[Owasp-leaders] next steps

Dirk Wetter dirk at owasp.org
Tue Jun 7 14:32:47 UTC 2016 

Am 06/07/2016 um 06:27 AM schrieb Andy Lewis:
> +1  I strongly agree w/filing for a trademark immediately if we don't already own it.  There
> are strong incentives for filing immediately, and needless penalties for delay.  
> 
> If the plan is to resolve this at AppSec EU in a few weeks, please do so, pay to include one or
> more attorneys, and publish the results. 
> 
> This has been a passionate discussion because we HAVE built a brand that has a good reputation,
> and abuse of that brand by anyone tarnishes the brand and therefore demeans the value of our
> outreach and our efforts.  Let's protect our property, achieve a decision on usage vs abuse,
> and get on with our mission in a way that allows us all to feel good about who we are and what
> we're doing.
> 
> Trademark first, policies second, open and transparent along the way as always please :-)

+1 !!

> @Johanna & Dirk - thanks.  There's a balance available somewhere between outreach & abuse. 
> Thanks for pointing out that we may be out of balance.  I've been volunteering at OWASP in one
> capacity or another for 10 (!) years.  I've been frustrated often, and angered more than once. 
> You are making a difference.  Only you can decide whether it's worth the frustration.  I hope
> you decide it is.


In fact I am often frustrated but mails like this one from you and Johanna's mails compensate
that.
Thx!


Cheers, Dirk

PS: I'll be in Rome, too and happy to continue the conversation.


> On Mon, Jun 6, 2016 at 10:07 AM, Dirk Wetter <dirk at owasp.org <mailto:dirk at owasp.org>> wrote:
> 
> 
> 
>     Hi all and especially global board members,
> 
>     to move forward there are also other steps which need to be done (no sequence suggested):
> 
>     A) Don't know whether anything has been discussed in May's board meeting. The agenda
>        doesn't look like it has been the case.
> 
>        My request to the board: Pls discuss logo usage again at the next board meeting in June.
>        Pls check before who in the global board has used or plans to use the supporter logo. This
>        e.g. https://twitter.com/Proactive_RISK/status/732930631626264576 appears
>        to me like a conflict of interest.
> 
>     B) Before any trademark and good usage guide is established the best would be
>        to pull the supporter logos. It seems to me we're doing the second step before
>        we decided properly on the first. A year to close this gap sounds not at all good
>        to me.
> 
>     C) Let's discuss what the benefit for using an OWASP logo for
>        externals is as opposed to the risk of commercialization of OWASP.
> 
>     D) Consult a lawyer, file for a trademark NOW (wasn't there s.th <http://s.th>. wrt to USPTO?).
> 
>     E) Discuss my/other suggestions of branding guide overhauls
> 
> 
>     Again: This is a basic question of how much vendor involvement we want. Be assured
>     if there are gaps in the guidelines/no-existing trademarks, some vendors will always
>     try to use those gaps. Their agenda is making money and if we do not clearly define our
>     red line others will interpret it in a way they like.
> 
>     I do not want a future where every vendor can use an OWASP supporter or OWASP whatever logo.
> 
>     Thx, Dirk
> 
> 
> 
>     Am 06/06/2016 um 05:33 PM schrieb Dirk Wetter:
>     > Hi Liam and all,
>     >
>     > Am 05/20/2016 um 06:38 PM schrieb Liam Smit:
>     >> Hi Dirk
>     >>
>     >> On Fri, May 20, 2016 at 5:57 PM, Dirk Wetter <dirk at owasp.org <mailto:dirk at owasp.org> <mailto:dirk at owasp.org <mailto:dirk at owasp.org>>> wrote:
>     >>
>     >>
>     >>     Am 05/20/2016 um 05:07 PM schrieb johanna curiel curiel:
>     >>
>     >>
>     >> <snip>
>     >>
>     >>     > Abuses will happen where financial gain is.If putting this logo can help me sell...well you bet the first ones happy will be the vendors.
>     >>     > Contrast did that with OWASP benchmark publicising OWASP logo 'sponsored by' even the DHS logo.
>     >>     > https://twitter.com/jctechno/status/672079500033814528
>     >>
>     >>     Ok, a TM would have helped here maybe.
>     >>
>     >>
>     >>     But in general this is why I think giving away a supporter logo is not good either -- the
>     >>     only point where we have
>     >>     a different stance so far:
>     >>
>     >>     My firm belief is if you give a away a logo you can't control the usage. It's like putting
>     >>     a vulnerable
>     >>     web application in the internet. Somebody will find and hack/abuse it. It also doesn't
>     >>     matter if a law is
>     >>     saying that it shouldn't been hacked [1]. Same with the logo. Giving a logo away is like
>     >>     announcing
>     >>     a vulnerable web app to all bad guys. So a supporter logo could be an invitation to abuse
>     >>     (ideas see my first mail).
>     >>
>     >>     Also I do not understand the point in the first place: Why do we want to give a away a
>     >>     logo? What's
>     >>     our added benefit?
>     >>
>     >>     Thus I find a very strict logo policy accompanied with a proper TM the right thing to do.
>     >>     There's
>     >>     still potential for abuse but at least you did the best reasonably possible..
>     >>
>     >>     Look at ISACA. You can't use the logo without written consent by ISACA.
>     >>
>     >>
>     >> Why don't you put forward a strict logo use policy?
>     >>
>     >> Obviously it might not be adopted if most people prefer a looser logo usage policy but if you
>     >> don't put anything forward then I highly doubt anything will come of you merely stating your
>     >> preference for a strict usage policy.
>     >
>     > fair enough.
>     >
>     > Not so many people responded, so I wanted to limit my investment in terms of time.
>     >
>     > Suggestion:
>     >
>     > --snip
>     >
>     > The OWASP logo (future: is a trademark and) is the property of the OWASP Foundation.
>     >
>     > * OWASP logos must not be used by individuals or organizations to promote commercial products,
>     > services, or events such as conferences, courses.
>     > * OWASP logos must not be used in a manner that suggests that The OWASP Foundation supports,
>     > advocates, endorses, or recommends any particular product, services or technology.
>     > * OWASP logos must not be used in a manner that suggests that a product or technology is
>     > compliant with any OWASP Materials
>     > * OWASP logos must not be used in a manner that suggests that a product or technology can
>     > enable compliance with any OWASP Materials
>     > * OWASP logos may be used by special arrangement with The OWASP Foundation. Requests to use
>     > OWASP logos should be directed in writing to
>     >   <fillinmailaddresshere>. Requests will be evaluated on a case-by-case basis by a compliance team.
>     > * The special arrangement can be withdrawn by OWASP at any point of time.
>     >
>     > --snap
>     >
>     > I was replacing brand by logo. I haven't seen @
>     > https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>     > any definition of the term "brand". If that would be clarified we could swap that back.
>     >
>     >
>     >
>     >
>     > Cheers, Dirk
>     >
>     >
> 
>     --
>     German OWASP Chapter Lead
>     Send me encrypted mails (Key ID 0xB818C039)
> 
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 

-- 
German OWASP Chapter Lead
Send me encrypted mails (Key ID 0xB818C039)

More information about the OWASP-Leaders mailing list