Talk:Projects/Project Brand Guidelines
Questions in need of Answers
I understand that GSOC is not an OWASP project.
Take the following use-case, using OWASP AppSensor as an example:
A bunch of students from Google SOC help us with a new reference implementation; and we want to thank Google, and the students for making it happen in the 'credits'?
We are now 'branding' our project, either in the documentation, or on the project website with a commercial entity, which is strictly forbidden by the new guidelines, however the ethical maxim 'credit where credit is due' (as well as gratitude and good manners) dictates going against the new guidelines.
Additional use-cases, again using OWASP AppSensor as an example:
- WhiteHat Security (for profit, Security Vendor) gives us $10k to print the OWASP AppSensor Handbook 2.0; and we gratefully acknowledge and thank WhiteHat Security within the first few pages of the handbook for making it possible to give away hundreds of books.
- What if it was IBM (for profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?
- What if it was the Mozilla foundation (non-profit, non-security) instead that gave us the $10k, and made it possible to give away hundreds of books?
- What if it was Amnesty International (Human Rights NGO) instead that gave us the $10k, and made it possible to give away hundreds of books?
- What if it was the Department of Homeland Security (government grant) instead that gave us the $10k, and made it possible to give away hundreds of books?
The current document defines what must not be done, and I like that approach because it leaves open what can be done. And reduces what people need to know to participate - less is more. :)
However, I think it would be good to clarify and better define the word organisations. I have just demonstrated 5 different kinds of organisations, and they can not all be lumped together in the same boat. And I also think it would be useful to provide sample use cases like the above for clarity.
Over all, this is shaping up to be a great document that represents a positive and significant change for the community, that with a few modifications really nails the message on the head.
Re-guarding the Apache Foundation Example
Pay special attention to this: Apache Sponsorship Apache *SELLS* sponsorship logo locations in exchange for supporting Apache. Are we suggesting the same? There is certain brilliance to this. Big carrot, little stick indeed!
Additionally, OWASP needs sponsors, and I am personally of the position that we need to define the 'sponsor relationship' better; because the reality is that no-one is an island. We all need each other (The principle of OPEN). Sponsors need OWASP, and OWASP needs sponsors. And the fact is, those sponsors are going to be commercial entities. And the other fact is, OWASP is not 'capturing that value.'