[Owasp-leaders] New supporter logos

Jim Manico jim.manico at owasp.org
Sun May 22 06:06:54 UTC 2016


Liam,

Thank you very much for speaking up and sharing your opinion. I'm with
you 100%.

Aloha, Jim


On 5/20/16 3:22 AM, Liam Smit wrote:
> Hi All 
>
> I'm going to weigh in here because a lot of what I read on this list
> can be considered negative criticism (think moaning and complaining)
> rather than constructive criticism (creating a putting forward a
> better method, guide, etc). Now that's just my opinion (although
> others may share it) so I'm going to try and give some constructive
> feedback i.e. suggest how to do it better.
>
> Let us be frank. Talk is cheap and so is writing emails. Ideas are
> actually easy to come up with but putting in the time and effort to
> implement them successfully is most definitely not.(1)
>
> So for example if you don't like the branding guide then improve it.
> Sit down and figure out what is deficient. Figure out how to improve
> it. Create the improvement. Get feedback(2) / review the improvement.
> Repeat as necessary. Put forward your suggestions / improved version
> of guide.
>
> I'm pretty darn sure that if anyone (whether a single person or a
> group) were to come up with a good set of suggested improvements for
> any guide then that would be received graciously and with thanks.
>
> I know I'm impressed when I see the work that someone has put in to
> create or update an existing guide and when they ask for feedback,
> proofing, etc.(1)
>
>
> Regards,
>
> Liam
>
> 1.) I contribute to OWASP almost entirely off this list. E.g. proof
> reading, giving feedback, organising OWASP meetings and helping with a
> local security conference. I imagine this hold true for most of us.
>
> 2.) I'm aware that'll you need to ask others for their feedback or
> input but merely asking will not fix or improve anything. Neither will
> simply expressing your feelings about the guide. You need to *do*
> something.
>
>
> On Fri, May 20, 2016 at 9:15 AM, Eoin Keary <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
>     I thought I did, by leading/founding 2 flagship projects &
>     contributing to many more, founding a chapter, open sourcing my
>     training and spending 2 terms on the global board......
>
>     Thanks for the kind words, very professional.
>
>
>     Eoin Keary
>     OWASP Volunteer
>     @eoinkeary
>
>
>
>     On 20 May 2016, at 06:05, Jim Manico <jim.manico at owasp.org
>     <mailto:jim.manico at owasp.org>> wrote:
>
>>     Be the change you want to see in the world. If you wish to change
>>     parts of OWASP that do not satisfy you, then please do something
>>     about it or shut the fuck up please.
>>
>>     Thank you and Aloha, Jim
>>
>>
>>     On 5/19/16 10:19 AM, Eoin Keary wrote:
>>>     Love seeing the passion when it comes to logos and identity.....
>>>     Pity we don't see more of this when it comes to doing what OWASP
>>>     was born to do 😜😠😍🙄🤔☹️😣
>>>
>>>
>>>     Eoin Keary
>>>     OWASP Volunteer
>>>     @eoinkeary
>>>
>>>
>>>
>>>     On 19 May 2016, at 15:03, johanna curiel curiel
>>>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>>
>>>>     >>Every new thing that OWASP tries doesn’t need to be wrap in a
>>>>     blanket of doom and gloom. 
>>>>
>>>>     Welcome to my world ;-). Have you any idea how often I launch
>>>>     ideas that have been crushed by others in here, forgetting
>>>>     I'm just a  volunteer? Well, some people have valid
>>>>     point other don't. We have too keep moving fwd.
>>>>
>>>>     My point is not against the logo. I support the logo.
>>>>
>>>>     Is just that we launch this without having done the homework
>>>>     and legal framework. What is the rush? We could have wait a
>>>>     little more and avoid headaches. No one consult this properly.
>>>>
>>>>     I think if you have been following Dirk's activities, he is
>>>>     tired of preaching and not being heard, I have very often the
>>>>     same feeling too.
>>>>
>>>>     Cheers
>>>>
>>>>     Johanna
>>>>
>>>>
>>>>     On Thu, May 19, 2016 at 8:49 AM, Larry Conklin
>>>>     <larry.conklin at owasp.org <mailto:larry.conklin at owasp.org>> wrote:
>>>>
>>>>         Johanna, I have to respectfully disagree. Yes, TM issues do
>>>>         exist. But that said I believe the issue is at times as a
>>>>         community we focus way too much of our time and effort on
>>>>         the downside of anything new or different. Bullet proof TM
>>>>         policies or not doesn’t prevent anyone from abusing our
>>>>         logos.  The same issue is for ISC(2) which has badges. Coke
>>>>         Cola, Xerox, Kleenex have the strongest brands worldwide,
>>>>         with a huge cash pile and lawyers to protect them. They are
>>>>         also in some form of ligation everyday with people trying
>>>>         to abuse or encroach on their bands. Yes that is wrong but
>>>>         it’s not every going to prevent someone from trying. Isn’t
>>>>         the saying “imitation is the greatest complement”.
