[Owasp-leaders] New supporter logos

johanna curiel curiel johanna.curiel at owasp.org
Thu May 19 16:02:27 UTC 2016


This discussion is not new
http://lists.owasp.org/pipermail/owasp-board/2014-December/014774.html

By then it was clear this should have been implemented with a TradeMark and
policies around its use.

I voted to use the logo in this way, which is the responsible way to it.

I trusted this was going to be implemented this way.

In the end, is not my final responsibility handling cases. I assume that
the board  and management of OWASP will have to deal with that.

Regards

Johanna





On Thu, May 19, 2016 at 10:22 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >>Secondary, I strongly agree with Larry that OWASP leaders may want to
> stick to more formal tone in written communication.
>
> Thats another issue. We do not have a 'formal' way to do things but
> mailing list....
>
> A good idea to consider is to formalise when people do not agree.
>
>
>
> On Thu, May 19, 2016 at 10:20 AM, Elizabeth Belousov <
> elizabeth.belousov at owasp.org> wrote:
>
>> I believe we all voted on the logo in April. At least all leaders were
>> offered to vote.
>> Secondary, I strongly agree with Larry that OWASP leaders may want to
>> stick to more formal tone in written communication.
>>
>>
>> ----------
>> Regards,
>>
>> *Liz Belousov*
>> Volunteer* | *OWASP Foundation
>> NYC chapter
>>  [image:
>> https://www.linkedin.com/profile/public-profile-settings?trk=prof-edit-edit-public_profile]
>> <https://www.linkedin.com/profile/public-profile-settings?trk=prof-edit-edit-public_profile>
>>
>> On May 19, 2016, at 10:03, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>> >>Every new thing that OWASP tries doesn’t need to be wrap in a blanket
>> of doom and gloom.
>>
>> Welcome to my world ;-). Have you any idea how often I launch ideas that
>> have been crushed by others in here, forgetting I'm just a  volunteer?
>> Well, some people have valid point other don't. We have too keep moving fwd.
>>
>> My point is not against the logo. I support the logo.
>>
>> Is just that we launch this without having done the homework and legal
>> framework. What is the rush? We could have wait a little more and avoid
>> headaches. No one consult this properly.
>>
>> I think if you have been following Dirk's activities, he is tired of
>> preaching and not being heard, I have very often the same feeling too.
>>
>> Cheers
>>
>> Johanna
>>
>>
>> On Thu, May 19, 2016 at 8:49 AM, Larry Conklin <larry.conklin at owasp.org>
>> wrote:
>>
>>> Johanna, I have to respectfully disagree. Yes, TM issues do exist. But
>>> that said I believe the issue is at times as a community we focus way too
>>> much of our time and effort on the downside of anything new or different.
>>> Bullet proof TM policies or not doesn’t prevent anyone from abusing our
>>> logos.  The same issue is for ISC(2) which has badges. Coke Cola,
>>> Xerox, Kleenex have the strongest brands worldwide, with a huge cash pile
>>> and lawyers to protect them. They are also in some form of ligation
>>> everyday with people trying to abuse or encroach on their bands. Yes that
>>> is wrong but it’s not every going to prevent someone from trying. Isn’t the
>>> saying “imitation is the greatest complement”.
>>>
>>> Also we as leaders did to be much more proactive. OWASP badges were no
>>> secret. We knew they were coming. We even had a debate on the logo style.
>>>
>>> My points is still valid IMHO. We need to step back and breathe. Every
>>> new thing that OWASP tries doesn’t need to be wrap in a blanket of doom and
>>> gloom. Yes there is lots of things and need to change, things that need to
>>> be fixed. As a large community everyone is not going to work on everyone
>>> else’s priority projects and nothing is ever going to be perfect.
>>>
>>> Second we as leaders to be more proactive, we need to have much more
>>> active discussion before an event and not afterwards. And we don’t need to
>>> address everything as if the world is falling down around us.
>>>
>>> I apologize if your email and Dirk’s was not in that tone but that is
>>> how it came across to me.
>>> Larry Conklin
>>>
>>> On Wed, May 18, 2016 at 9:08 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> me too
>>>>
>>>> Hi Larry,
>>>>
>>>> The problem is not the supporter logo.
>>>>
>>>> The issue is the lack of a TM and the lack of policies around the use
>>>> of it, that can trigger brand abuses.
>>>>
>>>> I just asked my husband who is a lawyer and his opinion was that this
>>>> should have been done BEFORE not AFTER the launch.However is not too late
>>>> to provide a legal frameworks and policies around it but is going to cost
