[Owasp-leaders] New supporter logos

Jim Manico jim.manico at owasp.org
Fri May 20 05:25:40 UTC 2016


My apologies Johanna. That was not at all directed to you.

- Jim



On 5/19/16 10:24 PM, johanna curiel curiel wrote:
> Hey Jim
>
> Elizabeth has in this same email chain ask us to use a more
> formal tone and you just go throw F words?
>
> On another email Tony has just done the same allegory to the F to me
>
> What is this ? Is this the way we discuss issues? Treat peeps with
> respect?
> You think I'm going to shut up?
>
> Your record using the f word is going to break records 
> :-p 
>
>
>
> On Friday, May 20, 2016, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Be the change you want to see in the world. If you wish to change
>     parts of OWASP that do not satisfy you, then please do something
>     about it or shut the fuck up please.
>
>     Thank you and Aloha, Jim
>
>
>     On 5/19/16 10:19 AM, Eoin Keary wrote:
>>     Love seeing the passion when it comes to logos and identity.....
>>     Pity we don't see more of this when it comes to doing what OWASP
>>     was born to do 😜😠😍🙄🤔☹️😣
>>
>>
>>     Eoin Keary
>>     OWASP Volunteer
>>     @eoinkeary
>>
>>
>>
>>     On 19 May 2016, at 15:03, johanna curiel curiel
>>     <johanna.curiel at owasp.org
>>     <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>
>>>     >>Every new thing that OWASP tries doesn’t need to be wrap in a blanket
>>>     of doom and gloom. 
>>>
>>>     Welcome to my world ;-). Have you any idea how often I launch
>>>     ideas that have been crushed by others in here, forgetting
>>>     I'm just a  volunteer? Well, some people have valid
>>>     point other don't. We have too keep moving fwd.
>>>
>>>     My point is not against the logo. I support the logo.
>>>
>>>     Is just that we launch this without having done the homework and
>>>     legal framework. What is the rush? We could have wait a little
>>>     more and avoid headaches. No one consult this properly.
>>>
>>>     I think if you have been following Dirk's activities, he is
>>>     tired of preaching and not being heard, I have very often the
>>>     same feeling too.
>>>
>>>     Cheers
>>>
>>>     Johanna
>>>
>>>
>>>     On Thu, May 19, 2016 at 8:49 AM, Larry Conklin
>>>     <larry.conklin at owasp.org
>>>     <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>> wrote:
>>>
>>>         Johanna, I have to respectfully disagree. Yes, TM issues do
>>>         exist. But that said I believe the issue is at times as a
>>>         community we focus way too much of our time and effort on
>>>         the downside of anything new or different. Bullet proof TM
>>>         policies or not doesn’t prevent anyone from abusing our
>>>         logos.  The same issue is for ISC(2) which has badges. Coke
>>>         Cola, Xerox, Kleenex have the strongest brands worldwide,
>>>         with a huge cash pile and lawyers to protect them. They are
>>>         also in some form of ligation everyday with people trying to
>>>         abuse or encroach on their bands. Yes that is wrong but it’s
>>>         not every going to prevent someone from trying. Isn’t the
>>>         saying “imitation is the greatest complement”.
>>>
>>>         Also we as leaders did to be much more proactive. OWASP
>>>         badges were no secret. We knew they were coming. We even had
>>>         a debate on the logo style.
>>>
>>>         My points is still valid IMHO. We need to step back and
>>>         breathe. Every new thing that OWASP tries doesn’t need to be
>>>         wrap in a blanket of doom and gloom. Yes there is lots of
>>>         things and need to change, things that need to be fixed. As
>>>         a large community everyone is not going to work on everyone
>>>         else’s priority projects and nothing is ever going to be
>>>         perfect.
>>>
>>>         Second we as leaders to be more proactive, we need to have
>>>         much more active discussion before an event and not
>>>         afterwards. And we don’t need to address everything as if
>>>         the world is falling down around us.
