<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Liam,</p>
    <p>Thank you very much for speaking up and sharing your opinion. I'm
      with you 100%.</p>
    <p>Aloha, Jim<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 5/20/16 3:22 AM, Liam Smit wrote:<br>
    </div>
    <blockquote
cite="mid:CAHhnQKVxwuj3-YUoJ7na-O854Jn4qHFq9dWrz07dTs=-+1ZoLw@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi All 
        <div><br>
          I'm going to weigh in here because a lot of what I read on
          this list can be considered negative criticism (think moaning
          and complaining) rather than constructive criticism (creating
          a putting forward a better method, guide, etc). Now that's
          just my opinion (although others may share it) so I'm going to
          try and give some constructive feedback i.e. suggest how to do
          it better.
          <div><br>
          </div>
          <div>Let us be frank. Talk is cheap and so is writing emails.
            Ideas are actually easy to come up with but putting in the
            time and effort to implement them successfully is most
            definitely not.(1)</div>
          <div><br>
            So for example if you don't like the branding guide then
            improve it. Sit down and figure out what is deficient.
            Figure out how to improve it. Create the improvement. Get
            feedback(2) / review the improvement. Repeat as necessary.
            Put forward your suggestions / improved version of guide.</div>
          <div><br>
          </div>
          <div>I'm pretty darn sure that if anyone (whether a single
            person or a group) were to come up with a good set of
            suggested improvements for any guide then that would be
            received graciously and with thanks.</div>
          <div><br>
          </div>
          <div>I know I'm impressed when I see the work that someone has
            put in to create or update an existing guide and when they
            ask for feedback, proofing, etc.(1)</div>
          <div><br>
          </div>
          <div><br>
            <div>Regards,</div>
            <div><br>
            </div>
            <div>Liam</div>
          </div>
        </div>
        <div><br>
        </div>
        <div>
          <div>1.) I contribute to OWASP almost entirely off this list.
            E.g. proof reading, giving feedback, organising OWASP
            meetings and helping with a local security conference. I
            imagine this hold true for most of us.</div>
        </div>
        <div><br>
        </div>
        <div>
          <div>2.) I'm aware that'll you need to ask others for their
            feedback or input but merely asking will not fix or improve
            anything. Neither will simply expressing your feelings about
            the guide. You need to *do* something.</div>
        </div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Fri, May 20, 2016 at 9:15 AM, Eoin
          Keary <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="auto">
              <div>I thought I did, by leading/founding 2 flagship
                projects & contributing to many more, founding a
                chapter, open sourcing my training and spending 2 terms
                on the global board......</div>
              <div><br>
              </div>
              <div>Thanks for the kind words, very professional.</div>
              <span class="">
                <div><br>
                  <br>
                  Eoin Keary
                  <div>OWASP Volunteer</div>
                  <div>@eoinkeary</div>
                  <div><span style="font-size:13pt"><br>
                    </span></div>
                  <div><br>
                  </div>
                </div>
              </span>
              <div>
                <div class="h5">
                  <div><br>
                    On 20 May 2016, at 06:05, Jim Manico <<a
                      moz-do-not-send="true"
                      href="mailto:jim.manico@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
                    wrote:<br>
                    <br>
                  </div>
                  <blockquote type="cite">
                    <div>
                      <p>Be the change you want to see in the world. If
                        you wish to change parts of OWASP that do not
                        satisfy you, then please do something about it
                        or shut the fuck up please.</p>
                      <p>Thank you and Aloha, Jim<br>
                      </p>
                      <br>
                      <div>On 5/19/16 10:19 AM, Eoin Keary wrote:<br>
                      </div>
                      <blockquote type="cite">
                        <div>Love seeing the passion when it comes to
                          logos and identity..... Pity we don't see more
                          of this when it comes to doing what OWASP was
                          born to do 😜😠😍🙄🤔☹️😣</div>
                        <div><br>
                          <br>
                          Eoin Keary
                          <div>OWASP Volunteer</div>
                          <div>@eoinkeary</div>
                          <div><span style="font-size:13pt"><br>
                            </span></div>
                          <div><br>
                          </div>
                        </div>
                        <div><br>
                          On 19 May 2016, at 15:03, johanna curiel
                          curiel <<a moz-do-not-send="true"
                            href="mailto:johanna.curiel@owasp.org"
                            target="_blank">johanna.curiel@owasp.org</a>>
                          wrote:<br>
                          <br>
                        </div>
                        <blockquote type="cite">
                          <div>
                            <div dir="ltr"><font face="arial, helvetica,
                                sans-serif"><span
                                  style="color:rgb(0,0,0)">>>Every
                                  new thing that OWASP tries doesn’t
                                  need to be wrap in a blanket of doom
                                  and gloom. </span><br>
                              </font>
                              <div><span style="color:rgb(0,0,0)"><font
                                    face="arial, helvetica, sans-serif"><br>
                                  </font></span></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000">Welcome to
                                  my world ;-). Have you any idea how
                                  often I launch ideas that have been
                                  crushed by others in here, forgetting
                                  I'm just a  volunteer? Well, some
