[Governance] Transparency Policy

Christian Heinrich christian.heinrich at cmlh.id.au
Sat Jun 21 23:11:07 UTC 2014


All,

I would like to add that had Dinis shared the e-mail from Andre Ludwig
in addition to the e-mail he received from "Steven Steggles", a person
who does not exist and was simply an e-mail address created to
harassment me, with me prior to making it public then I would have
been able to identity that Chris Gatford, the OWASP Chapter of the
inactive Sydney Chapter, had launched a smear campaign against me
which Dinis Cruz sought to prolong my mental distress and suffering by
damaging to my high standing and reputation within Australia without
any supporting evidence or fact i.e.
http://lists.owasp.org/pipermail/owasp-board/2010-July/008627.html

I am also aware that the Team Mentor and Exams OWASP Projects lead by
Dinis' employer Security Innovation are *not* provided under approved
FOSS Licenses i.e. commercial licenses and binary blobs i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2011-August/006011.html

Furthermore, Dinis Cruz has began to censor and/or destory his two
blog posts related to SamanthaHate i.e.
http://lists.owasp.org/pipermail/governance/2014-June/000462.html so
he uphold openness when it suits his agenda but is fundamentally a
weak person of low moral character.

I want Dinis held to account for his personal attack against me and
others because he has been protected by former specific (not all)
members of the OWASP Board.

I am a formally trained investigator i.e.
http://37.media.tumblr.com/60ea47bd5b6a441b6f0a86d1ab9fa46c/tumblr_n34z28lhEh1qz5xz0o1_500.png
and I am therefore more than willing to assist with the preparation of
evidence against Dinis Cruz.  However, unlike Dinis I don't believe
that appointing a personal friend to lead an investigation is
appropriate i.e. Paulo Combria of which his spouse Sandra works for
Security Innovation, and I am therefore willing to assist Martin.

On Sun, Jun 22, 2014 at 6:25 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
> +1
> Recent behaviour has been very myopic and destructive in the name of
> "openness".
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 21 Jun 2014, at 15:00, Tobias <tobias.gondrom at owasp.org> wrote:
>
> Hi all,
>
> I agree with Bil.
>
> First, some general information from the perspective as board member.
> Looking at my sent folder. The vast majority of my OWASP email is public.
> And I figure the same is true for all board members. About 95% of my
> outgoing email that I initiated, is to or cc to lists, which means it is
> public.
> Some months ago it was even higher.
>
> There are certain email exchanges that have to be done in private, or that
> have been initiated in private and it is not my right to disregard the
> sender's rights for a private conversation and drag them into public view in
> all details and potentially cause reputation damage to others by doing so.
>
> Openness is our goal, but I will firmly stand for, that the protection and
> vital rights of individuals are superior to the demand for openness. And
> especially our staff deserve our full support and protection. Discussing
> some of their internal concerns in the public is simply unfair and
> inappropriate. Just think about that there may be personal reasons for
> certain things, and it is just not fair to demand from our staff to accept
> dragging personal aspects of their lifes out into the public just because
> they work for OWASP.
>
> Again, let me be clear: the vast vast majority of all emails from me as
> board member is already on public lists. The default is already to have
> conversations public, unless there are reasons not to.
> And I believe all current board members already follow that guideline.
>
> If Dinis wishes that we should be "radically" open about the remaining few
> percent, I am not in support of that.
>
> And to go one step further: looking at Dinis's recent behaviour, I believe
> that his idea of "radical openess about everything" as Dinis is currently
> practising it, is disrespectful to other human beings, harmful to others and
> amounted in certain cases to slander and is against our code of ethics.
>
> Btw. I will be at AppSecEU and will be happy about conversations on all
> topics in person there - which may be in public or not - as chosen by the
> people I talk with.
>
> Best regards, Tobias
>
>
> Global Board Member
>
>
>
> On 21/06/14 14:01, Bil Corry wrote:
>
> Hi Dinis,
>
>
>
> I am not familiar with nature of the conversations between board members and
> staff, but my own thought is that email communication that happens outside
> of a public list should be considered private, as that is the expectation
> that most people have with email.
>
>
>
> If we want board member communication public, then perhaps a new public list
> can be created that can be copied on for all communication deemed to be
> public.  Or perhaps new email addresses for the sole purpose of business
> communication are created.  Otherwise, I'm not sure how to disambiguate
> private/personal messages from official duty messages, nor how to even
> provide access to those messages.
>
>
>
> Hopefully others will chime in.
>
>
>
> As for employee reviews, unless the employee chooses to make it public, it
> should be confidential.  Requiring the employee to consent to making their
> performance review public as a condition of employment would have to be
> reviewed by an attorney – I doubt this is possible, otherwise employers
> would coerce employees to sign away a variety of rights.
>
>
>
> - Bil
>
>
>
> From: Dinis Cruz [mailto:dinis.cruz at owasp.org]
> Sent: Friday, June 20, 2014 6:58 AM
> To: Bil Corry
> Cc: governance at lists.owasp.org
> Subject: Re: [Governance] Transparency Policy
>
>
>
> Hi Bill, I really like the view that 'The rule of thumb for transparency is
> to default all information as public,' since that is exactly how I view it.
>
>
>
> So for example, where would you put communications between 'OWASP employes
> with OWASP Board Members' and 'OWASP employees and OWASP Leaders'? Taking
> the view that all information should be public, there should be very few
> exchanges between these two groups that would happen in private, right?
>
>
>
> Specially when there are questions or issues being raised that need to be
> clarified.
>
>
>
> For example what happened with Samantha is an explosion of tons of little
> issues that (in my view) should had been discussed, clarified and defended
> when they occurred (which would had prevented the drama, loss of an OWASP
> Employee and strong accusations to the multiple parties).
>
>
>
> Another question I have is: "For the cases when a thread starts in private,
> once the facts are clarified, and unless it falls into one the 3 exceptions
> listed, the expectation is that such private thread will eventually be made
> public", right?
>
>
>
> Finally, 'where do you put 'employees reviews'? should that be private or
> public? My view is that any information about OWASP organisation and its
> staff should be public and on the record (so that it can be peer-reviewed
> and validated by the OWASP leaders community). This might be something that
> we will need the employees to agree to, which can/should part of their OWASP
> contract.
>
>
>
> Thanks
>
>
>
> Dinis
>
>
>
>
>
> On 19 June 2014 11:18, Bil Corry <bil.corry at owasp.org> wrote:
>
> Hello Governance,
>
>
>
> I am proposing we create (and have the BoD adopt) a policy on transparency
> to clarify the information that should never be shared publicly.
>
>
>
> To that end, I've created an initial draft, which you can find here:
>
>
>
> https://www.owasp.org/index.php/Transparency_Policy
>
>
>
> I'm requesting discussion and feedback on the draft, along with additional
> exclusions (I only started with two).
>
>
>
> Thank you for your time in advance,
>
>
>
> - Bil
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
>
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Governance mailing list