[Governance] Transparency Policy

Bil Corry bil.corry at owasp.org
Fri Jun 20 08:29:07 UTC 2014


Let me clarify my comment – I am hooking into the existing disciplinary policy, rather than creating a parallel process within the Transparency policy.  There are a variety of policies that can be violated, it makes more sense to have a single disciplinary policy that the rest can refer to, rather than creating individual disciplinary sections in each policy.

 

I can clean up the disciplinary policy after we're done with the transparency policy, if that's desired.

 

To answer your question – if I were to setup a system, it would be a committee of members that weigh the evidence and make a ruling.  The BoD can then be used to appeal the decision.

 

- Bil

 

From: Josh Sokol [mailto:josh.sokol at owasp.org] 
Sent: Thursday, June 19, 2014 10:17 PM
To: Bil Corry
Cc: OWASP GOVERNING
Subject: Re: [Governance] Transparency Policy

 

Please don't feel like you have to defer to any existing policy or make any assumptions.  If you're taking the time and effort to draft this policy, who would you ideally like to see make that decision?

~josh

 

On Thu, Jun 19, 2014 at 2:36 PM, Bil Corry <bil.corry at owasp.org> wrote:

Good question – I defer to the Whistleblower policy as to the disciplinary details, but my assumption is the BoD makes the final determination.  The Whistleblower policy can be updated to be more clear on this point.

 

- Bil

 

From: Josh Sokol [mailto:josh.sokol at owasp.org] 
Sent: Thursday, June 19, 2014 6:19 PM


To: Bil Corry
Cc: OWASP GOVERNING
Subject: Re: [Governance] Transparency Policy

 

One question for clarity, who determines the action as a result of a policy violation?  The Compliance Officer?  A Committee?  The Board?  The ED?

~josh

 

On Thu, Jun 19, 2014 at 9:48 AM, Bil Corry <bil.corry at owasp.org> wrote:

Thanks Josh, I've updated the violation section based on your suggestion.  I also added the whistleblower exception, as our whistleblower policy states it is a confidential process. 

 

 

- Bil

 

From: Josh Sokol [mailto:josh.sokol at owasp.org] 
Sent: Thursday, June 19, 2014 4:06 PM
To: Bil Corry
Cc: OWASP GOVERNING
Subject: Re: [Governance] Transparency Policy

 

I really like where this is going.  It reads similar to a data classification plan and maybe we should even consider labeling documents based on the levels outlined.  When I have some time, I will try to add additional examples for consideration.  In the meantime, my only advice may be to rephrase the policy violations section at the bottom more along the lines of "including the possibility of suspension or revocation of membership, exclusion from OWASP events and mailing lists, or other such action as determined."

~josh

 

On Thu, Jun 19, 2014 at 5:18 AM, Bil Corry <bil.corry at owasp.org> wrote:

Hello Governance,

 

I am proposing we create (and have the BoD adopt) a policy on transparency to clarify the information that should never be shared publicly.

 

To that end, I've created an initial draft, which you can find here:

 

https://www.owasp.org/index.php/Transparency_Policy

 

I'm requesting discussion and feedback on the draft, along with additional exclusions (I only started with two).

 

Thank you for your time in advance,

 

- Bil


_______________________________________________
Governance mailing list
Governance at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/governance

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140620/d7a9a243/attachment-0001.html>


More information about the Governance mailing list