                                  people have valid point other don't.
                                  We have too keep moving fwd.</font></div>
                              <div><span style="color:rgb(0,0,0)"><font
                                    face="arial, helvetica, sans-serif"><br>
                                  </font></span></div>
                              <div><span style="color:rgb(0,0,0)"><font
                                    face="arial, helvetica, sans-serif">My
                                    point is not against the logo. I
                                    support the logo.</font></span></div>
                              <div><span style="color:rgb(0,0,0)"><font
                                    face="arial, helvetica, sans-serif"><br>
                                  </font></span></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000">Is just
                                  that we launch this without having
                                  done the homework and legal framework.
                                  What is the rush? We could have wait a
                                  little more and avoid headaches. No
                                  one consult this properly.</font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000"><br>
                                </font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000">I think if
                                  you have been following Dirk's
                                  activities, he is tired of preaching
                                  and not being heard, I have very often
                                  the same feeling too.</font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000"><br>
                                </font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000">Cheers</font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000"><br>
                                </font></div>
                              <div><font face="arial, helvetica,
                                  sans-serif" color="#000000">Johanna</font></div>
                              <div><br>
                              </div>
                            </div>
                            <div class="gmail_extra"><br>
                              <div class="gmail_quote">On Thu, May 19,
                                2016 at 8:49 AM, Larry Conklin <span
                                  dir="ltr"><<a
                                    moz-do-not-send="true"
                                    href="mailto:larry.conklin@owasp.org"
                                    target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:larry.conklin@owasp.org">larry.conklin@owasp.org</a></a>></span>
                                wrote:<br>
                                <blockquote class="gmail_quote"
                                  style="margin:0 0 0
                                  .8ex;border-left:1px #ccc
                                  solid;padding-left:1ex">
                                  <div dir="ltr"><font face="Times New
                                      Roman" color="#000000" size="3"> </font>
                                    <p style="margin:0in 0in 8pt"><font
                                        face="Calibri"><font
                                          color="#000000" size="3">Johanna,
                                          I have to respectfully
                                          disagree. Yes, TM issues do
                                          exist. But that said I believe
                                          the issue is at times as a
                                          community we focus way too
                                          much of our time and effort on
                                          the downside of anything new
                                          or different. Bullet proof TM
                                          policies or not doesn’t
                                          prevent anyone from abusing
                                          our logos. </font><span><font
                                            color="#000000" size="3"> </font></span><font
                                          color="#000000" size="3">The
                                          same issue is for ISC(2) which
                                          has badges. Coke Cola, Xerox,
                                          Kleenex have the strongest
                                          brands worldwide, with a huge
                                          cash pile and lawyers to
                                          protect them. They are also in
                                          some form of ligation everyday
                                          with people trying to abuse or
                                          encroach on their bands. Yes
                                          that is wrong but it’s not
                                          every going to prevent someone
                                          from trying. Isn’t the saying
                                          “imitation is the greatest
                                          complement”. </font></font></p>
                                    <font face="Times New Roman"
                                      color="#000000" size="3"> </font>
                                    <p style="margin:0in 0in 8pt"><font
                                        face="Calibri" color="#000000"
                                        size="3">Also we as leaders did
                                        to be much more proactive. OWASP
                                        badges were no secret. We knew
                                        they were coming. We even had a
                                        debate on the logo style.</font></p>
                                    <font face="Times New Roman"
                                      color="#000000" size="3"> </font>
                                    <p style="margin:0in 0in 8pt"><font
                                        face="Calibri" color="#000000"
                                        size="3">My points is still
                                        valid IMHO. We need to step back
                                        and breathe. Every new thing
                                        that OWASP tries doesn’t need to
                                        be wrap in a blanket of doom and
                                        gloom. Yes there is lots of
                                        things and need to change,
                                        things that need to be fixed. As
                                        a large community everyone is
                                        not going to work on everyone
