWASP.org
>>>>     <http://OWASP.org> projects. I intend to copy or fork *nothing*
>>>>     just be a "front page" to help developers get to good Java
>>>>     security developer resources easily. So yea, I would not copy
>>>>     the cheat sheets, just point to them, for example.
>>>>
>>>>     Aloha,
>>>>     Jim
>>>>
>>>>
>>>>
>>>>     On 8/27/14, 11:24 AM, Jerry Hoff wrote:
>>>>>     I would say that OWASP is already largely the java view of application security! We need adotnetwasp.org  <http://dotnetwasp.org>!! :)
>>>>>
>>>>>     Joking aside I think it's a fun idea - almost like a filtered view of OWASP for java folk. Are you going to set up your own web page, or make some auto redirect to a particular page on the OWASP wiki?
>>>>>
>>>>>     Jerry
>>>>>
>>>>>     --
>>>>>     Jerry Hoff
>>>>>     jerry at owasp.com  <mailto:jerry at owasp.com>
>>>>>     @jerryhoff
>>>>>
>>>>>>     On Aug 27, 2014, at 21:11, Jim Manico<jim.manico at owasp.org>  <mailto:jim.manico at owasp.org>  wrote:
>>>>>>
>>>>>>     Leaders,
>>>>>>
>>>>>>     A while ago I registeredjowasp.org  <http://jowasp.org>  with the intention of providing a
>>>>>>     view into OWASP specific to Java developers. I intended to do this is
>>>>>>     a non-commercial way, but I realize that Java is tied to a commercial
>>>>>>     entity fairly tightly.
>>>>>>
>>>>>>     What do you think?
>>>>>>
>>>>>>     Aloha,
>>>>>>     --
>>>>>>     Jim Manico
>>>>>>     @Manicode
>>>>>>     (808) 652-3805
>>>>>>     _______________________________________________
>>>>>>     OWASP-Leaders mailing list
>>>>>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> Email us to enforce secure link with your mail servers (domain).
>>> This message may contain confidential information - you should 
>>> handle it accordingly.
>>> Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140827/3b2b7028/attachment-0001.html>


More information about the OWASP-Leaders mailing list