[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Dinis Cruz dinis.cruz at owasp.org
Fri Aug 14 08:04:42 UTC 2015

CCing owasp leaders list in order to get 'feedback' from the community

And Jim come on, owasp is not a Fortune 100 company with high levels of
processes and bureaucracy, the problem is pretty obvious on the
https://twitter.com/davidrook/status/631699570603462656 thread (and a
couple other similar threads)

This is a case of common sense.

The focus of owasp needs to be on application security (for example sharing
knowledge), not in blindly following rules

Yes we need to have rules in place to prevent abuse (in this case vendor
pitches), but if those rules start to affect high value owasp contributors,
then there is something wrong with the rules
On 13 Aug 2015 21:11, "Jim Manico" <jim.manico at owasp.org> wrote:

> > So what happens when the content is not from a 'vendor'
> Our guidelines do not differentiate that right now. So what Paul is doing
> is following the current policy that was created by input from a large
> number of people from our community.
> Dinis, if you think this needs to be changed then I believe your next step
> is to petition the board to change policy. Even better, before talking to
> the board, consider taking this conversation to the governance list and get
> feedback from those members of our community.
> Aloha,
> Jim
> On 8/13/15 9:42 AM, Dinis Cruz wrote:
> So what happens when the content is not from a 'vendor'?
> Which is David's case
> On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org> wrote:
>> Hi Dinis:    I wanted to follow up on your email from yesterday as well
>> as your posting of a "case" or customer service ticket #  06774.   Long
>> answer.....explaining the OWASP position and our actions, and we have
>> communicated this a couple times to the community, but obviously need to do
>> more......
>> *Big Issue* is our effort from the Foundation to "remind and encourage"
>> Chapter leaders to follow the Branding Guidelines, Code of Ethics and
>> Speaker Agreement as defined in the Chapter Leaders Handbook.    The more
>> support we can get from leaders like you and Jim and BoD, then the less
>> 'pushback' we will see from individuals who are uncomfortable being
>> reminded of the policy.
>> 1.  We noticed the adherence to the policy was getting a little weak,
>> based on several examples where policy wasn't followed.  Examples included
>> leaders and past BoD members too.
>> 2.  Once we pointed out the policy, several of the key leaders, like Eoin
>> & now David were "surprised" that we were serious, and actually gave us
>> some push back.
>> 3.  Bottom line, I understand the pushback, but we really "must" ask
>> OWASP Leaders to follow the policy.
>> 4.  As a Charitable, nonprofit organization,* we have an obligation to
>> follow our Code of Conduct* concerning vendor neutrality and
>> non-endorsement of commercial products or services.
>> Our Code of Conduct policies are* well documented and were created by
>> our community*, to provide clarity as we grow globally.  They apply to
>> many areas including Trade organizations, Government bodies, Standards
>> groups and Certifying Bodies.
>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>> 5.  Also, For speakers at events AND at Chapter Meetings, the Speakers
>> agreement does apply, and it is noted in the Chapters Leaders Handbook.
>> Speakers Agreement
>> *CONTENT - Speakers are encouraged to include their contact information
>> when introducing themselves, but may NOT include their logo on any visual
>> and handout materials. Speakers are to avoid any appearance of
>> commercialism in their session and presentations are to be of a technical
>> or solutions emphasis. Further, I understand that the program tracks of the
>> conference/event/chapter are an educational event, not a sales or marketing
>> platform. I agree that my presentation(s) will be an objective review of
>> the topic on which I am presenting, and will not contain any content that
>> is a sales or promotional pitch for any specific product(s) or
>> company(ies). My materials will also be reflective of the current status of
>> the topic(s) I am addressing.*
>> 6.  So, Net, net.   We are reaching out to a number of chapters who have
>> posted presentations to the OWASP wiki that appear to violate our
>> branding rules. All presentations given at chapter meetings or at
>> conferences when representing OWASP, and those posted to wiki pages must be
>> vendor neutral. This includes the content of the presentation as well as
>> the graphics used in the presentation layout.
>> Any non-OWASP branded material, such as a speaker's corporate logo, must
>> be removed from the presentation. Exceptions may exist such as when the
>> context of a slide calls for a logo as an illustration. And, we am happy to
>> review anything that might be questionable.
>> So, @Jim and @Dinis - Is there something we need to do to reach out
>> directly to any individuals like David Rook?
>> Best Regards, Paul Ritchie
>> OWASP Executive Director
>> paul.ritchie at owasp.org
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150814/d214390a/attachment-0001.html>

More information about the OWASP-Leaders mailing list