                                        else’s priority projects and
                                        nothing is ever going to be
                                        perfect. </font></p>
                                    <font face="Times New Roman"
                                      color="#000000" size="3"> </font>
                                    <p style="margin:0in 0in 8pt"><font
                                        face="Calibri" color="#000000"
                                        size="3">Second we as leaders to
                                        be more proactive, we need to
                                        have much more active discussion
                                        before an event and not
                                        afterwards. And we don’t need to
                                        address everything as if the
                                        world is falling down around us.</font></p>
                                    <font face="Times New Roman"
                                      color="#000000" size="3"> </font>
                                    <p style="margin:0in 0in 8pt"><font
                                        face="Calibri" color="#000000"
                                        size="3">I apologize if your
                                        email and Dirk’s was not in that
                                        tone but that is how it came
                                        across to me. </font></p>
                                    <span><font color="#888888"><font
                                          face="Times New Roman"
                                          color="#000000" size="3"> </font><span
style="line-height:107%;font-family:"Calibri",sans-serif;font-size:11pt"><font
                                            color="#000000">Larry
                                            Conklin </font></span></font></span></div>
                                  <div>
                                    <div>
                                      <div class="gmail_extra"><br>
                                        <div class="gmail_quote">On Wed,
                                          May 18, 2016 at 9:08 PM,
                                          johanna curiel curiel <span
                                            dir="ltr"><<a
                                              moz-do-not-send="true"
                                              href="mailto:johanna.curiel@owasp.org"
                                              target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                          wrote:<br>
                                          <blockquote
                                            class="gmail_quote"
                                            style="margin:0 0 0
                                            .8ex;border-left:1px #ccc
                                            solid;padding-left:1ex">
                                            <div dir="ltr">me too<span>
                                                <div><br>
                                                </div>
                                                <div><span
                                                    style="font-size:13px">Hi
                                                    Larry,</span>
                                                  <div
                                                    style="font-size:13px"><br>
                                                  </div>
                                                  <div
                                                    style="font-size:13px">The
                                                    problem is not the
                                                    supporter logo.</div>
                                                  <div
                                                    style="font-size:13px"><br>
                                                  </div>
                                                  <div
                                                    style="font-size:13px">The
                                                    issue is the lack of
                                                    a TM and the lack of
                                                    policies around the
                                                    use of it, that can
                                                    trigger brand
                                                    abuses. </div>
                                                  <div
                                                    style="font-size:13px"><br>
                                                  </div>
                                                  <div
                                                    style="font-size:13px">I
                                                    just asked my
                                                    husband who is a
                                                    lawyer and his
                                                    opinion was that
                                                    this should have
                                                    been done BEFORE not
                                                    AFTER the
                                                    launch.However is
                                                    not too late to
                                                    provide a legal
                                                    frameworks and
                                                    policies around it
                                                    but is going to cost
                                                    money to find out.</div>
                                                  <span
                                                    style="font-size:13px">
                                                    <div><br>
                                                    </div>
                                                    <div>>>However,
                                                      a major policy
                                                      change will not
                                                      likely occur
                                                      before we've
                                                      really thought
                                                      this through and
                                                      had some legal
                                                      advice</div>
                                                  </span>
                                                  <div
                                                    style="font-size:13px">Exactly.
