[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Mario Robles mario.robles at owasp.org
Sat Aug 15 02:03:20 UTC 2015


My concern right now is here:

6.  So, Net, net.   We are reaching out to a number of chapters who have
> posted presentations to the OWASP wiki that appear to violate
> our branding rules. All presentations given at chapter meetings or at
> conferences when representing OWASP, and those posted to wiki pages must be
> vendor neutral. This includes the content of the presentation as well as
> the graphics used in the presentation layout.
>
I have a question:
If there is a speaker (not OWASP member) that is willing to share a great
material currently used on other conferences (not OWASP only) then we
should force him | her to change it just because it's OWASP ?

I agree that any sales content should not be included but if it's not the
case then we should welcome supporters instead of provide a sense of
'complicated organization to work with', the next time the speaker can say,
'let me think about it, I'll let you know'

I believe this not the case here:

 "I donate money to a childcare but I will take a chair as a souvenir"
>>
>>
Logos in ppts are not tangible things nor cost any money to OWASP, in my
view is:

"I donate money to a childcare and this logo means there is a group of
people behind me that support this cause too"

Things to do is for the board to discuss or let the community speak using a
voting system ( if no legal or any other concerns prevent that from
happening ), if Governance List should be included then just forwarding
this thread to them will suffice right ?

Sorry I know it's Friday night

Great weekend to all

Just my two cents

$('Mario')
# Please excuse any typos as this was sent from a mobile device (also
English is not my primary language)

El 14/8/2015, a las 2:29 p.m., Eoin Keary <eoin.keary at owasp.org> escribió:

Thanks Josh for your consideration.


Eoin Keary
OWASP Volunteer
@eoinkeary



On 14 Aug 2015, at 20:56, Josh Sokol <josh.sokol at owasp.org> wrote:

Definitely something to think about.  I agree the current system appears to
be broken.  That's why I suggested a committee be formed to see if there is
a more ideal way to handle it.  It's clear to me that the OWASP Foundation
would not exist in it's current state without some level of vendor
sponsorship so I am very grateful for that.  I think that they should be
acknowledged in some way for their support.  But there is a line as to the
extent of the affect that has on our derivatives.  My suggestion was for a
committee made up of both sides to see if they could determine where that
line should be.

