[Owasp-leaders] Suggestion of better brand guidelines

Larry Conklin larry.conklin at owasp.org
Mon Jun 20 12:48:37 UTC 2016


Is this really an issue that we need to drive time, and money towards? We
have some much publicized cases in the past of abuse of OWASP name and
branding being used by a commercial security vendors. This is not what we
want as a community when we put volunteer hours into something and then
have a commercial enterprise try to make money for themselves. I appreciate
and support not wanting this type of abuse.

My fear is that we are over reacting to brand abuse with a knee jerk
reaction. Yes, we have had complaints. The community and board so far has
been able to resolve these. Now we want more polices, attorneys
involvement, additional overhead and expenses? What will that really give
us? Our focus should always be on Application Security and being an open
organization.

*Don’t fear lack of control. Fear lack of engagement. Lack of engagement is
our greatest weakness. Money and time should go towards projects not more
polices, legal fees, etc.*
If we are not careful we might back ourselves into a corner. The end result
could be a less open organization, more polices, with less money going
towards projects.  In the past been able to resolve branding abuse with
community and board working together.

Open questions to community manager and board.

   1. Does branding, logo's, trademarks registered to OWASP take any
   rights away from project leaders or projects being open source?
   2. How much money is being budgeted for legal, etc fees for branding,
   logo's, and trademarks?

Larry Conklin, CISSP

On Mon, Jun 13, 2016 at 1:55 PM, Dirk Wetter <dirk at owasp.org> wrote:

> BTW, I added my suggestion to the discussion/talk section.
>
>
> https://www.owasp.org/index.php?title=Talk%3AMarketing%2FResources&diff=217765&oldid=210932
>
> Cheers, Dirk
>
> Am 06/06/2016 um 05:33 PM schrieb Dirk Wetter:
> > Hi Liam and all,
> >
> > Am 05/20/2016 um 06:38 PM schrieb Liam Smit:
> >> Hi Dirk
> >>
> >> On Fri, May 20, 2016 at 5:57 PM, Dirk Wetter <dirk at owasp.org <mailto:
> dirk at owasp.org>> wrote:
> >>
> >>
> >>     Am 05/20/2016 um 05:07 PM schrieb johanna curiel curiel:
> >>
> >>
> >> <snip>
> >>
> >>     > Abuses will happen where financial gain is.If putting this logo
> can help me sell...well you bet the first ones happy will be the vendors.
> >>     > Contrast did that with OWASP benchmark publicising OWASP logo
> 'sponsored by' even the DHS logo.
> >>     > https://twitter.com/jctechno/status/672079500033814528
> >>
> >>     Ok, a TM would have helped here maybe.
> >>
> >>
> >>     But in general this is why I think giving away a supporter logo is
> not good either -- the
> >>     only point where we have
> >>     a different stance so far:
> >>
> >>     My firm belief is if you give a away a logo you can't control the
> usage. It's like putting
> >>     a vulnerable
> >>     web application in the internet. Somebody will find and hack/abuse
> it. It also doesn't
> >>     matter if a law is
> >>     saying that it shouldn't been hacked [1]. Same with the logo.
> Giving a logo away is like
> >>     announcing
> >>     a vulnerable web app to all bad guys. So a supporter logo could be
> an invitation to abuse
> >>     (ideas see my first mail).
> >>
> >>     Also I do not understand the point in the first place: Why do we
> want to give a away a
> >>     logo? What's
> >>     our added benefit?
> >>
> >>     Thus I find a very strict logo policy accompanied with a proper TM
> the right thing to do.
> >>     There's
> >>     still potential for abuse but at least you did the best reasonably
> possible..
> >>
> >>     Look at ISACA. You can't use the logo without written consent by
> ISACA.
> >>
> >>
> >> Why don't you put forward a strict logo use policy?
> >>
> >> Obviously it might not be adopted if most people prefer a looser logo
> usage policy but if you
> >> don't put anything forward then I highly doubt anything will come of
> you merely stating your
> >> preference for a strict usage policy.
> >
> > fair enough.
> >
> > Not so many people responded, so I wanted to limit my investment in
> terms of time.
> >
> > Suggestion:
> >
> > --snip
> >
> > The OWASP logo (future: is a trademark and) is the property of the OWASP
> Foundation.
> >
> > * OWASP logos must not be used by individuals or organizations to
> promote commercial products,
> > services, or events such as conferences, courses.
> > * OWASP logos must not be used in a manner that suggests that The OWASP
> Foundation supports,
> > advocates, endorses, or recommends any particular product, services or
> technology.
> > * OWASP logos must not be used in a manner that suggests that a product
> or technology is
> > compliant with any OWASP Materials
> > * OWASP logos must not be used in a manner that suggests that a product
> or technology can
> > enable compliance with any OWASP Materials
> > * OWASP logos may be used by special arrangement with The OWASP
> Foundation. Requests to use
> > OWASP logos should be directed in writing to
> >   <fillinmailaddresshere>. Requests will be evaluated on a case-by-case
> basis by a compliance team.
> > * The special arrangement can be withdrawn by OWASP at any point of time.
> >
> > --snap
> >
> > I was replacing brand by logo. I haven't seen @
> > https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
> > any definition of the term "brand". If that would be clarified we could
> swap that back.
> >
> >
> >
> >
> > Cheers, Dirk
> >
> >
>
> --
> German OWASP Chapter Lead
> Send me encrypted mails (Key ID 0xB818C039)
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160620/8017abc3/attachment.html>


More information about the OWASP-Leaders mailing list