                                                    I though this was
                                                    going to be launched
                                                    when  this was
                                                    defined properly.</div>
                                                  <div
                                                    style="font-size:13px"><br>
                                                  </div>
                                                  <div
                                                    style="font-size:13px">regards</div>
                                                </div>
                                              </span></div>
                                            <div>
                                              <div>
                                                <div class="gmail_extra"><br>
                                                  <div
                                                    class="gmail_quote">On
                                                    Wed, May 18, 2016 at
                                                    8:51 PM, Larry
                                                    Conklin <span
                                                      dir="ltr"><<a
                                                        moz-do-not-send="true"
href="mailto:larry.conklin@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:larry.conklin@owasp.org">larry.conklin@owasp.org</a></a>></span>
                                                    wrote:<br>
                                                    <blockquote
                                                      class="gmail_quote"
                                                      style="margin:0px
                                                      0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
                                                      <div dir="ltr">Not
                                                        sure why but I
                                                        got a message
                                                        saying my
                                                        original email
                                                        failed.<span>
                                                          <div><br>
                                                          </div>
                                                          <div><span
                                                          style="font-size:12.8px">I
                                                          think we need
                                                          a new badge
                                                          for doom and
                                                          gloom. lol.
                                                          Come on folks.
                                                          We are proud
                                                          of what we do
                                                          at OWASP. We
                                                          are proud of
                                                          OWASP. We are
                                                          proud of what
                                                          OWASP has
                                                          accomplish in
                                                          the AppSec
                                                          world. </span>
                                                          <div
                                                          style="font-size:12.8px"><br>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px">Why
                                                          wouldn't we
                                                          want to show
                                                          some love?
                                                          This isn't
                                                          something new
                                                          but it is an
                                                          emerging
                                                          marketing
                                                          tool. Today
                                                          besides having
                                                          an OWASP badge
                                                          and can get a
                                                          badge from
                                                          ISC(2) for my
                                                          CISSP
                                                          certification. 
                                                          <div><br>
                                                          </div>
                                                          <div>I am not
                                                          diluting
                                                          ISC(2) brand,
                                                          nor am I
                                                          diluting OWASP
                                                          brand by using
                                                          a badge. only
                                                          thing I would
                                                          be doing is
                                                          showing my
                                                          support in a
                                                          visible way.
                                                          Oh yes I can
                                                          also get a
                                                          badge for
                                                          Linux
                                                          Foundation
                                                          CII.</div>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px"><br>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px">Yes
                                                          we could have
                                                          a debate if
                                                          badges really
                                                          provide or
                                                          increase
                                                          motivation or
                                                          increase
                                                          marketing.
                                                          That would be
                                                          a good debate.
                                                          But I haven't
                                                          read one thing
                                                          that says
                                                          badges
                                                          decrease a
                                                          brand.</div>
                                                          <div
                                                          style="font-size:12.8px"><br>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px">Who
                                                          is really at
                                                          fault. it's
                                                          not like no
                                                          one didn't see
                                                          this coming. 
                                                          Dirk and
                                                          Johanna your
                                                          voice would
                                                          have been much
                                                          better at the
                                                          beginning of
                                                          this
                                                          conversation
                                                          and not at the
                                                          end IMHO. Take
                                                          a moment, take
                                                          a deep breath.