>>>>
>>>>         Also we as leaders did to be much more proactive. OWASP
>>>>         badges were no secret. We knew they were coming. We even
>>>>         had a debate on the logo style.
>>>>
>>>>         My points is still valid IMHO. We need to step back and
>>>>         breathe. Every new thing that OWASP tries doesn’t need to
>>>>         be wrap in a blanket of doom and gloom. Yes there is lots
>>>>         of things and need to change, things that need to be fixed.
>>>>         As a large community everyone is not going to work on
>>>>         everyone else’s priority projects and nothing is ever going
>>>>         to be perfect.
>>>>
>>>>         Second we as leaders to be more proactive, we need to have
>>>>         much more active discussion before an event and not
>>>>         afterwards. And we don’t need to address everything as if
>>>>         the world is falling down around us.
>>>>
>>>>         I apologize if your email and Dirk’s was not in that tone
>>>>         but that is how it came across to me.
>>>>
>>>>         Larry Conklin
>>>>
>>>>         On Wed, May 18, 2016 at 9:08 PM, johanna curiel curiel
>>>>         <johanna.curiel at owasp.org
>>>>         <mailto:johanna.curiel at owasp.org>> wrote:
>>>>
>>>>             me too
>>>>
>>>>             Hi Larry,
>>>>
>>>>             The problem is not the supporter logo.
>>>>
>>>>             The issue is the lack of a TM and the lack of policies
>>>>             around the use of it, that can trigger brand abuses. 
>>>>
>>>>             I just asked my husband who is a lawyer and his opinion
>>>>             was that this should have been done BEFORE not AFTER
>>>>             the launch.However is not too late to provide a legal
>>>>             frameworks and policies around it but is going to cost
>>>>             money to find out.
>>>>
>>>>             >>However, a major policy change will not likely occur before
>>>>             we've really thought this through and had some legal advice
>>>>             Exactly. I though this was going to be launched when
>>>>              this was defined properly.
>>>>
>>>>             regards
>>>>
>>>>             On Wed, May 18, 2016 at 8:51 PM, Larry Conklin
>>>>             <larry.conklin at owasp.org
>>>>             <mailto:larry.conklin at owasp.org>> wrote:
>>>>
>>>>                 Not sure why but I got a message saying my original
>>>>                 email failed.
>>>>
>>>>                 I think we need a new badge for doom and gloom.
>>>>                 lol. Come on folks. We are proud of what we do at
>>>>                 OWASP. We are proud of OWASP. We are proud of what
>>>>                 OWASP has accomplish in the AppSec world. 
>>>>
>>>>                 Why wouldn't we want to show some love? This isn't
>>>>                 something new but it is an emerging marketing tool.
>>>>                 Today besides having an OWASP badge and can get a
>>>>                 badge from ISC(2) for my CISSP certification. 
>>>>
>>>>                 I am not diluting ISC(2) brand, nor am I diluting
>>>>                 OWASP brand by using a badge. only thing I would be
>>>>                 doing is showing my support in a visible way. Oh
>>>>                 yes I can also get a badge for Linux Foundation CII.
>>>>
>>>>                 Yes we could have a debate if badges really provide
>>>>                 or increase motivation or increase marketing. That
>>>>                 would be a good debate. But I haven't read one
>>>>                 thing that says badges decrease a brand.
>>>>
>>>>                 Who is really at fault. it's not like no one didn't
>>>>                 see this coming.  Dirk and Johanna your voice would
>>>>                 have been much better at the beginning of this
>>>>                 conversation and not at the end IMHO. Take a
>>>>                 moment, take a deep breath. If you don't like the
>>>>                 badge don't use it.
>>>>
>>>>                 Larry Conklin
>>>>
>>>>                 On Wed, May 18, 2016 at 8:40 PM, Larry Conklin
>>>>                 <larry.conklin at owasp.org
>>>>                 <mailto:larry.conklin at owasp.org>> wrote:
>>>>
>>>>                     I think we need a new badge for doom and gloom.
>>>>                     lol. Come on folks. We are proud of what we do
>>>>                     at OWASP. We are proud of OWASP. We are proud
>>>>                     of what OWASP has accomplish in the AppSec world. 
>>>>
>>>>                     Why wouldn't we want to show some love? This
>>>>                     isn't something new but it is an emerging
>>>>                     marketing tool. Today besides having an OWASP
>>>>                     badge and can get a badge from ISC(2) for my
>>>>                     CISSP certification. 
