[Owasp-leaders] New supporter logos

johanna curiel curiel johanna.curiel at owasp.org
Fri May 20 05:24:24 UTC 2016


Hey Jim

Elizabeth has in this same email chain ask us to use a more formal tone and
you just go throw F words?

On another email Tony has just done the same allegory to the F to me

What is this ? Is this the way we discuss issues? Treat peeps with respect?
You think I'm going to shut up?

Your record using the f word is going to break records
:-p



On Friday, May 20, 2016, Jim Manico <jim.manico at owasp.org> wrote:

> Be the change you want to see in the world. If you wish to change parts of
> OWASP that do not satisfy you, then please do something about it or shut
> the fuck up please.
>
> Thank you and Aloha, Jim
>
> On 5/19/16 10:19 AM, Eoin Keary wrote:
>
> Love seeing the passion when it comes to logos and identity..... Pity we
> don't see more of this when it comes to doing what OWASP was born to do
> 😜😠😍🙄🤔☹️😣
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
> On 19 May 2016, at 15:03, johanna curiel curiel <
> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>
> johanna.curiel at owasp.org
> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>
> >>Every new thing that OWASP tries doesn’t need to be wrap in a blanket of
> doom and gloom.
>
> Welcome to my world ;-). Have you any idea how often I launch ideas that
> have been crushed by others in here, forgetting I'm just a  volunteer?
> Well, some people have valid point other don't. We have too keep moving fwd.
>
> My point is not against the logo. I support the logo.
>
> Is just that we launch this without having done the homework and legal
> framework. What is the rush? We could have wait a little more and avoid
> headaches. No one consult this properly.
>
> I think if you have been following Dirk's activities, he is tired of
> preaching and not being heard, I have very often the same feeling too.
>
> Cheers
>
> Johanna
>
>
> On Thu, May 19, 2016 at 8:49 AM, Larry Conklin <
> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>
> larry.conklin at owasp.org
> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>> wrote:
>
>> Johanna, I have to respectfully disagree. Yes, TM issues do exist. But
>> that said I believe the issue is at times as a community we focus way too
>> much of our time and effort on the downside of anything new or different.
>> Bullet proof TM policies or not doesn’t prevent anyone from abusing our
>> logos.  The same issue is for ISC(2) which has badges. Coke Cola, Xerox,
>> Kleenex have the strongest brands worldwide, with a huge cash pile and
>> lawyers to protect them. They are also in some form of ligation everyday
>> with people trying to abuse or encroach on their bands. Yes that is wrong
>> but it’s not every going to prevent someone from trying. Isn’t the saying
>> “imitation is the greatest complement”.
>>
>> Also we as leaders did to be much more proactive. OWASP badges were no
>> secret. We knew they were coming. We even had a debate on the logo style.
>>
>> My points is still valid IMHO. We need to step back and breathe. Every
>> new thing that OWASP tries doesn’t need to be wrap in a blanket of doom and
>> gloom. Yes there is lots of things and need to change, things that need to
>> be fixed. As a large community everyone is not going to work on everyone
>> else’s priority projects and nothing is ever going to be perfect.
>>
>> Second we as leaders to be more proactive, we need to have much more
>> active discussion before an event and not afterwards. And we don’t need to
>> address everything as if the world is falling down around us.
>>
>> I apologize if your email and Dirk’s was not in that tone but that is how
>> it came across to me.
>> Larry Conklin
>>
>> On Wed, May 18, 2016 at 9:08 PM, johanna curiel curiel <
>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>
>> johanna.curiel at owasp.org
>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>
>>> me too
>>>
>>> Hi Larry,
>>>
>>> The problem is not the supporter logo.
>>>
>>> The issue is the lack of a TM and the lack of policies around the use of
>>> it, that can trigger brand abuses.
>>>
>>> I just asked my husband who is a lawyer and his opinion was that this
>>> should have been done BEFORE not AFTER the launch.However is not too late
>>> to provide a legal frameworks and policies around it but is going to cost
>>> money to find out.
>>>
>>> >>However, a major policy change will not likely occur before we've
>>> really thought this through and had some legal advice
>>> Exactly. I though this was going to be launched when  this was defined
>>> properly.
>>>
>>> regards
>>>
>>> On Wed, May 18, 2016 at 8:51 PM, Larry Conklin <
>>> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>
