[Owasp-leaders] New supporter logos

johanna curiel curiel johanna.curiel at owasp.org
Thu May 19 14:03:10 UTC 2016


>>Every new thing that OWASP tries doesn’t need to be wrap in a blanket of
doom and gloom.

Welcome to my world ;-). Have you any idea how often I launch ideas that
have been crushed by others in here, forgetting I'm just a  volunteer?
Well, some people have valid point other don't. We have too keep moving fwd.

My point is not against the logo. I support the logo.

Is just that we launch this without having done the homework and legal
framework. What is the rush? We could have wait a little more and avoid
headaches. No one consult this properly.

I think if you have been following Dirk's activities, he is tired of
preaching and not being heard, I have very often the same feeling too.

Cheers

Johanna


On Thu, May 19, 2016 at 8:49 AM, Larry Conklin <larry.conklin at owasp.org>
wrote:

> Johanna, I have to respectfully disagree. Yes, TM issues do exist. But
> that said I believe the issue is at times as a community we focus way too
> much of our time and effort on the downside of anything new or different.
> Bullet proof TM policies or not doesn’t prevent anyone from abusing our
> logos.  The same issue is for ISC(2) which has badges. Coke Cola, Xerox,
> Kleenex have the strongest brands worldwide, with a huge cash pile and
> lawyers to protect them. They are also in some form of ligation everyday
> with people trying to abuse or encroach on their bands. Yes that is wrong
> but it’s not every going to prevent someone from trying. Isn’t the saying
> “imitation is the greatest complement”.
>
> Also we as leaders did to be much more proactive. OWASP badges were no
> secret. We knew they were coming. We even had a debate on the logo style.
>
> My points is still valid IMHO. We need to step back and breathe. Every new
> thing that OWASP tries doesn’t need to be wrap in a blanket of doom and
> gloom. Yes there is lots of things and need to change, things that need to
> be fixed. As a large community everyone is not going to work on everyone
> else’s priority projects and nothing is ever going to be perfect.
>
> Second we as leaders to be more proactive, we need to have much more
> active discussion before an event and not afterwards. And we don’t need to
> address everything as if the world is falling down around us.
>
> I apologize if your email and Dirk’s was not in that tone but that is how
> it came across to me.
> Larry Conklin
>
> On Wed, May 18, 2016 at 9:08 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> me too
>>
>> Hi Larry,
>>
>> The problem is not the supporter logo.
>>
>> The issue is the lack of a TM and the lack of policies around the use of
>> it, that can trigger brand abuses.
>>
>> I just asked my husband who is a lawyer and his opinion was that this
>> should have been done BEFORE not AFTER the launch.However is not too late
>> to provide a legal frameworks and policies around it but is going to cost
>> money to find out.
>>
>> >>However, a major policy change will not likely occur before we've
>> really thought this through and had some legal advice
>> Exactly. I though this was going to be launched when  this was defined
>> properly.
>>
>> regards
>>
>> On Wed, May 18, 2016 at 8:51 PM, Larry Conklin <larry.conklin at owasp.org>
>> wrote:
>>
>>> Not sure why but I got a message saying my original email failed.
>>>
>>> I think we need a new badge for doom and gloom. lol. Come on folks. We
>>> are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>> what OWASP has accomplish in the AppSec world.
>>>
>>> Why wouldn't we want to show some love? This isn't something new but it
>>> is an emerging marketing tool. Today besides having an OWASP badge and can
>>> get a badge from ISC(2) for my CISSP certification.
>>>
>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by using a
>>> badge. only thing I would be doing is showing my support in a visible way.
>>> Oh yes I can also get a badge for Linux Foundation CII.
>>>
>>> Yes we could have a debate if badges really provide or increase
>>> motivation or increase marketing. That would be a good debate. But I
>>> haven't read one thing that says badges decrease a brand.
>>>
>>> Who is really at fault. it's not like no one didn't see this coming.
>>> Dirk and Johanna your voice would have been much better at the beginning of
>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>> breath. If you don't like the badge don't use it.
>>>
>>> Larry Conklin
>>>
>>> On Wed, May 18, 2016 at 8:40 PM, Larry Conklin <larry.conklin at owasp.org>
>>> wrote:
>>>
>>>> I think we need a new badge for doom and gloom. lol. Come on folks. We
>>>> are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>>> what OWASP has accomplish in the AppSec world.
>>>>
>>>> Why wouldn't we want to show some love? This isn't something new but it
>>>> is an emerging marketing tool. Today besides having an OWASP badge and can
>>>> get a badge from ISC(2) for my CISSP certification.
>>>>
>>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by using
>>>> a badge. only thing I would be doing is showing my support in a visible
>>>> way. Oh yes I can also get a badge for Linux Foundation CII.
>>>>
>>>> Yes we could have a debate if badges really provide or increase
>>>> motivation or increase marketing. That would be a good debate. But I
>>>> haven't read one thing that says badges decrease a brand.
>>>>
>>>> Who is really at fault. it's not like no one didn't see this coming.
>>>> Dirk and Johanna your voice would have been much better at the beginning of
>>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>>> breath. If you don't like the badge don't use it.
>>>>
>>>> Larry Conklin
>>>>
>>>>
>>>> On Wed, May 18, 2016 at 7:12 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> >>To make this clear: I will rather swallow my keyboard instead of