>>>>
>>>>                     I am not diluting ISC(2) brand, nor am I
>>>>                     diluting OWASP brand by using a badge. only
>>>>                     thing I would be doing is showing my support in
>>>>                     a visible way. Oh yes I can also get a badge
>>>>                     for Linux Foundation CII.
>>>>
>>>>                     Yes we could have a debate if badges really
>>>>                     provide or increase motivation or increase
>>>>                     marketing. That would be a good debate. But I
>>>>                     haven't read one thing that says badges
>>>>                     decrease a brand.
>>>>
>>>>                     Who is really at fault. it's not like no one
>>>>                     didn't see this coming.  Dirk and Johanna your
>>>>                     voice would have been much better at the
>>>>                     beginning of this conversation and not at the
>>>>                     end IMHO. Take a moment, take a deep breath. If
>>>>                     you don't like the badge don't use it.
>>>>
>>>>                     Larry Conklin
>>>>
>>>>
>>>>                     On Wed, May 18, 2016 at 7:12 PM, johanna curiel
>>>>                     curiel <johanna.curiel at owasp.org
>>>>                     <mailto:johanna.curiel at owasp.org>> wrote:
>>>>
>>>>                         >>To make this clear: I will rather swallow my
>>>>                         keyboard instead of doing this. In fact I
>>>>                         am trying to fight those cases but to me it
>>>>                         seems that either nobody is listening or
>>>>                         OWASP became a vendor driven organization.
>>>>
>>>>                         I share Dirk's concerns. 
>>>>
>>>>                         This new supporter logo can cause more
>>>>                         brand abuses because the uses of it  has
>>>>                         not being properly defined. 
>>>>
>>>>                         So far is a free for all, like Dirk said.
>>>>                         This does not have yet a TM on it and it
>>>>                         should have it first before going to
>>>>                         promote it . Also specify in which cases
>>>>                         can be used. Now it can be completely
>>>>                         abused without OWASP being able to have any
>>>>                         legal framework to avoid this.
>>>>
>>>>                          If anyone is following social media,
>>>>                          rumour has it OWASP is a vendor ground. 
>>>>
>>>>                         I think I'm an OWASP supporter, I'm not
>>>>                         benefiting financially on (ab)using the
>>>>                         OWASP name cause in my country people even
>>>>                         has no idea what OWASP is.  I assume those
>>>>                         in US and EU can be more interest in
>>>>                         (ab)use it.
>>>>
>>>>                         The problem is that it misleads people into
>>>>                         think that OWASP has an 'approval seal' on
>>>>                         anything a vendor or individual does.
>>>>
>>>>                         Are we promoting more our 'vendor
>>>>                         neutrality' with this? I don't think so. 
>>>>
>>>>                         Now is a free for all. Good luck checking
>>>>                         abuses. No legal framework right now for
>>>>                         control.
>>>>
>>>>
>>>>                         On Wed, May 18, 2016 at 6:41 PM, Dirk
>>>>                         Wetter <dirk at owasp.org
>>>>                         <mailto:dirk at owasp.org>> wrote:
>>>>
>>>>
>>>>                             Hi all,
>>>>
>>>>                             I am not often writing to the leaders
>>>>                             list. Time has come though to share
>>>>                             concerns with you.
>>>>
>>>>                             My trigger is the new supporter logo
>>>>                             "strategy" which became public today:
>>>>                             https://twitter.com/owasp/status/732921073025572864
>>>>
>>>>                             I considered the OWASP logo as our core
>>>>                             value. I represents OWASP's good
>>>>                             standing. Lot of people in the
>>>>                             community contributed to build up our
>>>>                             reputation
>>>>                             and -- as a consequence -- to our
>>>>                             brand. That is good. Most of the
>>>>                             contributors
>>>>                             were altruistic. That's how I
>>>>                             understand Open Source.
>>>>
>>>>                             Now it looks to me we are giving our
>>>>                             good standing away instead of putting
>>>>                             strong controls
>>>>                             at it. First question: Why do we need
>>>>                             to do this? Is this because we feel the
>>>>                             need to
>>>>                             get more people to OWASP and we are
>>>>                             somehow blindfolded not able to
>>>>                             look at the consequences of a logo
>>>>                             distribution? Or are there the
>>>>                             commercial interests ruling here?
>>>>
>>>>
>>>>                             Worse: the branding guide 
>>>>                             (https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES)
>>>>                             is more or less still the same. I had
>>>>                             some discussions warning that we should
>>>>                             fix the bugs in the branding guide
>>>>                             first before doing this. Heck, we don't
>>>>                             even have a trademark policy yet, no
>>>>                             legal constraint [1]
>>>>
>>>>                             This is quite the opposite as the
>>>>                             speaker agreement -- by the way.
