[Governance] Slack and Privacy

Jim Manico jim.manico at owasp.org
Tue Jul 28 04:42:06 UTC 2015


I stand corrected. :) I thought I was echoing your concern that not 
enough folks were using Ning. I am glad I was wrong here.

Regardless - we have a ticket to staff to address these concern. I (or 
someone from staff will) get back with her and this list with more info 
soon.

Aloha Josh,
Jim


On 7/27/15 5:42 PM, Josh Sokol wrote:
>
>     Austin even set up a private server with open source communication
>     software and almost no one outside of Austin used it.
>
>
> I can only assume that you're talking about Ning.  If that's the case, 
> then I don't think your statement is correct.  There are 357 users in 
> Ning right now.  Considering that the OWASP Austin Study Group is the 
> largest group in there, and only has 67 members, that's a far cry from 
> "almost no one outside of Austin used it".  While it may not be the 
> most popular social media platform within OWASP, it is definitely 
> getting used.
>
> ~josh
>
> On Mon, Jul 27, 2015 at 4:48 PM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     One interesting note from staff.
>
>     When we suggested a more private/closed service, it was rejected
>     primarily because it was "closed" unlike the other public facing
>     social media platforms.  We even paid for and set up a private
>     Salesforce communication instance that was not shared in any
>     way... and that was rejected since it was a closed system and not
>     an open platform already used by our membership. Austin even set
>     up a private server with open source communication software and
>     almost no one outside of Austin used it.
>
>     So we have gone super private, cloud private, and open cloud
>     services. And by far, the community wants to use open cloud
>     communication services, as well as *publicly archived email* from
>     our public list service.
>
>     I still asked Matt (IT) and Paul (Director) to take a look at this
>     and did file this via our OWASP comment system so it's not lost
>     track of, and several staff are on this list. :)
>
>     Aloha,
>     Jim
>
>
>
>     On 7/27/15 11:12 AM, Ann Racuya-Robbins wrote:
>>     Thanks Jim. I am hoping others will weigh in on this as well.
>>     What do you mean by "a service of this nature"? At the least I
>>     agree that we should include some guidance about its use. I would
>>     be happy to work on that.
>>
>>     In general it is the behavioral analysis and "social networking"
>>     relationship information that concerns me here. I don't think it
>>     is a best practice to allow third parties to collect, use and
>>     retain this kind of OWASP membership information. Do you? How
>>     might we find a tool that will serve us better in this regard. I
>>     am happy to help.
>>
>>     Regards,
>>
>>     Ann Racuya-Robbins
>>
>>
>>
>>
>>     I think there is a need for something like this
>>
>>     On Mon, Jul 27, 2015 at 4:01 PM, Jim Manico <jim.manico at owasp.org
>>     <mailto:jim.manico at owasp.org>> wrote:
>>
>>         Ann,
>>
>>         Slack is an optional communication platform for the OWASP
>>         community. I read the Slack policy and for a service of this
>>         nature the policy looks very honest and transparent. I do not
>>         think using slack for private communications is appropriate,
>>         I think we should think of it more as a list service or other
>>         public posting service.
>>
>>         So after a first read of their policy, I like the detail,
>>         honestly and tradeoffs they are making.
>>
>>         Perhaps OWASP should publish a little guide explaining that
>>         uses for Slack are most appropriate?
>>
>>         Aloha,
>>         Jim
>>
>>
>>         On 7/27/15 9:55 AM, Ann Racuya-Robbins wrote:
>>>         Thank you Fabio for the invitation to SLACK. It looks like
>>>         this could be very useful. I have attached the SLACK Privacy
>>>         Policy where I have highlighted a number of concerns. Is
>>>         OWASP not able to find a product with better Privacy
>>>         protections?
>>>
>>>         Regards,
>>>
>>>         Ann Racuya-Robbins
>>>
>>>
>>>         _______________________________________________
>>>         Governance mailing list
>>>         Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/governance
>>
>>         -- 
>>         Jim Manico
>>         Global Board Member
>>         OWASP Foundation
>>         https://www.owasp.org
>>         Join me at AppSecUSA 2015!
>>
>>
>
>     -- 
>     Jim Manico
>     Global Board Member
>     OWASP Foundation
>     https://www.owasp.org
>     Join me at AppSecUSA 2015!
>
>
>     _______________________________________________
>     Governance mailing list
>     Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/governance
>
>

-- 
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me at AppSecUSA 2015!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150727/3bbd98ca/attachment.html>


More information about the Governance mailing list