~josh

On Fri, Aug 14, 2015 at 2:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> All vendors are equal assuming they have the $$$$
> Got it.
>
> -just stirring the pot here.
>
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
> On 14 Aug 2015, at 19:50, Jim Manico <jim.manico at owasp.org> wrote:
>
> For a fee •any vendor• can sponsor a project. The "any vendor" part is
> what provides the vendor neutrality, ey?
>
> Aloha,
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>
> On Aug 14, 2015, at 8:30 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
> Hi Josh,
> Vendor neutral great, but for a fee you can sponsor a project and have
> your logo on it.
> :)
>
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
> On 14 Aug 2015, at 16:22, Josh Sokol <josh.sokol at owasp.org> wrote:
>
> I think I see both sides of this pretty well.  On one hand, you have
> people contributing to the Foundation either through their work efforts or
> with money and some recognition for their contributions is definitely
> deserved.  On the other hand, vendor neutrality is a key part of OWASP's
> mission so that the community can get unbiased content from a trusted
> source.  There is no clear and easy answer, however.  What I would like to
> propose is that those representing both sides of this critical issue form a
> new committee to discuss OWASP branding policies and procedures and
> ultimately generate a revised policy that hopefully addresses these
> issues.  Our policies as they are today suggest that we err on the side of
> vendor neutrality and the staff is only enforcing those policies that have
> been laid out before them.  Please do not fault them for that.  Instead of
> complaining about the policies that exist, it would be far more beneficial
> for those involved in this discussion to put those efforts into coming up
> with a compromise that ideally addresses the concerns of everybody in a
> vendor neutral way.  Some ideas off the top of my head:
>
>    - Clear labeling of the contribution and what was received for the
>    contribution in the spirit of transparency.
>    - Disclaimers on any page with a corporate logo that OWASP does not
>    endorse the vendor/product.
>    - Descriptions of what types of logos are appropriate, sizes,
>    locations, etc.
>
> Attribution is a good thing.  It encourages more participation by
> rewarding those who put in the efforts.  Vendor neutrality is a good
> thing.  It is the reason why the community trusts OWASP for tools and
> documents.  Let's find the common ground and create a policy that finds the
> right balance between the two.
>
> ~josh
>
> On Fri, Aug 14, 2015 at 9:47 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> It's not about time.....
>> It's about the sea of red tape, focus on bullsh1t like updating policy
>> documents, chasing people over email footers or logos on slides and the
>> reason OWASP was formed was to fix software security. I'm not seeing so
>> much of the software security aspect anymore.
>> I love what OWASP stands for, many of the board I have vast amounts of
>> respect for but the amount of energy and time consumed on stuff that simply
>> has no impact if he state of software security is astounding. It's like the
>> UN, lots of bark but little bite.
>>
>> Respect
>>
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>>
>>
>>
>> On 14 Aug 2015, at 15:03, Azeddine Islam Mennouchi <
>> azeddine.mennouchi at owasp.org> wrote:
>>
>> Johanna,
>> what you are saying is almost like Saying : "I donate money to a
>> childcare but I will take a chair as a souvenir" (if everyone took
>> something from the childcare the donation will have no value)
>> if you don't have the time to volunteer just don't it is as simple as this
>> let's not redefine the Volunteering concept here please
>>
>> Regards Islam,
>>
>> On Fri, Aug 14, 2015 at 6:54 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>> I'm behind you 100%
>>> I received a negative email after delivering a free class to 80 people
>>> and raising €3k for Owasp. All time and slides donated by me.
>>> I posted the slides to an alternative site after.
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 14 Aug 2015, at 13:14, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>> I just think the whole logo and branding rule are hypocritical rules.
>>>
>>> When OWASP does a conference, logos from sponsors can be placed loud and
>>> clear on the APPSEC page. Is that vendor neutral?
>>>
>>> When a speaker that gets no money and no coverage for his/her traveling
>>> cost does the same on their slides then 'we are non-profit' and cannot be
>>> done.,,
>>>
>>>  The sole purpose of OWASP events is to pay operations but operations is
>>> not the mission of owasp right?
>>>
>>> Keep the core mission insight. I don't care which logo is displaying or
>>> not on those slides as long as the content is valuable and the speaker is
>>> worth of listening.
>>>
>>> If OWASP wants no logos and has all these rules then I think , pay the
>>> speaker & his time to set that presentation in that format.
>>>
>>> Sometimes volunteers are treated like we should be happy we work for
>>> nothing.
>>>
>>> We should be happy to have Dave Rook present for free and not the other
>>> way around and explain that awesome experience implementing security where
>>> he is working. Love those slides they rock & they are cool.A lot of time
>>> when into making those slides and we should respect that.
>>>
>>> Volunteers have bills to pay and mouths too feed too.