>>> larry.conklin at owasp.org
>>> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>> wrote:
>>>
>>>> Not sure why but I got a message saying my original email failed.
>>>>
>>>> I think we need a new badge for doom and gloom. lol. Come on folks. We
>>>> are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>>> what OWASP has accomplish in the AppSec world.
>>>>
>>>> Why wouldn't we want to show some love? This isn't something new but it
>>>> is an emerging marketing tool. Today besides having an OWASP badge and can
>>>> get a badge from ISC(2) for my CISSP certification.
>>>>
>>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by using
>>>> a badge. only thing I would be doing is showing my support in a visible
>>>> way. Oh yes I can also get a badge for Linux Foundation CII.
>>>>
>>>> Yes we could have a debate if badges really provide or increase
>>>> motivation or increase marketing. That would be a good debate. But I
>>>> haven't read one thing that says badges decrease a brand.
>>>>
>>>> Who is really at fault. it's not like no one didn't see this coming.
>>>> Dirk and Johanna your voice would have been much better at the beginning of
>>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>>> breath. If you don't like the badge don't use it.
>>>>
>>>> Larry Conklin
>>>>
>>>> On Wed, May 18, 2016 at 8:40 PM, Larry Conklin <
>>>> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>
>>>> larry.conklin at owasp.org
>>>> <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>> wrote:
>>>>
>>>>> I think we need a new badge for doom and gloom. lol. Come on folks. We
>>>>> are proud of what we do at OWASP. We are proud of OWASP. We are proud of
>>>>> what OWASP has accomplish in the AppSec world.
>>>>>
>>>>> Why wouldn't we want to show some love? This isn't something new but
>>>>> it is an emerging marketing tool. Today besides having an OWASP badge and
>>>>> can get a badge from ISC(2) for my CISSP certification.
>>>>>
>>>>> I am not diluting ISC(2) brand, nor am I diluting OWASP brand by using
>>>>> a badge. only thing I would be doing is showing my support in a visible
>>>>> way. Oh yes I can also get a badge for Linux Foundation CII.
>>>>>
>>>>> Yes we could have a debate if badges really provide or increase
>>>>> motivation or increase marketing. That would be a good debate. But I
>>>>> haven't read one thing that says badges decrease a brand.
>>>>>
>>>>> Who is really at fault. it's not like no one didn't see this coming.
>>>>> Dirk and Johanna your voice would have been much better at the beginning of
>>>>> this conversation and not at the end IMHO. Take a moment, take a deep
>>>>> breath. If you don't like the badge don't use it.
>>>>>
>>>>> Larry Conklin
>>>>>
>>>>>
>>>>> On Wed, May 18, 2016 at 7:12 PM, johanna curiel curiel <
>>>>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>
>>>>> johanna.curiel at owasp.org
>>>>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>>>>
>>>>>> >>To make this clear: I will rather swallow my keyboard instead of
>>>>>> doing this. In fact I am trying to fight those cases but to me it
>>>>>> seems that either nobody is listening or OWASP became a vendor driven
>>>>>> organization.
>>>>>>
>>>>>> I share Dirk's concerns.
>>>>>>
>>>>>> This new supporter logo can cause more brand abuses because the uses
>>>>>> of it  has not being properly defined.
>>>>>>
>>>>>> So far is a free for all, like Dirk said. This does not have yet a TM
>>>>>> on it and it should have it first before going to promote it . Also specify
>>>>>> in which cases can be used. Now it can be completely abused without OWASP
>>>>>> being able to have any legal framework to avoid this.
>>>>>>
>>>>>>  If anyone is following social media,  rumour has it OWASP is a
>>>>>> vendor ground.
>>>>>>
>>>>>> I think I'm an OWASP supporter, I'm not benefiting financially on
>>>>>> (ab)using the OWASP name cause in my country people even has no idea what
>>>>>> OWASP is.  I assume those in US and EU can be more interest in (ab)use it.
>>>>>>
>>>>>> The problem is that it misleads people into think that OWASP has an
>>>>>> 'approval seal' on anything a vendor or individual does.
>>>>>>
>>>>>> Are we promoting more our 'vendor neutrality' with this? I don't
>>>>>> think so.
>>>>>>
>>>>>> Now is a free for all. Good luck checking abuses. No legal framework
>>>>>> right now for control.
>>>>>>
>>>>>>
>>>>>> On Wed, May 18, 2016 at 6:41 PM, Dirk Wetter <
>>>>>> <javascript:_e(%7B%7D,'cvml','dirk at owasp.org');>dirk at owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','dirk at owasp.org');>> wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I am not often writing to the leaders list. Time has come though to
>>>>>>> share concerns with you.
>>>>>>>
