[Governance] Slack and Privacy

Josh Sokol josh.sokol at owasp.org
Tue Jul 28 03:42:41 UTC 2015


>
> Austin even set up a private server with open source communication
> software and almost no one outside of Austin used it.
>

I can only assume that you're talking about Ning.  If that's the case, then
I don't think your statement is correct.  There are 357 users in Ning right
now.  Considering that the OWASP Austin Study Group is the largest group in
there, and only has 67 members, that's a far cry from "almost no one
outside of Austin used it".  While it may not be the most popular social
media platform within OWASP, it is definitely getting used.

~josh

On Mon, Jul 27, 2015 at 4:48 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  One interesting note from staff.
>
> When we suggested a more private/closed service, it was rejected primarily
> because it was "closed" unlike the other public facing social media
> platforms.  We even paid for and set up a private Salesforce communication
> instance that was not shared in any way... and that was rejected since it
> was a closed system and not an open platform already used by our
> membership. Austin even set up a private server with open source
> communication software and almost no one outside of Austin used it.
>
> So we have gone super private, cloud private, and open cloud services. And
> by far, the community wants to use open cloud communication services, as
> well as *publicly archived email* from our public list service.
>
> I still asked Matt (IT) and Paul (Director) to take a look at this and did
> file this via our OWASP comment system so it's not lost track of, and
> several staff are on this list. :)
>
> Aloha,
> Jim
>
>
>
> On 7/27/15 11:12 AM, Ann Racuya-Robbins wrote:
>
> Thanks Jim. I am hoping others will weigh in on this as well. What do you
> mean by "a service of this nature"? At the least I agree that we should
> include some guidance about its use. I would be happy to work on that.
>
>  In general it is the behavioral analysis and "social networking"
> relationship information that concerns me here. I don't think it is a best
> practice to allow third parties to collect, use and retain this kind of
> OWASP membership information. Do you? How might we find a tool that will
> serve us better in this regard. I am happy to help.
>
>  Regards,
>
>  Ann Racuya-Robbins
>
>
>
>
> I think there is a need for something like this
>
> On Mon, Jul 27, 2015 at 4:01 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  Ann,
>>
>> Slack is an optional communication platform for the OWASP community. I
>> read the Slack policy and for a service of this nature the policy looks
>> very honest and transparent. I do not think using slack for private
>> communications is appropriate, I think we should think of it more as a list
>> service or other public posting service.
>>
>> So after a first read of their policy, I like the detail, honestly and
>> tradeoffs they are making.
>>
>> Perhaps OWASP should publish a little guide explaining that uses for
>> Slack are most appropriate?
>>
>> Aloha,
>> Jim
>>
>>
>> On 7/27/15 9:55 AM, Ann Racuya-Robbins wrote:
>>
>> Thank you Fabio for the invitation to SLACK. It looks like this could be
>> very useful. I have attached the SLACK Privacy Policy where I have
>> highlighted a number of concerns. Is OWASP not able to find a product with
>> better Privacy protections?
>>
>>  Regards,
>>
>>  Ann Racuya-Robbins
>>
>>
>> _______________________________________________
>> Governance mailing listGovernance at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/governance
>>
>>
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundationhttps://www.owasp.org
>> Join me at AppSecUSA 2015!
>>
>>
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
>
>
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150727/9b96603d/attachment-0001.html>


More information about the Governance mailing list