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>>
>>>
>>> On Fri, Aug 14, 2015 at 7:25 AM, Tom Brennan <tomb at proactiverisk.com>
>>> wrote:
>>>
>>>> AppSecUSA should have sessions for collaboration of people on top
>>>> issues of projects, chapters and events.  in addition to fantastic
>>>> presentations as always.  Blog posts like this should be reviewed as they
>>>> have merit and I support covering a honorarium for speakers as they are the
>>>> product.
>>>>
>>>> http://www.alba13.com/2014/10/free-its-just-costing-too-much.html?m=1
>>>>
>>>> As well as top community issues that are bubbling up not always
>>>> addressed at the monthly board meetings.
>>>>
>>>> I submitted my recommendations for  several sessions for the community
>>>> evolution aspect of the global event including these and by who... I hope
>>>> some of these suggestions are incorporated and resonate with leaders to
>>>> attend.
>>>>
>>>>  *#1 OWASP State of the Union (30)*
>>>> * Paul CEO / Board of Directors
>>>> - State of the Union address and kickoff - Annual report and YTD update
>>>> - Mission, Metrics and Finances
>>>> - kick off the event hand off to conference staffer (Laura) and
>>>> conference chair (Michael)
>>>>
>>>> *AppSecUSA leader workshops *- join us for a important updates, debate
>>>> and collaboration for FUTURE and current leadership of OWASP members. If
>>>> you want to unlock valuable information don't miss these (3) sessions
>>>>
>>>> ** record these sessions video and get them online for the world to see
>>>> and listen to just like any other session.
>>>>
>>>>
>>>> *How to start or grow a OWASP Chapter in your region (45 mins)*
>>>> * Paul, Noreen, Kelly
>>>> - metrics that matter
>>>> - requirements defined 15 mins
>>>> - tips form out chapter leaders (panel) 30 mins
>>>> -- growing attendance
>>>> -- vendor relationships/sponsors
>>>> -- regional events
>>>> -- how OWASP employees help
>>>> -- money in/out other
>>>> -- secrets to success
>>>> -- WASPY awards
>>>>
>>>> *2016 services and resources for OWASP chapter and project leaders
>>>> (45mins)*
>>>> * Paul, Noreen, Claudia
>>>> -- metrics that matter
>>>> -- annual report review
>>>> -- general membership
>>>> -- projects
>>>> -- chapters
>>>> --WASPY awards
>>>> -- what can we do better discussion
>>>>
>>>> *2016 + Summits Conferences Events (45 mins)*
>>>> ** Laura, Noreen, Claudia, Kelly
>>>> -- metrics that matter
>>>> -- motivation why do it?
>>>> -- the new definition(s), money splits etc.
>>>> -- expectations and current policy
>>>> -- resources (budgets, templates, process) review of successful and
>>>> failure events
>>>> -- WASPY awards
>>>>
>>>> The organization is an interesting position for evolution.  With
>>>> professional discussion and debate we can set the agenda moving forward
>>>> with swift adjustments where needed by rough consensus.
>>>>
>>>> Tom Brennan
>>>> 9732020122
>>>>
>>>> Need to book a meeting for a new or existing project?
>>>> http://www.proactiverisk.com/book-meeting/
>>>>
>>>>
>>>> On Aug 14, 2015, at 6:36 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>>>>
>>>> Sorry if I gave the impression that this is urgent, it is not
>>>>
>>>> I'm just trying to raise a concern that was raised to me
>>>> On 14 Aug 2015 10:36, "Jim Manico" <jim.manico at owasp.org> wrote:
>>>>
>>>>> Dinis,
>>>>>
>>>>> Two points.
>>>>>
>>>>> 1) Mr Rook is on vacation. I do not agree with your sense of urgency.
>>>>> We hired a full time staff, lets please use them first as opposed to heated
>>>>> conversations over Twitter.
>>>>>
>>>>> 2) Dinis, I am just one of several board members. Please just email
>>>>> the board list if you think this is a board level issue (as opposed to just
>>>>> calling me out over Twitter, I am just one board member).
>>>>>
>>>>> So Dinis, I asked you politely to first talk to staff about this, and
>>>>> if you did not find that satisfactory, then to email the board list so the
>>>>> full board can weigh in.
>>>>>
>>>>> And I suggested these things to minimize stress and get more
>>>>> leadership to look at this - as opposed to having a Twitter argument over
>>>>> this.
>>>>>
>>>>> Dinis, I am trying to take the adult and calm path here. Please join
>>>>> me in that pursuit.
>>>>>
>>>>> Aloha,
>>>>> Jim
>>>>>
>>>>>
>>>>>
>>>>> On 8/13/15 10:04 PM, Dinis Cruz wrote:
>>>>>
>>>>> CCing owasp leaders list in order to get 'feedback' from the community
>>>>>
>>>>> And Jim come on, owasp is not a Fortune 100 company with high levels
>>>>> of processes and bureaucracy, the problem is pretty obvious on the
>>>>> https://twitter.com/davidrook/status/631699570603462656 thread (and a
>>>>> couple other similar threads)
>>>>>
>>>>> This is a case of common sense.
>>>>>
>>>>> The focus of owasp needs to be on application security (for example
>>>>> sharing knowledge), not in blindly following rules
>>>>>
>>>>> Yes we need to have rules in place to prevent abuse (in this case
>>>>> vendor pitches), but if those rules start to affect high value owasp
>>>>> contributors, then there is something wrong with the rules
>>>>> On 13 Aug 2015 21:11, "Jim Manico" < <jim.manico at owasp.org>
>>>>> jim.manico at owasp.org> wrote:
>>>>>
>>>>>> > So what happens when the content is not from a 'vendor'
>>>>>>
>>>>>> Our guidelines do not differentiate that right now. So what Paul is
>>>>>> doing is following the current policy that was created by input from a
>>>>>> large number of people from our community.
>>>>>>
>>>>>> Dinis, if you think this needs to be changed then I believe your next
