[Owasp-leaders] New supporter logos

Dirk Wetter dirk at owasp.org
Fri May 20 15:57:31 UTC 2016

Am 05/20/2016 um 05:07 PM schrieb johanna curiel curiel:
> @Dirk your concern as mine when I saw this, but again, I don't want to kill every initiative a member takes even if I don't agree completely
> I think Larry and Elizabeth asked us why didn't we jump earlier in the discussion when the Logo was proposed. I agree on the Logo, I disagree how this has been implemented.

I jumped in way earlier.

The absurd thing which I can't comprehend: This supporter logo thing came soon after after an -- IMO -- abuse
case I presented to the board. I was asking them whether thy feel that case I presented is correct in their

It's appears kind of absurd to me as it is the opposite thing I asked for.

> Abuses will happen where financial gain is.If putting this logo can help me sell...well you bet the first ones happy will be the vendors.
> Contrast did that with OWASP benchmark publicising OWASP logo 'sponsored by' even the DHS logo.
> https://twitter.com/jctechno/status/672079500033814528

Ok, a TM would have helped here maybe.

But in general this is why I think giving away a supporter logo is not good either -- the only point where we have
a different stance so far:

My firm belief is if you give a away a logo you can't control the usage. It's like putting a vulnerable
web application in the internet. Somebody will find and hack/abuse it. It also doesn't matter if a law is
saying that it shouldn't been hacked [1]. Same with the logo. Giving a logo away is like announcing
a vulnerable web app to all bad guys. So a supporter logo could be an invitation to abuse (ideas see my first mail).

Also I do not understand the point in the first place: Why do we want to give a away a logo? What's
our added benefit?

Thus I find a very strict logo policy accompanied with a proper TM the right thing to do. There's
still potential for abuse but at least you did the best reasonably possible..

Look at ISACA. You can't use the logo without written consent by ISACA.

> I felt used. I'm just a volunteer that works for 0.000000 dollars, I'm not vendor and others get away making money while I'm the wasp working for others financial benefits. That just feels awful.It feels I have been used, but yes thats life right?

I feel the same too. It feels not good for me now when have being part of it to
made OWASP better it's being used by vendors.

Cheers, Dirk

[1] simplifying here. A TM is better in our case as an abuse case will take publicly
     in most of the cases. And laws impress cyber criminals less than logo abusers.

German OWASP Chapter Lead
Send me encrypted mails (Key ID 0xB818C039)

More information about the OWASP-Leaders mailing list