[Governance] Fwd: [Owasp-leaders] My views on the OWASP SamanthaGate (10 points and ideas for OWASP)

Bil Corry bil.corry at owasp.org
Thu Jun 19 10:10:27 UTC 2014

Hi Michael,


Thank you for clarifying the role of the Governance list – I thought as much, but wanted to make sure there wasn't an expectation that action be taken by the list.


Yes, I can take the lead on the O-Open issue.  I've created a base document to get the conversation started and will create a separate thread for the discussion.



- Bil


From: Michael Coates [mailto:michael.coates at owasp.org] 
Sent: Wednesday, June 18, 2014 8:47 PM
To: Bil Corry
Cc: governance at lists.owasp.org; Martin Knobloch
Subject: Re: [Governance] Fwd: [Owasp-leaders] My views on the OWASP SamanthaGate (10 points and ideas for OWASP)



To your first point on the compliant:
Correct. I cc'ed Martin on the email. I'm waiting for his response. 

I don't necessary think governance has a role to play. But if this were to be discussed anywhere, this would be the appropriate place.

On your second point - O-Open:
I think this is a great idea! I'm going to push back a bit though. We've got a great idea, now we need people that want to make it a reality. Is this something you want to lead and draw together other interested owasp'ers? I think governance list is a good spot to start (with an announcement on leaders for anyone to join over here if interested).


Michael Coates


On Wed, Jun 18, 2014 at 4:29 AM, Bil Corry <bil.corry at owasp.org> wrote:

Hi Michael,


I believe the complaint should be delivered to the Compliance Officer to handle per the process.  What role do you see the Governance list playing in the complaint?


On a more general level, I'll make the observation that there is a very wide gap in beliefs about just how transparent OWASP should be.  That gap shows up in a multitude of ways, such as the email from Denis that has spawned this complaint.


I recommend organizing a committee to work out a specific, explicit policy on what is and is not "open."  This is a hotly contested area within OWASP and my guess is unless it's written down, some may wave the "O is for Open" banner when disclosing anything of their choosing.



- Bil


From: governance-bounces at lists.owasp.org [mailto:governance-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Tuesday, June 17, 2014 10:48 PM
To: governance at lists.owasp.org; Martin Knobloch
Subject: [Governance] Fwd: [Owasp-leaders] My views on the OWASP SamanthaGate (10 points and ideas for OWASP)



I'm forwarding this to the governance list. I've already reached out to Dinis and optionally Yvan to begin a discussion. I'll also confer with Martin to determine if he is still available to assist.


Michael Coates


---------- Forwarded message ----------
From: Yvan Boily <yvanboily at gmail.com>
Date: Tue, Jun 17, 2014 at 8:42 AM
Subject: Re: [Owasp-leaders] My views on the OWASP SamanthaGate (10 points and ideas for OWASP)
To: Dinis Cruz <dinis.cruz at owasp.org>
Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>

In the last several days, and over the course of the last several months Dinis Cruz has posted messages that have taken an internal matter and made it a public embarrassment to OWASP.

Since I know there are people on the sidelines reading I want to be clear:

* There should be a proper investigation of the claims that Samantha has made

* Regardless of the outcome of that investigation, the community should expect those responsible for misconduct or unlawful behaviour to be held accountable

* We, as a community, should expect a strong statement from the board supporting inclusiveness and equality, and supporting this should be an expectation of everyone who opts to be a leader

I am requesting that the board consider issuing a warning and/or a temporary ban on Dinis Cruz.  I am requesting a warning or temporary ban because I believe that Dinis was genuinely trying to help, and he has been a long standing member of the community advocating for positive change.  This request stems from a desire to illustrate that we will hold our members accountable for ethical violations and not out of any malice.

In the last 48 hours Dinis has sent messages which violate the following items from the Code of ethics

1. Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;

3. Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;
* Forwarding confidential information and defamatory messages to mailing list comprised of tens of thousands of people is not in accordance with ethical principles.

6. Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;
9. Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;

* The reputations of several board members have been publicly maligned, as has Samantha Groves.  Since the messages were sent in the sense of openness and in the message this is in response to, he claims to have had the desire to allow the opportunity to respond to the claims, that this was done intentionally.

* This incident may have caused irreparable damage to the community.

10. Treat everyone with respect and dignity;


* airing unproven allegations to the community undermines the dignity of long-time contributors

The OWASP community is huge, and has garnered an impressive amount of influence.  If we fail to hold ourselves, the board, the staff, and each other accountable, then that influence will be squandered.

Dinis - please accept my apologies for sending this email, but in my opinion it is a necessary action.

Yvan Boily

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140619/27708b8b/attachment.html>

More information about the Governance mailing list