>>>>
>>>>
>>>>                             To go into detail (attention, sarcasm)
>>>>                             ============================
>>>>
>>>>                             5. The OWASP Brand may be used in
>>>>                             association with an application
>>>>                             security assessment only if a complete
>>>>                             and detailed methodology, sufficient to
>>>>                             reproduce the results, is disclosed.
>>>>
>>>>                             ==> Cool, OWASP allows me to put their
>>>>                             logo on my pentests. That certainly
>>>>                             sounds good for my costumers also if I
>>>>                               present BS to him (well, if I care, I
>>>>                             could describe the complete and
>>>>                             detailed methodology -- but who cares!
>>>>                             Nobody
>>>>                               can control it as my costumer will
>>>>                             certainly has no interest to publish my
>>>>                             report with his bugs)
>>>>
>>>>                             BTW: This could also be applied for tools.
>>>>
>>>>
>>>>                             3. The OWASP Brand may be used by OWASP
>>>>                             Members in good standing to acknowledge
>>>>                             a person's involvement in or a
>>>>                             company's support of OWASP.
>>>>
>>>>                             ==> C00l. I edit the wiki, change a
>>>>                             letter and I can use the OWASP brand on
>>>>                             my website to promote my business.
>>>>                                    Or I write a mail to the leaders
>>>>                             list. Heck, in fact, as I am on this
>>>>                             list, I made it and can use the OWASP
>>>>                             logo everywhere!!!
>>>>
>>>>                             BTW: If a local chapter has corporate
>>>>                             sponsorships like the global ones,
>>>>                             vendor XYZ purchases this sponsorship
>>>>                             for ten bucks, getting a logo in return
>>>>                             and next exhibition he puts this as a
>>>>                             sticker to his WAF. W00t!
>>>>
>>>>
>>>>                             1. The OWASP Brand may be used to
>>>>                             direct people to the OWASP website for
>>>>                             information about application security.
>>>>                             2. The OWASP Brand may be used in
>>>>                             commentary about the materials found on
>>>>                             the OWASP website.
>>>>
>>>>                             ==> 1337! I can still use the logo on
>>>>                             my commercial web site. My idea is here
>>>>                             is to sell a service or a product. But
>>>>                                    if anyone reads it of course I
>>>>                             will argue that I only intended to
>>>>                             point to OWASP.
>>>>
>>>>
>>>>                             Hopefully you got the message without
>>>>                             feeling offended.
>>>>
>>>>                             To make this clear: I will rather
>>>>                             swallow my keyboard instead of doing
>>>>                             this. In fact I am trying to fight those
>>>>                             cases but to me it seems that either
>>>>                             nobody is listening or OWASP became a
>>>>                             vendor driven organization.
>>>>
>>>>
>>>>                             As a consequence I am afraid if we
>>>>                             don't agree on a strong logo /
>>>>                             trademark policy we are commercializing
>>>>                             more and more.
>>>>                             Where is "my OWASP" I used to love?
>>>>
>>>>
>>>>                             Dirk
>>>>
>>>>
>>>>
>>>>                             [1] Even ISACA has stronger usage rules
>>>>                             of their brand (not talking about
>>>>                             materials!):
>>>>                              
>>>>                              http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>                             --
>>>>                             German OWASP Chapter Lead
>>>>                             Send me encrypted mails (Key ID 0xB818C039)
>>>>
>>>>
>>>>                             _______________________________________________
>>>>                             OWASP-Leaders mailing list
>>>>                             OWASP-Leaders at lists.owasp.org
>>>>                             <mailto:OWASP-Leaders at lists.owasp.org>
>>>>                             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>>
>>>>                         -- 
>>>>                         Johanna Curiel 
>>>>                         OWASP Volunteer
>>>>
>>>>                         _______________________________________________
>>>>                         OWASP-Leaders mailing list
>>>>                         OWASP-Leaders at lists.owasp.org
>>>>                         <mailto:OWASP-Leaders at lists.owasp.org>
>>>>                         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>             -- 
>>>>             Johanna Curiel 
>>>>             OWASP Volunteer
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>     -- 
>>>>     Johanna Curiel 
>>>>     OWASP Volunteer
>>>>     _______________________________________________
>>>>     OWASP-Leaders mailing list
>>>>     OWASP-Leaders at lists.owasp.org
>>>>     <mailto:OWASP-Leaders at lists.owasp.org>
>>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160521/a3feeaa8/attachment-0001.html>


More information about the OWASP-Leaders mailing list