[Owasp-leaders] New supporter logos

Dirk Wetter dirk at owasp.org
Fri May 20 14:24:49 UTC 2016


Hi Johanna,

I couldn't have phrased this better!

Thx, Dirk

Am 05/19/2016 um 01:12 AM schrieb johanna curiel curiel:
> >>To make this clear: I will rather swallow my keyboard instead of doing this. In fact I am trying to fight those cases but to me it seems that either nobody is listening or OWASP became a vendor driven organization.
>
> I share Dirk's concerns. 
>
> This new supporter logo can cause more brand abuses because the uses of it  has not being properly defined. 
>
> So far is a free for all, like Dirk said. This does not have yet a TM on it and it should have it first before going to promote it . Also specify in which cases can be used. Now it can be completely abused without OWASP being able to have any legal framework to avoid this.
>
>  If anyone is following social media,  rumour has it OWASP is a vendor ground. 
>
> I think I'm an OWASP supporter, I'm not benefiting financially on (ab)using the OWASP name cause in my country people even has no idea what OWASP is.  I assume those in US and EU can be more interest in (ab)use it.
>
> The problem is that it misleads people into think that OWASP has an 'approval seal' on anything a vendor or individual does.
>
> Are we promoting more our 'vendor neutrality' with this? I don't think so. 
>
> Now is a free for all. Good luck checking abuses. No legal framework right now for control.
>
>
> On Wed, May 18, 2016 at 6:41 PM, Dirk Wetter <dirk at owasp.org <mailto:dirk at owasp.org>> wrote:
>
>
>     Hi all,
>
>     I am not often writing to the leaders list. Time has come though to share concerns with you.
>
>     My trigger is the new supporter logo "strategy" which became public today:
>     https://twitter.com/owasp/status/732921073025572864
>
>     I considered the OWASP logo as our core value. I represents OWASP's good
>     standing. Lot of people in the community contributed to build up our reputation
>     and -- as a consequence -- to our brand. That is good. Most of the contributors
>     were altruistic. That's how I understand Open Source.
>
>     Now it looks to me we are giving our good standing away instead of putting strong controls
>     at it. First question: Why do we need to do this? Is this because we feel the need to
>     get more people to OWASP and we are somehow blindfolded not able to
>     look at the consequences of a logo distribution? Or are there the commercial interests ruling here?
>
>
>     Worse: the branding guide  (https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES)
>     is more or less still the same. I had some discussions warning that we should fix the bugs in the branding guide
>     first before doing this. Heck, we don't even have a trademark policy yet, no legal constraint [1]
>
>     This is quite the opposite as the speaker agreement -- by the way.
>
>
>     To go into detail (attention, sarcasm)
>     ============================
>
>     5. The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
>
>     ==> Cool, OWASP allows me to put their logo on my pentests. That certainly sounds good for my costumers also if I
>       present BS to him (well, if I care, I could describe the complete and detailed methodology -- but who cares! Nobody
>       can control it as my costumer will certainly has no interest to publish my report with his bugs)
>
>     BTW: This could also be applied for tools.
>
>
>     3. The OWASP Brand may be used by OWASP Members in good standing to acknowledge a person's involvement in or a company's support of OWASP.
>
>     ==> C00l. I edit the wiki, change a letter and I can use the OWASP brand on my website to promote my business.
>            Or I write a mail to the leaders list. Heck, in fact, as I am on this list, I made it and can use the OWASP logo everywhere!!!
>
>     BTW: If a local chapter has corporate sponsorships like the global ones, vendor XYZ purchases this sponsorship
>     for ten bucks, getting a logo in return and next exhibition he puts this as a sticker to his WAF. W00t!
>
>
>     1. The OWASP Brand may be used to direct people to the OWASP website for information about application security.
>     2. The OWASP Brand may be used in commentary about the materials found on the OWASP website.
>
>     ==> 1337! I can still use the logo on my commercial web site. My idea is here is to sell a service or a product. But
>            if anyone reads it of course I will argue that I only intended to point to OWASP.
>
>
>     Hopefully you got the message without feeling offended.
>
>     To make this clear: I will rather swallow my keyboard instead of doing this. In fact I am trying to fight those
>     cases but to me it seems that either nobody is listening or OWASP became a vendor driven organization.
>
>
>     As a consequence I am afraid if we don't agree on a strong logo / trademark policy we are commercializing more and more.
>     Where is "my OWASP" I used to love?
>
>
>     Dirk
>
>
>
>     [1] Even ISACA has stronger usage rules of their brand (not talking about materials!):
>        http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>
>
>
>
>
>     --
>     German OWASP Chapter Lead
>     Send me encrypted mails (Key ID 0xB818C039)
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> -- 
> Johanna Curiel 
> OWASP Volunteer

-- 
German OWASP Chapter Lead
Send me encrypted mails (Key ID 0xB818C039)



More information about the OWASP-Leaders mailing list