                                                          If you don't
                                                          like the badge
                                                          don't use it.</div>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px"><br>
                                                          </div>
                                                          <div
                                                          style="font-size:12.8px">Larry
                                                          Conklin</div>
                                                        </span></div>
                                                      <div>
                                                        <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Wed, May 18,
                                                          2016 at 8:40
                                                          PM, Larry
                                                          Conklin <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:larry.conklin@owasp.org"
                                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:larry.conklin@owasp.org">larry.conklin@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
                                                          <div dir="ltr">I
                                                          think we need
                                                          a new badge
                                                          for doom and
                                                          gloom. lol.
                                                          Come on folks.
                                                          We are proud
                                                          of what we do
                                                          at OWASP. We
                                                          are proud of
                                                          OWASP. We are
                                                          proud of what
                                                          OWASP has
                                                          accomplish in
                                                          the AppSec
                                                          world. 
                                                          <div><br>
                                                          </div>
                                                          <div>Why
                                                          wouldn't we
                                                          want to show
                                                          some love?
                                                          This isn't
                                                          something new
                                                          but it is an
                                                          emerging
                                                          marketing
                                                          tool. Today
                                                          besides having
                                                          an OWASP badge
                                                          and can get a
                                                          badge from
                                                          ISC(2) for my
                                                          CISSP
                                                          certification. 
                                                          <div><br>
                                                          </div>
                                                          <div>I am not
                                                          diluting
                                                          ISC(2) brand,
                                                          nor am I
                                                          diluting OWASP
                                                          brand by using
                                                          a badge. only
                                                          thing I would
                                                          be doing is
                                                          showing my
                                                          support in a
                                                          visible way.
                                                          Oh yes I can
                                                          also get a
                                                          badge for
                                                          Linux
                                                          Foundation
                                                          CII.</div>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Yes we
                                                          could have a
                                                          debate if
                                                          badges really
                                                          provide or
                                                          increase
                                                          motivation or
                                                          increase
                                                          marketing.
                                                          That would be
                                                          a good debate.
                                                          But I haven't
                                                          read one thing
                                                          that says
                                                          badges
                                                          decrease a
                                                          brand.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Who is
                                                          really at
                                                          fault. it's
                                                          not like no
                                                          one didn't see
                                                          this coming. 
                                                          Dirk and
                                                          Johanna your
                                                          voice would
                                                          have been much
                                                          better at the
                                                          beginning of
                                                          this
                                                          conversation
                                                          and not at the
                                                          end IMHO. Take
                                                          a moment, take
                                                          a deep breath.
                                                          If you don't
                                                          like the badge
                                                          don't use it.</div>
                                                          <span><font
                                                          color="#888888">
                                                          <div><br>
                                                          </div>
                                                          <div>Larry
                                                          Conklin</div>
                                                          <div><br>
                                                          </div>
                                                          </font></span></div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Wed, May 18,
                                                          2016 at 7:12
                                                          PM, johanna
                                                          curiel curiel
                                                          <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:johanna.curiel@owasp.org"
                                                          target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johanna.curiel@owasp.org">johanna.curiel@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
                                                          <div dir="ltr"><span>
                                                          <div><span
                                                          style="font-size:13px">>>To
                                                          make this
                                                          clear: I will
                                                          rather swallow
                                                          my keyboard
                                                          instead of
                                                          doing this. In
                                                          fact I am
                                                          trying to
                                                          fight those </span><span
style="font-size:13px">cases but to me it seems that either nobody is
                                                          listening or
                                                          OWASP became a
                                                          vendor driven
                                                          organization.</span><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          </span>I share
                                                          Dirk's
                                                          concerns. 
                                                          <div><br>
                                                          </div>
                                                          <div>This new
                                                          supporter logo
                                                          can cause more
                                                          brand abuses
                                                          because the
                                                          uses of it
                                                           has not being
                                                          properly
                                                          defined. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>So far is
                                                          a free for
                                                          all, like Dirk
                                                          said. This
                                                          does not have
                                                          yet a TM on it
                                                          and it should
                                                          have it first
                                                          before going
                                                          to promote it
                                                          . Also specify
                                                          in which cases
                                                          can be used.
