[Governance] Transparency Policy

Tobias tobias.gondrom at owasp.org
Sat Jun 21 14:00:15 UTC 2014


Hi all,

I agree with Bil.

First, some general information from the perspective as board member.
Looking at my sent folder. The vast majority of my OWASP email is
public. And I figure the same is true for all board members. About 95%
of my outgoing email that I initiated, is to or cc to lists, which means
it is public.
Some months ago it was even higher.

There are certain email exchanges that have to be done in private, or
that have been initiated in private and it is not my right to disregard
the sender's rights for a private conversation and drag them into public
view in all details and potentially cause reputation damage to others by
doing so.

Openness is our goal, but I will firmly stand for, that the protection
and vital rights of individuals are superior to the demand for openness.
And especially our staff deserve our full support and protection.
Discussing some of their internal concerns in the public is simply
unfair and inappropriate. Just think about that there may be personal
reasons for certain things, and it is just not fair to demand from our
staff to accept dragging personal aspects of their lifes out into the
public just because they work for OWASP.

Again, let me be clear: the vast vast majority of all emails from me as
board member is already on public lists. The default is already to have
conversations public, unless there are reasons not to.
And I believe all current board members already follow that guideline.

If Dinis wishes that we should be "radically" open about the remaining
few percent, I am not in support of that.

And to go one step further: looking at Dinis's recent behaviour, I
believe that his idea of "radical openess about everything" as Dinis is
currently practising it, is disrespectful to other human beings, harmful
to others and amounted in certain cases to slander and is against our
code of ethics.

Btw. I will be at AppSecEU and will be happy about conversations on all
topics in person there - which may be in public or not - as chosen by
the people I talk with.

Best regards, Tobias


Global Board Member



On 21/06/14 14:01, Bil Corry wrote:
>
> Hi Dinis,
>
>  
>
> I am not familiar with nature of the conversations between board
> members and staff, but my own thought is that email communication that
> happens outside of a public list should be considered private, as that
> is the expectation that most people have with email.
>
>  
>
> If we want board member communication public, then perhaps a new
> public list can be created that can be copied on for all communication
> deemed to be public.  Or perhaps new email addresses for the sole
> purpose of business communication are created.  Otherwise, I'm not
> sure how to disambiguate private/personal messages from official duty
> messages, nor how to even provide access to those messages.
>
>  
>
> Hopefully others will chime in.
>
>  
>
> As for employee reviews, unless the employee chooses to make it
> public, it should be confidential.  Requiring the employee to consent
> to making their performance review public as a condition of employment
> would have to be reviewed by an attorney -- I doubt this is possible,
> otherwise employers would coerce employees to sign away a variety of
> rights.
>
>  
>
> - Bil
>
>  
>
> *From:*Dinis Cruz [mailto:dinis.cruz at owasp.org]
> *Sent:* Friday, June 20, 2014 6:58 AM
> *To:* Bil Corry
> *Cc:* governance at lists.owasp.org
> *Subject:* Re: [Governance] Transparency Policy
>
>  
>
> Hi Bill, I really like the view that '/The rule of thumb for
> transparency is to default all information as public,' /since that is
> exactly how I view it.
>
>  
>
> So for example, where would you put communications between 'OWASP
> employes with OWASP Board Members' and 'OWASP employees and OWASP
> Leaders'? Taking the view that all information should be public, there
> should be very few exchanges between these two groups that would
> happen in private, right? 
>
>  
>
> Specially when there are questions or issues being raised that need to
> be clarified.
>
>  
>
> For example what happened with Samantha is an explosion of tons of
> little issues that (in my view) should had been discussed, clarified
> and defended when they occurred (which would had prevented the drama,
> loss of an OWASP Employee and strong accusations to the multiple parties).
>
>  
>
> Another question I have is: "/For the cases when a thread starts in
> private, once the facts are clarified, and unless it falls into one
> the 3 exceptions listed, the expectation is that such private thread
> will eventually be made public",/ right?
>
>  
>
> Finally, '/where do you put 'employees reviews/'? should that be
> private or public? My view is that any information about OWASP
> organisation and its staff should be public and on the record (so that
> it can be peer-reviewed and validated by the OWASP leaders community).
> This might be something that we will need the employees to agree to,
> which can/should part of their OWASP contract. 
>
>  
>
> Thanks
>
>  
>
> Dinis
>
>  
>
>  
>
> On 19 June 2014 11:18, Bil Corry <bil.corry at owasp.org
> <mailto:bil.corry at owasp.org>> wrote:
>
> Hello Governance,
>
>  
>
> I am proposing we create (and have the BoD adopt) a policy on
> transparency to clarify the information that should never be shared
> publicly.
>
>  
>
> To that end, I've created an initial draft, which you can find here:
>
>  
>
> https://www.owasp.org/index.php/Transparency_Policy
>
>  
>
> I'm requesting discussion and feedback on the draft, along with
> additional exclusions (I only started with two).
>
>  
>
> Thank you for your time in advance,
>
>  
>
> - Bil
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/governance
>
>  
>
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140621/6dfbffa0/attachment-0001.html>


More information about the Governance mailing list