This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Projects/Project Brand Guidelines"

From OWASP
Jump to: navigation, search
(project brand guidelines / questions in need of answers)
 
(Questions in need of Answers: new section)
Line 1: Line 1:
 +
I understand that GSOC is not an OWASP project.
 +
 +
Take the following use-case, using OWASP AppSensor as an example:
 +
 +
A bunch of students from Google SOC help us with a new reference implementation; and we want to thank Google, and the students for making it happen in the 'credits'?
 +
 +
We are now 'branding' our project, either in the documentation, or on the project website with a commercial entity, which is strictly forbidden by the new guidelines, however the ethical maxim 'credit where credit is due' (as well as gratitude and good manners) dictates going against the new guidelines.
 +
 +
Additional use-cases, again using OWASP AppSensor as an example:
 +
 +
WhiteHat Security (for profit, Security Vendor) gives us $10k to print the OWASP AppSensor Handbook 2.0; and we gratefully acknowledge and thank WhiteHat Security within the first few pages of the handbook for making it possible to give away hundreds of books.
 +
 +
What if it was IBM (for profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?
 +
 +
What if it was the Mozilla foundation (non-profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?
 +
 +
What if it was Amnesty International (Human Rights NGO) instead that gave us the $10k, and made it possible to give away hundreds of books?
 +
 +
What if it was the Department of Homeland Security (government grant) instead that gave us the $10k, and made it possible to give away hundreds of books?
 +
 +
TLDNR;
 +
 +
The current document defines what must not be done, and I like that approach because it leaves open what can be done. And reduces what people need to know to participate - less is more. :)
 +
 +
However, I think it would be good to clarify and better define the word organisations. I have just demonstrated 5 different kinds of organisations, and they can not all be lumped together in the same boat. And I also think it would be useful to provide sample use cases like the above for clarity.
 +
 +
Over all, this is shaping up to be a great document that represents a positive and significant change for the community, that with a few modifications really nails the message on the head.
 +
 +
== Questions in need of Answers ==
 +
 
I understand that GSOC is not an OWASP project.
 
I understand that GSOC is not an OWASP project.
  

Revision as of 23:29, 22 July 2013

I understand that GSOC is not an OWASP project.

Take the following use-case, using OWASP AppSensor as an example:

A bunch of students from Google SOC help us with a new reference implementation; and we want to thank Google, and the students for making it happen in the 'credits'?

We are now 'branding' our project, either in the documentation, or on the project website with a commercial entity, which is strictly forbidden by the new guidelines, however the ethical maxim 'credit where credit is due' (as well as gratitude and good manners) dictates going against the new guidelines.

Additional use-cases, again using OWASP AppSensor as an example:

WhiteHat Security (for profit, Security Vendor) gives us $10k to print the OWASP AppSensor Handbook 2.0; and we gratefully acknowledge and thank WhiteHat Security within the first few pages of the handbook for making it possible to give away hundreds of books.

What if it was IBM (for profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was the Mozilla foundation (non-profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was Amnesty International (Human Rights NGO) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was the Department of Homeland Security (government grant) instead that gave us the $10k, and made it possible to give away hundreds of books?

TLDNR;

The current document defines what must not be done, and I like that approach because it leaves open what can be done. And reduces what people need to know to participate - less is more. :)

However, I think it would be good to clarify and better define the word organisations. I have just demonstrated 5 different kinds of organisations, and they can not all be lumped together in the same boat. And I also think it would be useful to provide sample use cases like the above for clarity.

Over all, this is shaping up to be a great document that represents a positive and significant change for the community, that with a few modifications really nails the message on the head.

Questions in need of Answers

I understand that GSOC is not an OWASP project.

Take the following use-case, using OWASP AppSensor as an example:

A bunch of students from Google SOC help us with a new reference implementation; and we want to thank Google, and the students for making it happen in the 'credits'?

We are now 'branding' our project, either in the documentation, or on the project website with a commercial entity, which is strictly forbidden by the new guidelines, however the ethical maxim 'credit where credit is due' (as well as gratitude and good manners) dictates going against the new guidelines.

Additional use-cases, again using OWASP AppSensor as an example:

WhiteHat Security (for profit, Security Vendor) gives us $10k to print the OWASP AppSensor Handbook 2.0; and we gratefully acknowledge and thank WhiteHat Security within the first few pages of the handbook for making it possible to give away hundreds of books.

What if it was IBM (for profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was the Mozilla foundation (non-profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was Amnesty International (Human Rights NGO) instead that gave us the $10k, and made it possible to give away hundreds of books?

What if it was the Department of Homeland Security (government grant) instead that gave us the $10k, and made it possible to give away hundreds of books?

TLDNR;

The current document defines what must not be done, and I like that approach because it leaves open what can be done. And reduces what people need to know to participate - less is more. :)

However, I think it would be good to clarify and better define the word organisations. I have just demonstrated 5 different kinds of organisations, and they can not all be lumped together in the same boat. And I also think it would be useful to provide sample use cases like the above for clarity.

Over all, this is shaping up to be a great document that represents a positive and significant change for the community, that with a few modifications really nails the message on the head.