>>>
>>>         I apologize if your email and Dirk’s was not in that tone
>>>         but that is how it came across to me.
>>>
>>>         Larry Conklin
>>>
>>>         On Wed, May 18, 2016 at 9:08 PM, johanna curiel curiel
>>>         <johanna.curiel at owasp.org
>>>         <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>>
>>>         wrote:
>>>
>>>             me too
>>>
>>>             Hi Larry,
>>>
>>>             The problem is not the supporter logo.
>>>
>>>             The issue is the lack of a TM and the lack of policies
>>>             around the use of it, that can trigger brand abuses. 
>>>
>>>             I just asked my husband who is a lawyer and his opinion
>>>             was that this should have been done BEFORE not AFTER the
>>>             launch.However is not too late to provide a legal
>>>             frameworks and policies around it but is going to cost
>>>             money to find out.
>>>
>>>             >>However, a major policy change will not likely occur before we've
>>>             really thought this through and had some legal advice
>>>             Exactly. I though this was going to be launched when
>>>              this was defined properly.
>>>
>>>             regards
>>>
>>>             On Wed, May 18, 2016 at 8:51 PM, Larry Conklin
>>>             <larry.conklin at owasp.org
>>>             <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>>
>>>             wrote:
>>>
>>>                 Not sure why but I got a message saying my original
>>>                 email failed.
>>>
>>>                 I think we need a new badge for doom and gloom. lol.
>>>                 Come on folks. We are proud of what we do at OWASP.
>>>                 We are proud of OWASP. We are proud of what OWASP
>>>                 has accomplish in the AppSec world. 
>>>
>>>                 Why wouldn't we want to show some love? This isn't
>>>                 something new but it is an emerging marketing tool.
>>>                 Today besides having an OWASP badge and can get a
>>>                 badge from ISC(2) for my CISSP certification. 
>>>
>>>                 I am not diluting ISC(2) brand, nor am I diluting
>>>                 OWASP brand by using a badge. only thing I would be
>>>                 doing is showing my support in a visible way. Oh yes
>>>                 I can also get a badge for Linux Foundation CII.
>>>
>>>                 Yes we could have a debate if badges really provide
>>>                 or increase motivation or increase marketing. That
>>>                 would be a good debate. But I haven't read one thing
>>>                 that says badges decrease a brand.
>>>
>>>                 Who is really at fault. it's not like no one didn't
>>>                 see this coming.  Dirk and Johanna your voice would
>>>                 have been much better at the beginning of this
>>>                 conversation and not at the end IMHO. Take a moment,
>>>                 take a deep breath. If you don't like the badge
>>>                 don't use it.
>>>
>>>                 Larry Conklin
>>>
>>>                 On Wed, May 18, 2016 at 8:40 PM, Larry Conklin
>>>                 <larry.conklin at owasp.org
>>>                 <javascript:_e(%7B%7D,'cvml','larry.conklin at owasp.org');>>
>>>                 wrote:
>>>
>>>                     I think we need a new badge for doom and gloom.
>>>                     lol. Come on folks. We are proud of what we do
>>>                     at OWASP. We are proud of OWASP. We are proud of
>>>                     what OWASP has accomplish in the AppSec world. 
>>>
>>>                     Why wouldn't we want to show some love? This
>>>                     isn't something new but it is an emerging
>>>                     marketing tool. Today besides having an OWASP
>>>                     badge and can get a badge from ISC(2) for my
>>>                     CISSP certification. 
>>>
>>>                     I am not diluting ISC(2) brand, nor am I
>>>                     diluting OWASP brand by using a badge. only
>>>                     thing I would be doing is showing my support in
>>>                     a visible way. Oh yes I can also get a badge for
>>>                     Linux Foundation CII.
>>>
>>>                     Yes we could have a debate if badges really
>>>                     provide or increase motivation or increase
>>>                     marketing. That would be a good debate. But I
>>>                     haven't read one thing that says badges decrease
>>>                     a brand.
