[Governance] Slack and Privacy

Jim Manico jim.manico at owasp.org
Mon Jul 27 21:48:20 UTC 2015

One interesting note from staff.

When we suggested a more private/closed service, it was rejected 
primarily because it was "closed" unlike the other public facing social 
media platforms.  We even paid for and set up a private Salesforce 
communication instance that was not shared in any way... and that was 
rejected since it was a closed system and not an open platform already 
used by our membership. Austin even set up a private server with open 
source communication software and almost no one outside of Austin used it.

So we have gone super private, cloud private, and open cloud services. 
And by far, the community wants to use open cloud communication 
services, as well as *publicly archived email* from our public list service.

I still asked Matt (IT) and Paul (Director) to take a look at this and 
did file this via our OWASP comment system so it's not lost track of, 
and several staff are on this list. :)


On 7/27/15 11:12 AM, Ann Racuya-Robbins wrote:
> Thanks Jim. I am hoping others will weigh in on this as well. What do 
> you mean by "a service of this nature"? At the least I agree that we 
> should include some guidance about its use. I would be happy to work 
> on that.
> In general it is the behavioral analysis and "social networking" 
> relationship information that concerns me here. I don't think it is a 
> best practice to allow third parties to collect, use and retain this 
> kind of OWASP membership information. Do you? How might we find a tool 
> that will serve us better in this regard. I am happy to help.
> Regards,
> Ann Racuya-Robbins
> I think there is a need for something like this
> On Mon, Jul 27, 2015 at 4:01 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>     Ann,
>     Slack is an optional communication platform for the OWASP
>     community. I read the Slack policy and for a service of this
>     nature the policy looks very honest and transparent. I do not
>     think using slack for private communications is appropriate, I
>     think we should think of it more as a list service or other public
>     posting service.
>     So after a first read of their policy, I like the detail, honestly
>     and tradeoffs they are making.
>     Perhaps OWASP should publish a little guide explaining that uses
>     for Slack are most appropriate?
>     Aloha,
>     Jim
>     On 7/27/15 9:55 AM, Ann Racuya-Robbins wrote:
>>     Thank you Fabio for the invitation to SLACK. It looks like this
>>     could be very useful. I have attached the SLACK Privacy Policy
>>     where I have highlighted a number of concerns. Is OWASP not able
>>     to find a product with better Privacy protections?
>>     Regards,
>>     Ann Racuya-Robbins
>>     _______________________________________________
>>     Governance mailing list
>>     Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/governance
>     -- 
>     Jim Manico
>     Global Board Member
>     OWASP Foundation
>     https://www.owasp.org
>     Join me at AppSecUSA 2015!

Jim Manico
Global Board Member
OWASP Foundation
Join me at AppSecUSA 2015!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150727/0b5491c7/attachment.html>

More information about the Governance mailing list