                                                          Now it can be
                                                          completely
                                                          abused without
                                                          OWASP being
                                                          able to have
                                                          any legal
                                                          framework to
                                                          avoid this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div> If
                                                          anyone is
                                                          following
                                                          social media,
                                                           rumour has it
                                                          OWASP is a
                                                          vendor
                                                          ground. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>I think
                                                          I'm an OWASP
                                                          supporter, I'm
                                                          not benefiting
                                                          financially on
                                                          (ab)using the
                                                          OWASP name
                                                          cause in my
                                                          country people
                                                          even has no
                                                          idea what
                                                          OWASP is.  I
                                                          assume those
                                                          in US and EU
                                                          can be more
                                                          interest in
                                                          (ab)use it.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>The
                                                          problem is
                                                          that it
                                                          misleads
                                                          people into
                                                          think that
                                                          OWASP has an
                                                          'approval
                                                          seal' on
                                                          anything a
                                                          vendor or
                                                          individual
                                                          does.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Are we
                                                          promoting more
                                                          our 'vendor
                                                          neutrality'
                                                          with this? I
                                                          don't think
                                                          so. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Now is a
                                                          free for all.
                                                          Good luck
                                                          checking
                                                          abuses. No
                                                          legal
                                                          framework
                                                          right now for
                                                          control.</div>
                                                          <div><span
                                                          style="font-size:13px"><br>
                                                          </span></div>
                                                          </div>
                                                          <div
                                                          class="gmail_extra">
                                                          <div>
                                                          <div><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Wed, May 18,
                                                          2016 at 6:41
                                                          PM, Dirk
                                                          Wetter <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:dirk@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:dirk@owasp.org">dirk@owasp.org</a></a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><br>
                                                          Hi all,<br>
                                                          <br>
                                                          I am not often
                                                          writing to the
                                                          leaders list.
                                                          Time has come
                                                          though to
                                                          share concerns
                                                          with you.<br>
                                                          <br>
                                                          My trigger is
                                                          the new
                                                          supporter logo
                                                          "strategy"
                                                          which became
                                                          public today:<br>
                                                          <a
                                                          moz-do-not-send="true"
href="https://twitter.com/owasp/status/732921073025572864"
                                                          target="_blank"><a class="moz-txt-link-freetext" href="https://twitter.com/owasp/status/732921073025572864">https://twitter.com/owasp/status/732921073025572864</a></a><br>
                                                          <br>
                                                          I considered
                                                          the OWASP logo
                                                          as our core
                                                          value. I
                                                          represents
                                                          OWASP's good<br>
                                                          standing. Lot
                                                          of people in
                                                          the community
                                                          contributed to
                                                          build up our
                                                          reputation<br>
                                                          and -- as a
                                                          consequence --
                                                          to our brand.
                                                          That is good.
                                                          Most of the
                                                          contributors<br>
                                                          were
                                                          altruistic.
                                                          That's how I
                                                          understand
                                                          Open Source.<br>
                                                          <br>
                                                          Now it looks
                                                          to me we are
                                                          giving our
                                                          good standing
                                                          away instead
                                                          of putting
                                                          strong
                                                          controls<br>
                                                          at it. First
                                                          question: Why
                                                          do we need to
                                                          do this? Is
                                                          this because
                                                          we feel the
                                                          need to<br>
                                                          get more
                                                          people to
                                                          OWASP and we
                                                          are somehow
                                                          blindfolded
                                                          not able to<br>
                                                          look at the
                                                          consequences
                                                          of a logo
                                                          distribution?
                                                          Or are there
                                                          the commercial
                                                          interests
                                                          ruling here?<br>
                                                          <br>
                                                          <br>
                                                          Worse: the
                                                          branding
                                                          guide  (<a
                                                          moz-do-not-send="true"
href="https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES"
target="_blank"><a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES">https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES</a></a>)<br>
                                                          is more or
                                                          less still the
                                                          same. I had
                                                          some
                                                          discussions
                                                          warning that
                                                          we should fix
                                                          the bugs in
                                                          the branding
                                                          guide<br>
                                                          first before
                                                          doing this.
