[Owasp-leaders] Conference Promoting itself as associated with OWASP / use of logo

Tony Turner tony.turner at owasp.org
Thu Nov 10 15:00:39 UTC 2016


I know of at least one chapter (not mine) who held an "OWASP Day" event for
years where event sponsors were given speaking slots, but there were also
slots filled by non-sponsors as well. I don't think it was intentional, but
more facilitated by the need for sponsors to pay for the event (since it
was free to attendees and venue/catering costs were high) and desire to
fill content. Effort was made to keep the talks to vendor-neutral OWASP
standards, but I don't think talks were pre-screened and a few sales
pitches found their way in.

On Thu, Nov 10, 2016 at 9:47 AM, Steve Kosten <steve.kosten at owasp.org>
wrote:

> Kelly,
>
> I'm also confused by this.  What regional OWASP events are doing
> pay-to-play?  I know AppSec USA doesn't do pay-to-play, at least I know we
> didn't when it was hosted by Denver-Boulder and would be very surprised if
> it was done ever.   As for regional conferences, the Denver-Boulder
> SNOWFROC never did pay-to-play.  I've only gone to one pay-to-play
> conference (unwittingly) and walked out after one session because it was so
> bad.  I would not want OWASP to be associated w/ this in any way.
>
> Steve Kosten
> OWASP Denver Chapter Leader
>
> On Wed, Nov 9, 2016 at 3:07 PM, Larry Conklin <larry.conklin at owasp.org>
> wrote:
>
>> Kelly, A little confused by your answer.
>>
>>    - So I understand  they don't have a right to use our logo. Next step
>>    is?
>>    - Is this a  "pay to play" conference? How is this like our chapter
>>    local and region events?
>>
>> Larry
>>
>>
>> On Wed, Nov 9, 2016 at 2:25 PM, Kelly Santalucia <
>> kelly.santalucia at owasp.org> wrote:
>>
>>> Thanks Tiffany!  Steve and I have already been in contact.
>>>
>>> It looks like they copied over their 2016 supporter logos to their 2017
>>> site.  We did have agreements with them for 2016, which is why our logo is
>>> posted. At this time, we do not have any on file for thier 2017 events.
>>>
>>> The speaker and keynote opportunities are included in their sponsorship
>>> opportunities, they are not being sold separately. May events do this, even
>>> some of our own local and regional events offer to some extent a speaking
>>> opportunity in their sponsorships.
>>>
>>> On Wed, Nov 9, 2016 at 2:17 PM, Tiffany Long <tiffany.long at owasp.org>
>>> wrote:
>>>
>>>> Hey Steven, this might be best directed to Kelly as she is the person
>>>> who can give you the most up to date information about our
>>>> contracts--including what our stipulations and common practices are and who
>>>> is a partner at any give time.  She is pretty awesome about being on the
>>>> ball about these things, so I cc'd her here.
>>>>
>>>> Best,
>>>> Tiffany
>>>>
>>>> Tiffany Long
>>>> Community Manager
>>>>
>>>> On Wed, Nov 9, 2016 at 11:03 AM, Bev Corwin <Bev.Corwin at owasp.org>
>>>> wrote:
>>>>
>>>>> Yes, good to apply consistently. I have wondered for local chapters,
>>>>> what the policy is, also for global. Haven't seen much, although have
>>>>> requested a few times.
>>>>>
>>>>>
>>>>> On Wed, Nov 9, 2016, 1:42 PM Steve Kosten <steve.kosten at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Bev,
>>>>>>
>>>>>> Based upon the sponsorship package, they were making the keynote (see
>>>>>> page 7 of the sponsorship package) in addition to panelist slots.  Can't
>>>>>> say if they are all panelist slots, but I've been to one pay-to-play
>>>>>> conference in my past and walked out after the 2nd presentation started and
>>>>>> realized it was like the first sales pitch.
>>>>>>
>>>>>> That being said, I agree with you, we should apply policy
>>>>>> consistently.  If would propose OWASP not associate w/ such pay-to-play
>>>>>> conferences.
>>>>>>
>>>>>> Steve Kosten
>>>>>> OWASP Denver Chapter Leader
>>>>>>
>>>>>> On Wed, Nov 9, 2016 at 11:10 AM, Bev Corwin <bev.corwin at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Steve,
>>>>>>
>>>>>> Was that for a sponsorship speaker spot on the program? Does OWASP
>>>>>> define "pay to play" exclusions in their policies. I agree that "pay to
>>>>>> play" is a problem, but has anyone put existing co-marketing partners
>>>>>> through similar due diligence? My only concern is singling out one group,
>>>>>> and not applying consistency in policies of this nature. Our policies
>>>>>> should be consistently applied, IMHO, to avoid any conflicts of interests
>>>>>> or other such discrimination practices.
>>>>>>
>>>>>> Best wishes,
>>>>>> Bev
>>>>>>
>>>>>>
>>>>>> On Wed, Nov 9, 2016 at 11:30 AM, Steve Kosten <steve.kosten at owasp.org
>>>>>> > wrote:
>>>>>>
>>>>>> Leaders,
>>>>>>
>>>>>> I was approached by a conference (Cyber Security Summit) that will be
>>>>>> run in Denver in 2017 for cross-promotional purposes.  They currently list
>>>>>> OWASP as a partner and use our logo (http://cybersummitusa.com/par
>>>>>> tners/).  In doing some research on this conference before agreeing
>>>>>> to any cross-promotion, I found that they are selling panel slots and even
>>>>>> selling the keynote speaker slot (see attached sponsorship package).  I
>>>>>> found this appalling and complete counter to the OWASP way.  OWASP Denver
>>>>>> will not be associated with this conference and I know other local security
>>>>>> organizations who refuse to be associated with this conference.
>>>>>>
>>>>>> That being said, they are using our logo and claiming OWASP is a
>>>>>> partner?  Can anyone from the board chime in and let us know if this is
>>>>>> approved?  If so, I think we need to revisit who we associate ourselves
>>>>>> with.  If not, can we approach them and have them remove our logo?
>>>>>>
>>>>>> Steve Kosten
>>>>>> OWASP Denver Chapter Leader
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> *Kelly Santalucia*
>>>
>>> *Membership and Business Liaison*
>>>
>>>
>>> OWASP Foundation
>>> 1200-C Agora Drive, #232 |Bel Air, MD  21014 | USA
>>> Direct: 1+ 973-670-5784 | Fax: 1+ 443-283-4021
>>>
>>> *Give back, and support the open source community, become a member
>>> <https://www.owasp.org/index.php/Membership> today!*
>>>
>>> *Join us October 11-14, 2016 at AppSecUSA 2016
>>> <https://2016.appsecusa.org> in Washington, DC!  Information on other** OWASP
>>> events can be found here
>>> <https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference>. *
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
WAFEC Project Leader
STING Game Project Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161110/62280dec/attachment-0001.html>


More information about the OWASP-Leaders mailing list