>>>> money to find out.
>>>>
>>>> >>However, a major policy change will not likely occur before we've
>>>> really thought this through and had some legal advice
>>>> Exactly. I though this was going to be launched when  this was defined
>>>> properly.
>>>>
>>>> regards
>>>>
>>>> On Wed, May 18, 2016 at 8:51 PM, Larry Conklin <larry.conklin at owasp.org
>>>> > wrote:
>>>>
>>>>> Not sure why but I got a message saying my original email failed.
>>>>>
>>>>> I think we need a new badge for doom and gloom. lol. Come on folks. We
>>>>> are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>>>> what OWASP has accomplish in the AppSec world.
>>>>>
>>>>> Why wouldn't we want to show some love? This isn't something new but
>>>>> it is an emerging marketing tool. Today besides having an OWASP badge and
>>>>> can get a badge from ISC(2) for my CISSP certification.
>>>>>
>>>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by using
>>>>> a badge. only thing I would be doing is showing my support in a visible
>>>>> way. Oh yes I can also get a badge for Linux Foundation CII.
>>>>>
>>>>> Yes we could have a debate if badges really provide or increase
>>>>> motivation or increase marketing. That would be a good debate. But I
>>>>> haven't read one thing that says badges decrease a brand.
>>>>>
>>>>> Who is really at fault. it's not like no one didn't see this coming.
>>>>> Dirk and Johanna your voice would have been much better at the beginning of
>>>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>>>> breath. If you don't like the badge don't use it.
>>>>>
>>>>> Larry Conklin
>>>>>
>>>>> On Wed, May 18, 2016 at 8:40 PM, Larry Conklin <
>>>>> larry.conklin at owasp.org> wrote:
>>>>>
>>>>>> I think we need a new badge for doom and gloom. lol. Come on folks.
>>>>>> We are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>>>>> what OWASP has accomplish in the AppSec world.
>>>>>>
>>>>>> Why wouldn't we want to show some love? This isn't something new but
>>>>>> it is an emerging marketing tool. Today besides having an OWASP badge and
>>>>>> can get a badge from ISC(2) for my CISSP certification.
>>>>>>
>>>>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by
>>>>>> using a badge. only thing I would be doing is showing my support in a
>>>>>> visible way. Oh yes I can also get a badge for Linux Foundation CII.
>>>>>>
>>>>>> Yes we could have a debate if badges really provide or increase
>>>>>> motivation or increase marketing. That would be a good debate. But I
>>>>>> haven't read one thing that says badges decrease a brand.
>>>>>>
>>>>>> Who is really at fault. it's not like no one didn't see this coming.
>>>>>> Dirk and Johanna your voice would have been much better at the beginning of
>>>>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>>>>> breath. If you don't like the badge don't use it.
>>>>>>
>>>>>> Larry Conklin
>>>>>>
>>>>>>
>>>>>> On Wed, May 18, 2016 at 7:12 PM, johanna curiel curiel <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>
>>>>>>> >>To make this clear: I will rather swallow my keyboard instead of
>>>>>>> doing this. In fact I am trying to fight those cases but to me it
>>>>>>> seems that either nobody is listening or OWASP became a vendor driven
>>>>>>> organization.
>>>>>>>
>>>>>>> I share Dirk's concerns.
>>>>>>>
>>>>>>> This new supporter logo can cause more brand abuses because the uses
>>>>>>> of it  has not being properly defined.
>>>>>>>
>>>>>>> So far is a free for all, like Dirk said. This does not have yet a
>>>>>>> TM on it and it should have it first before going to promote it . Also
>>>>>>> specify in which cases can be used. Now it can be completely abused without
>>>>>>> OWASP being able to have any legal framework to avoid this.
>>>>>>>
>>>>>>>  If anyone is following social media,  rumour has it OWASP is a
>>>>>>> vendor ground.
>>>>>>>
>>>>>>> I think I'm an OWASP supporter, I'm not benefiting financially on
>>>>>>> (ab)using the OWASP name cause in my country people even has no idea what
>>>>>>> OWASP is.  I assume those in US and EU can be more interest in (ab)use it.
>>>>>>>
>>>>>>> The problem is that it misleads people into think that OWASP has an
>>>>>>> 'approval seal' on anything a vendor or individual does.
>>>>>>>
>>>>>>> Are we promoting more our 'vendor neutrality' with this? I don't
>>>>>>> think so.
>>>>>>>
>>>>>>> Now is a free for all. Good luck checking abuses. No legal framework
>>>>>>> right now for control.
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 18, 2016 at 6:41 PM, Dirk Wetter <dirk at owasp.org> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I am not often writing to the leaders list. Time has come though to