>>>>>> step is to petition the board to change policy. Even better, before talking
>>>>>> to the board, consider taking this conversation to the governance list and
>>>>>> get feedback from those members of our community.
>>>>>>
>>>>>> Aloha,
>>>>>> Jim
>>>>>>
>>>>>> On 8/13/15 9:42 AM, Dinis Cruz wrote:
>>>>>>
>>>>>> So what happens when the content is not from a 'vendor'?
>>>>>>
>>>>>> Which is David's case
>>>>>> On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org> wrote:
>>>>>>
>>>>>>> Hi Dinis:    I wanted to follow up on your email from yesterday as
>>>>>>> well as your posting of a "case" or customer service ticket #  06774.
>>>>>>> Long answer.....explaining the OWASP position and our actions, and we have
>>>>>>> communicated this a couple times to the community, but obviously need to do
>>>>>>> more......
>>>>>>>
>>>>>>> *Big Issue* is our effort from the Foundation to "remind and
>>>>>>> encourage" Chapter leaders to follow the Branding Guidelines, Code of
>>>>>>> Ethics and Speaker Agreement as defined in the Chapter Leaders Handbook.
>>>>>>>  The more support we can get from leaders like you and Jim and BoD, then
>>>>>>> the less 'pushback' we will see from individuals who are uncomfortable
>>>>>>> being reminded of the policy.
>>>>>>>
>>>>>>> 1.  We noticed the adherence to the policy was getting a little
>>>>>>> weak, based on several examples where policy wasn't followed.  Examples
>>>>>>> included leaders and past BoD members too.
>>>>>>>
>>>>>>> 2.  Once we pointed out the policy, several of the key leaders, like
>>>>>>> Eoin & now David were "surprised" that we were serious, and actually gave
>>>>>>> us some push back.
>>>>>>>
>>>>>>> 3.  Bottom line, I understand the pushback, but we really "must" ask
>>>>>>> OWASP Leaders to follow the policy.
>>>>>>>
>>>>>>> 4.  As a Charitable, nonprofit organization,* we have an obligation
>>>>>>> to follow our Code of Conduct* concerning vendor neutrality and
>>>>>>> non-endorsement of commercial products or services.
>>>>>>>
>>>>>>> Our Code of Conduct policies are* well documented and were created
>>>>>>> by our community*, to provide clarity as we grow globally.  They
>>>>>>> apply to many areas including Trade organizations, Government bodies,
>>>>>>> Standards groups and Certifying Bodies.
>>>>>>>
>>>>>>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>>>>>>
>>>>>>> 5.  Also, For speakers at events AND at Chapter Meetings, the
>>>>>>> Speakers agreement does apply, and it is noted in the Chapters Leaders
>>>>>>> Handbook.
>>>>>>>
>>>>>>> Speakers Agreement
>>>>>>> *CONTENT - Speakers are encouraged to include their contact
>>>>>>> information when introducing themselves, but may NOT include their logo on
>>>>>>> any visual and handout materials. Speakers are to avoid any appearance of
>>>>>>> commercialism in their session and presentations are to be of a technical
>>>>>>> or solutions emphasis. Further, I understand that the program tracks of the
>>>>>>> conference/event/chapter are an educational event, not a sales or marketing
>>>>>>> platform. I agree that my presentation(s) will be an objective review of
>>>>>>> the topic on which I am presenting, and will not contain any content that
>>>>>>> is a sales or promotional pitch for any specific product(s) or
>>>>>>> company(ies). My materials will also be reflective of the current status of
>>>>>>> the topic(s) I am addressing.*
>>>>>>>
>>>>>>> 6.  So, Net, net.   We are reaching out to a number of chapters who
>>>>>>> have posted presentations to the OWASP wiki that appear to violate our
>>>>>>> branding rules. All presentations given at chapter meetings or at
>>>>>>> conferences when representing OWASP, and those posted to wiki pages must be
>>>>>>> vendor neutral. This includes the content of the presentation as well as
>>>>>>> the graphics used in the presentation layout.
>>>>>>>
>>>>>>> Any non-OWASP branded material, such as a speaker's corporate logo,
>>>>>>> must be removed from the presentation. Exceptions may exist such as
>>>>>>> when the context of a slide calls for a logo as an illustration. And, we am
>>>>>>> happy to review anything that might be questionable.
>>>>>>>
>>>>>>> So, @Jim and @Dinis - Is there something we need to do to reach out
>>>>>>> directly to any individuals like David Rook?
>>>>>>>
>>>>>>> Best Regards, Paul Ritchie
>>>>>>> OWASP Executive Director
>>>>>>> paul.ritchie at owasp.org
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Jim Manico
>>>>>> Global Board Member
>>>>>> OWASP Foundationhttps://www.owasp.org
>>>>>> Join me at AppSecUSA 2015!
>>>>>>
>>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> Global Board Member
>>>>> OWASP Foundationhttps://www.owasp.org
>>>>> Join me at AppSecUSA 2015!
>>>>>
>>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost, destroyed,
>>>> arrive late or incomplete, or contain viruses. The sender therefore does
>>>> not accept liability for any errors or omissions in the contents of this
>>>> message, which arise as a result of e-mail transmission. No employee
>>>> or agent is authorized to conclude any binding agreement on behalf of
>>>> ProactiveRISK with another party by email.
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Islam Azeddine Mennouchi
>> Consultant at ITS
>> http://www.infotoolssolutions.dz/
>> OWASP ALGERIA Chapter Leader
>> phone n°: +213658227651
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150814/ceaf57ff/attachment-0001.html>


More information about the OWASP-Leaders mailing list