[Owasp_cornucopia] About those free printed decks

Colin Watson colin.watson at owasp.org
Tue Sep 16 10:35:20 UTC 2014

List members

In one of the recent board member election interviews, Cornucopia was
mentioned in the context of sponsorship.


No company or other organisation has ever sponsored the project. All
the work in coming up with the idea, creating the materials and deck,
and speaking about it have been undertaken by volunteers. No money has
passed hands ever.

The confusion seems to have arisen because a company (Blackfoot Ltd)
undertook the printing of 1,000 decks of cards. They gifted over 200
back to me to hand out directly at OWASP chapter meetings (mainly in
the UK), and also gifted the design files back to the project so that
anyone else can print them. They have also distributed over 700
printed decks free of charge to anyone who asked - and that has been
to all corners of the world.

There was a suggestion in the interview that this was perhaps
undertaken without any discussion. Blackfoot learned of the project as
I have worked for them, and they suggested printing up the decks. I
thought about this and raised the topic on the project leader's
mailing list. See thread starting:

   Wed Sep 18 07:35:40 UTC 2013

I came to the conclusion it would only help since feedback through
this list has been that self-printing the cards was the greatest
hurdle for use. But any individual or any organisation can print the
project's output, and even charge for it, under the terms of the
license - this is the same licence used on most of OWASP's
documentation projects:

    Creative Commons Attribution-ShareAlike 3.0

Blackfoot weren't even doing that - they just gifted everything back.
No sponsorship or obligations on anyone.

However I did provide input to Blackfoot when they designed their box
and instruction booklet to ensure the open source licence was clear,
attribution was included, contributions acknowledged, and that there
was no place where the OWASP branding and Blackfoot's own branding
met. They didn't have to ask or incorporate my input, but they did.
The cards in the packs are completely unbranded. The same as the
project outputs on the wiki.

Four months after starting the discussion, we had the decks and I sent
4 decks to OWASP staff.

I welcomed the input, and now we have print-ready designs for all to use.

OWASP Cornucopia Project Leader

More information about the Owasp_cornucopia mailing list