>>>>>>> My trigger is the new supporter logo "strategy" which became public
>>>>>>> today:
>>>>>>> <https://twitter.com/owasp/status/732921073025572864>
>>>>>>> https://twitter.com/owasp/status/732921073025572864
>>>>>>>
>>>>>>> I considered the OWASP logo as our core value. I represents OWASP's
>>>>>>> good
>>>>>>> standing. Lot of people in the community contributed to build up our
>>>>>>> reputation
>>>>>>> and -- as a consequence -- to our brand. That is good. Most of the
>>>>>>> contributors
>>>>>>> were altruistic. That's how I understand Open Source.
>>>>>>>
>>>>>>> Now it looks to me we are giving our good standing away instead of
>>>>>>> putting strong controls
>>>>>>> at it. First question: Why do we need to do this? Is this because we
>>>>>>> feel the need to
>>>>>>> get more people to OWASP and we are somehow blindfolded not able to
>>>>>>> look at the consequences of a logo distribution? Or are there the
>>>>>>> commercial interests ruling here?
>>>>>>>
>>>>>>>
>>>>>>> Worse: the branding guide  (
>>>>>>> <https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES>
>>>>>>> https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>>>>>>> )
>>>>>>> is more or less still the same. I had some discussions warning that
>>>>>>> we should fix the bugs in the branding guide
>>>>>>> first before doing this. Heck, we don't even have a trademark policy
>>>>>>> yet, no legal constraint [1]
>>>>>>>
>>>>>>> This is quite the opposite as the speaker agreement -- by the way.
>>>>>>>
>>>>>>>
>>>>>>> To go into detail (attention, sarcasm)
>>>>>>> ============================
>>>>>>>
>>>>>>> 5. The OWASP Brand may be used in association with an application
>>>>>>> security assessment only if a complete and detailed methodology, sufficient
>>>>>>> to reproduce the results, is disclosed.
>>>>>>>
>>>>>>> ==> Cool, OWASP allows me to put their logo on my pentests. That
>>>>>>> certainly sounds good for my costumers also if I
>>>>>>>   present BS to him (well, if I care, I could describe the complete
>>>>>>> and detailed methodology -- but who cares! Nobody
>>>>>>>   can control it as my costumer will certainly has no interest to
>>>>>>> publish my report with his bugs)
>>>>>>>
>>>>>>> BTW: This could also be applied for tools.
>>>>>>>
>>>>>>>
>>>>>>> 3. The OWASP Brand may be used by OWASP Members in good standing to
>>>>>>> acknowledge a person's involvement in or a company's support of OWASP.
>>>>>>>
>>>>>>> ==> C00l. I edit the wiki, change a letter and I can use the OWASP
>>>>>>> brand on my website to promote my business.
>>>>>>>        Or I write a mail to the leaders list. Heck, in fact, as I am
>>>>>>> on this list, I made it and can use the OWASP logo everywhere!!!
>>>>>>>
>>>>>>> BTW: If a local chapter has corporate sponsorships like the global
>>>>>>> ones, vendor XYZ purchases this sponsorship
>>>>>>> for ten bucks, getting a logo in return and next exhibition he puts
>>>>>>> this as a sticker to his WAF. W00t!
>>>>>>>
>>>>>>>
>>>>>>> 1. The OWASP Brand may be used to direct people to the OWASP website
>>>>>>> for information about application security.
>>>>>>> 2. The OWASP Brand may be used in commentary about the materials
>>>>>>> found on the OWASP website.
>>>>>>>
>>>>>>> ==> 1337! I can still use the logo on my commercial web site. My
>>>>>>> idea is here is to sell a service or a product. But
>>>>>>>        if anyone reads it of course I will argue that I only
>>>>>>> intended to point to OWASP.
>>>>>>>
>>>>>>>
>>>>>>> Hopefully you got the message without feeling offended.
>>>>>>>
>>>>>>> To make this clear: I will rather swallow my keyboard instead of
>>>>>>> doing this. In fact I am trying to fight those
>>>>>>> cases but to me it seems that either nobody is listening or OWASP
>>>>>>> became a vendor driven organization.
>>>>>>>
>>>>>>>
>>>>>>> As a consequence I am afraid if we don't agree on a strong logo /
>>>>>>> trademark policy we are commercializing more and more.
>>>>>>> Where is "my OWASP" I used to love?
>>>>>>>
>>>>>>>
>>>>>>> Dirk
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> [1] Even ISACA has stronger usage rules of their brand (not talking
>>>>>>> about materials!):
>>>>>>>
>>>>>>> <http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules>
>>>>>>> http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> German OWASP Chapter Lead
>>>>>>> Send me encrypted mails (Key ID 0xB818C039)
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Johanna Curiel
>>>>>> OWASP Volunteer
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.org <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>

-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160520/7f506cff/attachment-0001.html>


More information about the OWASP-Leaders mailing list