>>>>>>>> share concerns with you.
>>>>>>>>
>>>>>>>> My trigger is the new supporter logo "strategy" which became public
>>>>>>>> today:
>>>>>>>> https://twitter.com/owasp/status/732921073025572864
>>>>>>>>
>>>>>>>> I considered the OWASP logo as our core value. I represents OWASP's
>>>>>>>> good
>>>>>>>> standing. Lot of people in the community contributed to build up
>>>>>>>> our reputation
>>>>>>>> and -- as a consequence -- to our brand. That is good. Most of the
>>>>>>>> contributors
>>>>>>>> were altruistic. That's how I understand Open Source.
>>>>>>>>
>>>>>>>> Now it looks to me we are giving our good standing away instead of
>>>>>>>> putting strong controls
>>>>>>>> at it. First question: Why do we need to do this? Is this because
>>>>>>>> we feel the need to
>>>>>>>> get more people to OWASP and we are somehow blindfolded not able to
>>>>>>>> look at the consequences of a logo distribution? Or are there the
>>>>>>>> commercial interests ruling here?
>>>>>>>>
>>>>>>>>
>>>>>>>> Worse: the branding guide  (
>>>>>>>> https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>>>>>>>> )
>>>>>>>> is more or less still the same. I had some discussions warning that
>>>>>>>> we should fix the bugs in the branding guide
>>>>>>>> first before doing this. Heck, we don't even have a trademark
>>>>>>>> policy yet, no legal constraint [1]
>>>>>>>>
>>>>>>>> This is quite the opposite as the speaker agreement -- by the way.
>>>>>>>>
>>>>>>>>
>>>>>>>> To go into detail (attention, sarcasm)
>>>>>>>> ============================
>>>>>>>>
>>>>>>>> 5. The OWASP Brand may be used in association with an application
>>>>>>>> security assessment only if a complete and detailed methodology, sufficient
>>>>>>>> to reproduce the results, is disclosed.
>>>>>>>>
>>>>>>>> ==> Cool, OWASP allows me to put their logo on my pentests. That
>>>>>>>> certainly sounds good for my costumers also if I
>>>>>>>>   present BS to him (well, if I care, I could describe the complete
>>>>>>>> and detailed methodology -- but who cares! Nobody
>>>>>>>>   can control it as my costumer will certainly has no interest to
>>>>>>>> publish my report with his bugs)
>>>>>>>>
>>>>>>>> BTW: This could also be applied for tools.
>>>>>>>>
>>>>>>>>
>>>>>>>> 3. The OWASP Brand may be used by OWASP Members in good standing to
>>>>>>>> acknowledge a person's involvement in or a company's support of OWASP.
>>>>>>>>
>>>>>>>> ==> C00l. I edit the wiki, change a letter and I can use the OWASP
>>>>>>>> brand on my website to promote my business.
>>>>>>>>        Or I write a mail to the leaders list. Heck, in fact, as I
>>>>>>>> am on this list, I made it and can use the OWASP logo everywhere!!!
>>>>>>>>
>>>>>>>> BTW: If a local chapter has corporate sponsorships like the global
>>>>>>>> ones, vendor XYZ purchases this sponsorship
>>>>>>>> for ten bucks, getting a logo in return and next exhibition he puts
>>>>>>>> this as a sticker to his WAF. W00t!
>>>>>>>>
>>>>>>>>
>>>>>>>> 1. The OWASP Brand may be used to direct people to the OWASP
>>>>>>>> website for information about application security.
>>>>>>>> 2. The OWASP Brand may be used in commentary about the materials
>>>>>>>> found on the OWASP website.
>>>>>>>>
>>>>>>>> ==> 1337! I can still use the logo on my commercial web site. My
>>>>>>>> idea is here is to sell a service or a product. But
>>>>>>>>        if anyone reads it of course I will argue that I only
>>>>>>>> intended to point to OWASP.
>>>>>>>>
>>>>>>>>
>>>>>>>> Hopefully you got the message without feeling offended.
>>>>>>>>
>>>>>>>> To make this clear: I will rather swallow my keyboard instead of
>>>>>>>> doing this. In fact I am trying to fight those
>>>>>>>> cases but to me it seems that either nobody is listening or OWASP
>>>>>>>> became a vendor driven organization.
>>>>>>>>
>>>>>>>>
>>>>>>>> As a consequence I am afraid if we don't agree on a strong logo /
>>>>>>>> trademark policy we are commercializing more and more.
>>>>>>>> Where is "my OWASP" I used to love?
>>>>>>>>
>>>>>>>>
>>>>>>>> Dirk
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> [1] Even ISACA has stronger usage rules of their brand (not talking
>>>>>>>> about materials!):
>>>>>>>>
>>>>>>>> http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> German OWASP Chapter Lead
>>>>>>>> Send me encrypted mails (Key ID 0xB818C039)
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Johanna Curiel
>>>>>>> OWASP Volunteer
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>
>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160519/37f7c582/attachment-0001.html>


More information about the OWASP-Leaders mailing list