>>>
>>>                     Who is really at fault. it's not like no one
>>>                     didn't see this coming.  Dirk and Johanna your
>>>                     voice would have been much better at the
>>>                     beginning of this conversation and not at the
>>>                     end IMHO. Take a moment, take a deep breath. If
>>>                     you don't like the badge don't use it.
>>>
>>>                     Larry Conklin
>>>
>>>
>>>                     On Wed, May 18, 2016 at 7:12 PM, johanna curiel
>>>                     curiel <johanna.curiel at owasp.org
>>>                     <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>>
>>>                     wrote:
>>>
>>>                         >>To make this clear: I will rather swallow my
>>>                         keyboard instead of doing this. In fact I am
>>>                         trying to fight those cases but to me it
>>>                         seems that either nobody is listening or
>>>                         OWASP became a vendor driven organization.
>>>
>>>                         I share Dirk's concerns. 
>>>
>>>                         This new supporter logo can cause more brand
>>>                         abuses because the uses of it  has not being
>>>                         properly defined. 
>>>
>>>                         So far is a free for all, like Dirk said.
>>>                         This does not have yet a TM on it and it
>>>                         should have it first before going to promote
>>>                         it . Also specify in which cases can be
>>>                         used. Now it can be completely abused
>>>                         without OWASP being able to have any legal
>>>                         framework to avoid this.
>>>
>>>                          If anyone is following social media,
>>>                          rumour has it OWASP is a vendor ground. 
>>>
>>>                         I think I'm an OWASP supporter, I'm not
>>>                         benefiting financially on (ab)using the
>>>                         OWASP name cause in my country people even
>>>                         has no idea what OWASP is.  I assume those
>>>                         in US and EU can be more interest in (ab)use it.
>>>
>>>                         The problem is that it misleads people into
>>>                         think that OWASP has an 'approval seal' on
>>>                         anything a vendor or individual does.
>>>
>>>                         Are we promoting more our 'vendor
>>>                         neutrality' with this? I don't think so. 
>>>
>>>                         Now is a free for all. Good luck checking
>>>                         abuses. No legal framework right now for
>>>                         control.
>>>
>>>
>>>                         On Wed, May 18, 2016 at 6:41 PM, Dirk Wetter
>>>                         <dirk at owasp.org
>>>                         <javascript:_e(%7B%7D,'cvml','dirk at owasp.org');>>
>>>                         wrote:
>>>
>>>
>>>                             Hi all,
>>>
>>>                             I am not often writing to the leaders
>>>                             list. Time has come though to share
>>>                             concerns with you.
>>>
>>>                             My trigger is the new supporter logo
>>>                             "strategy" which became public today:
>>>                             https://twitter.com/owasp/status/732921073025572864
>>>
>>>                             I considered the OWASP logo as our core
>>>                             value. I represents OWASP's good
>>>                             standing. Lot of people in the community
>>>                             contributed to build up our reputation
>>>                             and -- as a consequence -- to our brand.
>>>                             That is good. Most of the contributors
>>>                             were altruistic. That's how I understand
>>>                             Open Source.
>>>
>>>                             Now it looks to me we are giving our
>>>                             good standing away instead of putting
>>>                             strong controls
>>>                             at it. First question: Why do we need to
>>>                             do this? Is this because we feel the need to
>>>                             get more people to OWASP and we are
>>>                             somehow blindfolded not able to
>>>                             look at the consequences of a logo
>>>                             distribution? Or are there the
>>>                             commercial interests ruling here?
>>>
>>>
>>>                             Worse: the branding guide 
>>>                             (https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES)
>>>                             is more or less still the same. I had
>>>                             some discussions warning that we should
>>>                             fix the bugs in the branding guide
>>>                             first before doing this. Heck, we don't
>>>                             even have a trademark policy yet, no
>>>                             legal constraint [1]
>>>
>>>                             This is quite the opposite as the
>>>                             speaker agreement -- by the way.
