[Governance] Slack and Privacy
jim.manico at owasp.org
Mon Jul 27 21:48:20 UTC 2015
One interesting note from staff.
When we suggested a more private/closed service, it was rejected
primarily because it was "closed" unlike the other public facing social
media platforms. We even paid for and set up a private Salesforce
communication instance that was not shared in any way... and that was
rejected since it was a closed system and not an open platform already
used by our membership. Austin even set up a private server with open
source communication software and almost no one outside of Austin used it.
So we have gone super private, cloud private, and open cloud services.
And by far, the community wants to use open cloud communication
services, as well as *publicly archived email* from our public list service.
I still asked Matt (IT) and Paul (Director) to take a look at this and
did file this via our OWASP comment system so it's not lost track of,
and several staff are on this list. :)
On 7/27/15 11:12 AM, Ann Racuya-Robbins wrote:
> Thanks Jim. I am hoping others will weigh in on this as well. What do
> you mean by "a service of this nature"? At the least I agree that we
> should include some guidance about its use. I would be happy to work
> on that.
> In general it is the behavioral analysis and "social networking"
> relationship information that concerns me here. I don't think it is a
> best practice to allow third parties to collect, use and retain this
> kind of OWASP membership information. Do you? How might we find a tool
> that will serve us better in this regard. I am happy to help.
> Ann Racuya-Robbins
> I think there is a need for something like this
> On Mon, Jul 27, 2015 at 4:01 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
> Slack is an optional communication platform for the OWASP
> community. I read the Slack policy and for a service of this
> nature the policy looks very honest and transparent. I do not
> think using slack for private communications is appropriate, I
> think we should think of it more as a list service or other public
> posting service.
> So after a first read of their policy, I like the detail, honestly
> and tradeoffs they are making.
> Perhaps OWASP should publish a little guide explaining that uses
> for Slack are most appropriate?
> On 7/27/15 9:55 AM, Ann Racuya-Robbins wrote:
>> Thank you Fabio for the invitation to SLACK. It looks like this
>> where I have highlighted a number of concerns. Is OWASP not able
>> to find a product with better Privacy protections?
>> Ann Racuya-Robbins
>> Governance mailing list
>> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
> Jim Manico
> Global Board Member
> OWASP Foundation
> Join me at AppSecUSA 2015!
Global Board Member
Join me at AppSecUSA 2015!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Governance