                                                          Heck, we don't
                                                          even have a
                                                          trademark
                                                          policy yet, no
                                                          legal
                                                          constraint [1]<br>
                                                          <br>
                                                          This is quite
                                                          the opposite
                                                          as the speaker
                                                          agreement --
                                                          by the way.<br>
                                                          <br>
                                                          <br>
                                                          To go into
                                                          detail
                                                          (attention,
                                                          sarcasm)<br>
============================<br>
                                                          <br>
                                                          5. The OWASP
                                                          Brand may be
                                                          used in
                                                          association
                                                          with an
                                                          application
                                                          security
                                                          assessment
                                                          only if a
                                                          complete and
                                                          detailed
                                                          methodology,
                                                          sufficient to
                                                          reproduce the
                                                          results, is
                                                          disclosed.<br>
                                                          <br>
                                                          ==> Cool,
                                                          OWASP allows
                                                          me to put
                                                          their logo on
                                                          my pentests.
                                                          That certainly
                                                          sounds good
                                                          for my
                                                          costumers also
                                                          if I<br>
                                                            present BS
                                                          to him (well,
                                                          if I care, I
                                                          could describe
                                                          the complete
                                                          and detailed
                                                          methodology --
                                                          but who cares!
                                                          Nobody<br>
                                                            can control
                                                          it as my
                                                          costumer will
                                                          certainly has
                                                          no interest to
                                                          publish my
                                                          report with
                                                          his bugs)<br>
                                                          <br>
                                                          BTW: This
                                                          could also be
                                                          applied for
                                                          tools.<br>
                                                          <br>
                                                          <br>
                                                          3. The OWASP
                                                          Brand may be
                                                          used by OWASP
                                                          Members in
                                                          good standing
                                                          to acknowledge
                                                          a person's
                                                          involvement in
                                                          or a company's
                                                          support of
                                                          OWASP.<br>
                                                          <br>
                                                          ==> C00l. I
                                                          edit the wiki,
                                                          change a
                                                          letter and I
                                                          can use the
                                                          OWASP brand on
                                                          my website to
                                                          promote my
                                                          business.<br>
                                                                 Or I
                                                          write a mail
                                                          to the leaders
                                                          list. Heck, in
                                                          fact, as I am
                                                          on this list,
                                                          I made it and
                                                          can use the
                                                          OWASP logo
                                                          everywhere!!!<br>
                                                          <br>
                                                          BTW: If a
                                                          local chapter
                                                          has corporate
                                                          sponsorships
                                                          like the
                                                          global ones,
                                                          vendor XYZ
                                                          purchases this
                                                          sponsorship<br>
                                                          for ten bucks,
                                                          getting a logo
                                                          in return and
                                                          next
                                                          exhibition he
                                                          puts this as a
                                                          sticker to his
                                                          WAF. W00t!<br>
                                                          <br>
                                                          <br>
                                                          1. The OWASP
                                                          Brand may be
                                                          used to direct
                                                          people to the
                                                          OWASP website
                                                          for
                                                          information
                                                          about
                                                          application
                                                          security.<br>
                                                          2. The OWASP
                                                          Brand may be
                                                          used in
                                                          commentary
                                                          about the
                                                          materials
                                                          found on the
                                                          OWASP website.<br>
                                                          <br>
                                                          ==> 1337! I
                                                          can still use
                                                          the logo on my
                                                          commercial web
                                                          site. My idea
                                                          is here is to
                                                          sell a service
                                                          or a product.