>>>
>>>
>>>                             To go into detail (attention, sarcasm)
>>>                             ============================
>>>
>>>                             5. The OWASP Brand may be used in
>>>                             association with an application security
>>>                             assessment only if a complete and
>>>                             detailed methodology, sufficient to
>>>                             reproduce the results, is disclosed.
>>>
>>>                             ==> Cool, OWASP allows me to put their
>>>                             logo on my pentests. That certainly
>>>                             sounds good for my costumers also if I
>>>                               present BS to him (well, if I care, I
>>>                             could describe the complete and detailed
>>>                             methodology -- but who cares! Nobody
>>>                               can control it as my costumer will
>>>                             certainly has no interest to publish my
>>>                             report with his bugs)
>>>
>>>                             BTW: This could also be applied for tools.
>>>
>>>
>>>                             3. The OWASP Brand may be used by OWASP
>>>                             Members in good standing to acknowledge
>>>                             a person's involvement in or a company's
>>>                             support of OWASP.
>>>
>>>                             ==> C00l. I edit the wiki, change a
>>>                             letter and I can use the OWASP brand on
>>>                             my website to promote my business.
>>>                                    Or I write a mail to the leaders
>>>                             list. Heck, in fact, as I am on this
>>>                             list, I made it and can use the OWASP
>>>                             logo everywhere!!!
>>>
>>>                             BTW: If a local chapter has corporate
>>>                             sponsorships like the global ones,
>>>                             vendor XYZ purchases this sponsorship
>>>                             for ten bucks, getting a logo in return
>>>                             and next exhibition he puts this as a
>>>                             sticker to his WAF. W00t!
>>>
>>>
>>>                             1. The OWASP Brand may be used to direct
>>>                             people to the OWASP website for
>>>                             information about application security.
>>>                             2. The OWASP Brand may be used in
>>>                             commentary about the materials found on
>>>                             the OWASP website.
>>>
>>>                             ==> 1337! I can still use the logo on my
>>>                             commercial web site. My idea is here is
>>>                             to sell a service or a product. But
>>>                                    if anyone reads it of course I
>>>                             will argue that I only intended to point
>>>                             to OWASP.
>>>
>>>
>>>                             Hopefully you got the message without
>>>                             feeling offended.
>>>
>>>                             To make this clear: I will rather
>>>                             swallow my keyboard instead of doing
>>>                             this. In fact I am trying to fight those
>>>                             cases but to me it seems that either
>>>                             nobody is listening or OWASP became a
>>>                             vendor driven organization.
>>>
>>>
>>>                             As a consequence I am afraid if we don't
>>>                             agree on a strong logo / trademark
>>>                             policy we are commercializing more and more.
>>>                             Where is "my OWASP" I used to love?
>>>
>>>
>>>                             Dirk
>>>
>>>
>>>
>>>                             [1] Even ISACA has stronger usage rules
>>>                             of their brand (not talking about
>>>                             materials!):
>>>                              
>>>                              http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>>>
>>>
>>>
>>>
>>>
>>>                             --
>>>                             German OWASP Chapter Lead
>>>                             Send me encrypted mails (Key ID 0xB818C039)
>>>
>>>
>>>                             _______________________________________________
>>>                             OWASP-Leaders mailing list
>>>                             OWASP-Leaders at lists.owasp.org
>>>                             <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>                             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>                         -- 
>>>                         Johanna Curiel 
>>>                         OWASP Volunteer
>>>
>>>                         _______________________________________________
>>>                         OWASP-Leaders mailing list
>>>                         OWASP-Leaders at lists.owasp.org
>>>                         <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>                         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>>
>>>
>>>             -- 
>>>             Johanna Curiel 
>>>             OWASP Volunteer
>>>
>>>
>>>
>>>
>>>
>>>     -- 
>>>     Johanna Curiel 
>>>     OWASP Volunteer
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org
>>>     <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org
>>     <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> -- 
> Johanna Curiel 
> OWASP Volunteer
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160519/96a139b2/attachment-0001.html>


More information about the OWASP-Leaders mailing list