>>>>> doing this. In fact I am trying to fight those cases but to me it
>>>>> seems that either nobody is listening or OWASP became a vendor driven
>>>>> organization.
>>>>>
>>>>> I share Dirk's concerns.
>>>>>
>>>>> This new supporter logo can cause more brand abuses because the uses
>>>>> of it  has not being properly defined.
>>>>>
>>>>> So far is a free for all, like Dirk said. This does not have yet a TM
>>>>> on it and it should have it first before going to promote it . Also specify
>>>>> in which cases can be used. Now it can be completely abused without OWASP
>>>>> being able to have any legal framework to avoid this.
>>>>>
>>>>>  If anyone is following social media,  rumour has it OWASP is a vendor
>>>>> ground.
>>>>>
>>>>> I think I'm an OWASP supporter, I'm not benefiting financially on
>>>>> (ab)using the OWASP name cause in my country people even has no idea what
>>>>> OWASP is.  I assume those in US and EU can be more interest in (ab)use it.
>>>>>
>>>>> The problem is that it misleads people into think that OWASP has an
>>>>> 'approval seal' on anything a vendor or individual does.
>>>>>
>>>>> Are we promoting more our 'vendor neutrality' with this? I don't think
>>>>> so.
>>>>>
>>>>> Now is a free for all. Good luck checking abuses. No legal framework
>>>>> right now for control.
>>>>>
>>>>>
>>>>> On Wed, May 18, 2016 at 6:41 PM, Dirk Wetter <dirk at owasp.org> wrote:
>>>>>
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I am not often writing to the leaders list. Time has come though to
>>>>>> share concerns with you.
>>>>>>
>>>>>> My trigger is the new supporter logo "strategy" which became public
>>>>>> today:
>>>>>> https://twitter.com/owasp/status/732921073025572864
>>>>>>
>>>>>> I considered the OWASP logo as our core value. I represents OWASP's
>>>>>> good
>>>>>> standing. Lot of people in the community contributed to build up our
>>>>>> reputation
>>>>>> and -- as a consequence -- to our brand. That is good. Most of the
>>>>>> contributors
>>>>>> were altruistic. That's how I understand Open Source.
>>>>>>
>>>>>> Now it looks to me we are giving our good standing away instead of
>>>>>> putting strong controls
>>>>>> at it. First question: Why do we need to do this? Is this because we
>>>>>> feel the need to
>>>>>> get more people to OWASP and we are somehow blindfolded not able to
>>>>>> look at the consequences of a logo distribution? Or are there the
>>>>>> commercial interests ruling here?
>>>>>>
>>>>>>
>>>>>> Worse: the branding guide  (
>>>>>> https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>>>>>> )
>>>>>> is more or less still the same. I had some discussions warning that
>>>>>> we should fix the bugs in the branding guide
>>>>>> first before doing this. Heck, we don't even have a trademark policy
>>>>>> yet, no legal constraint [1]
>>>>>>
>>>>>> This is quite the opposite as the speaker agreement -- by the way.
>>>>>>
>>>>>>
>>>>>> To go into detail (attention, sarcasm)
>>>>>> ============================
>>>>>>
>>>>>> 5. The OWASP Brand may be used in association with an application
>>>>>> security assessment only if a complete and detailed methodology, sufficient
>>>>>> to reproduce the results, is disclosed.
>>>>>>
>>>>>> ==> Cool, OWASP allows me to put their logo on my pentests. That
>>>>>> certainly sounds good for my costumers also if I
>>>>>>   present BS to him (well, if I care, I could describe the complete
>>>>>> and detailed methodology -- but who cares! Nobody
>>>>>>   can control it as my costumer will certainly has no interest to
>>>>>> publish my report with his bugs)
>>>>>>
>>>>>> BTW: This could also be applied for tools.
>>>>>>
>>>>>>
>>>>>> 3. The OWASP Brand may be used by OWASP Members in good standing to
>>>>>> acknowledge a person's involvement in or a company's support of OWASP.
>>>>>>
>>>>>> ==> C00l. I edit the wiki, change a letter and I can use the OWASP
>>>>>> brand on my website to promote my business.
>>>>>>        Or I write a mail to the leaders list. Heck, in fact, as I am
>>>>>> on this list, I made it and can use the OWASP logo everywhere!!!
>>>>>>
>>>>>> BTW: If a local chapter has corporate sponsorships like the global
>>>>>> ones, vendor XYZ purchases this sponsorship
>>>>>> for ten bucks, getting a logo in return and next exhibition he puts
>>>>>> this as a sticker to his WAF. W00t!
>>>>>>
>>>>>>
>>>>>> 1. The OWASP Brand may be used to direct people to the OWASP website
>>>>>> for information about application security.
>>>>>> 2. The OWASP Brand may be used in commentary about the materials
>>>>>> found on the OWASP website.
>>>>>>
>>>>>> ==> 1337! I can still use the logo on my commercial web site. My idea
>>>>>> is here is to sell a service or a product. But
>>>>>>        if anyone reads it of course I will argue that I only intended
>>>>>> to point to OWASP.
>>>>>>
>>>>>>
>>>>>> Hopefully you got the message without feeling offended.
>>>>>>
>>>>>> To make this clear: I will rather swallow my keyboard instead of
>>>>>> doing this. In fact I am trying to fight those
>>>>>> cases but to me it seems that either nobody is listening or OWASP
>>>>>> became a vendor driven organization.
>>>>>>
>>>>>>
>>>>>> As a consequence I am afraid if we don't agree on a strong logo /
>>>>>> trademark policy we are commercializing more and more.
>>>>>> Where is "my OWASP" I used to love?
>>>>>>
>>>>>>
>>>>>> Dirk
>>>>>>
>>>>>>
>>>>>>
>>>>>> [1] Even ISACA has stronger usage rules of their brand (not talking
>>>>>> about materials!):
>>>>>>
>>>>>> http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> German OWASP Chapter Lead
>>>>>> Send me encrypted mails (Key ID 0xB818C039)
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Johanna Curiel
>>>>> OWASP Volunteer
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160519/dd0bec91/attachment-0001.html>


More information about the OWASP-Leaders mailing list