                                                          But<br>
                                                                 if
                                                          anyone reads
                                                          it of course I
                                                          will argue
                                                          that I only
                                                          intended to
                                                          point to
                                                          OWASP.<br>
                                                          <br>
                                                          <br>
                                                          Hopefully you
                                                          got the
                                                          message
                                                          without
                                                          feeling
                                                          offended.<br>
                                                          <br>
                                                          To make this
                                                          clear: I will
                                                          rather swallow
                                                          my keyboard
                                                          instead of
                                                          doing this. In
                                                          fact I am
                                                          trying to
                                                          fight those<br>
                                                          cases but to
                                                          me it seems
                                                          that either
                                                          nobody is
                                                          listening or
                                                          OWASP became a
                                                          vendor driven
                                                          organization.<br>
                                                          <br>
                                                          <br>
                                                          As a
                                                          consequence I
                                                          am afraid if
                                                          we don't agree
                                                          on a strong
                                                          logo /
                                                          trademark
                                                          policy we are
commercializing more and more.<br>
                                                          Where is "my
                                                          OWASP" I used
                                                          to love?<br>
                                                          <br>
                                                          <br>
                                                          Dirk<br>
                                                          <br>
                                                          <br>
                                                          <br>
                                                          [1] Even ISACA
                                                          has stronger
                                                          usage rules of
                                                          their brand
                                                          (not talking
                                                          about
                                                          materials!):<br>
                                                             <a
                                                          moz-do-not-send="true"
href="http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules"
target="_blank"><a class="moz-txt-link-freetext" href="http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules">http://www.isaca.org/About-ISACA/Licensing-and-Promotion/Pages/IP-Guidelines.aspx#usageRules</a></a><br>
                                                          <span><font
                                                          color="#888888"><br>
                                                          <br>
                                                          <br>
                                                          <br>
                                                          <br>
                                                          --<br>
                                                          German OWASP
                                                          Chapter Lead<br>
                                                          Send me
                                                          encrypted
                                                          mails (Key ID
                                                          0xB818C039)<br>
                                                          <br>
                                                          <br>
_______________________________________________<br>
                                                          OWASP-Leaders
                                                          mailing list<br>
                                                          <a
                                                          moz-do-not-send="true"
href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></a><br>
                                                          <a
                                                          moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                                          target="_blank"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></a><br>
                                                          </font></span></blockquote>
                                                          </div>
                                                          <br>
                                                          <br
                                                          clear="all">
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <span><font
                                                          color="#888888">--
                                                          <br>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>Johanna
                                                          Curiel </div>
                                                          OWASP
                                                          Volunteer</div>
                                                          </div>
                                                          </font></span></div>
                                                          <br>
_______________________________________________<br>
                                                          OWASP-Leaders
                                                          mailing list<br>
                                                          <a
                                                          moz-do-not-send="true"
href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></a><br>
                                                          <a
                                                          moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                                          target="_blank"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                        </div>
                                                      </div>
                                                    </blockquote>
                                                  </div>
                                                  <br>
                                                  <br clear="all">
                                                  <div><br>
                                                  </div>
                                                  -- <br>
                                                  <div>
                                                    <div dir="ltr">
                                                      <div>Johanna
                                                        Curiel </div>
                                                      OWASP Volunteer</div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </blockquote>
                                        </div>
                                        <br>
                                      </div>
                                    </div>
                                  </div>
                                </blockquote>
                              </div>
                              <br>
                              <br clear="all">
                              <div><br>
                              </div>
                              -- <br>
                              <div>
                                <div dir="ltr">
                                  <div>Johanna Curiel </div>
                                  OWASP Volunteer</div>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <blockquote type="cite">
                          <div><span>_______________________________________________</span><br>
                            <span>OWASP-Leaders mailing list</span><br>
                            <span><a moz-do-not-send="true"
                                href="mailto:OWASP-Leaders@lists.owasp.org"
                                target="_blank">OWASP-Leaders@lists.owasp.org</a></span><br>
                            <span><a moz-do-not-send="true"
                                href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                          </div>
                        </blockquote>
                        <br>
                        <fieldset></fieldset>
                        <br>
                        <pre>_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
                      </blockquote>
                      <br>
                    </div>
                  </blockquote>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
              rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>