[Governance] Slack and Privacy
jim.manico at owasp.org
Tue Jul 28 04:42:06 UTC 2015
I stand corrected. :) I thought I was echoing your concern that not
enough folks were using Ning. I am glad I was wrong here.
Regardless - we have a ticket to staff to address these concern. I (or
someone from staff will) get back with her and this list with more info
On 7/27/15 5:42 PM, Josh Sokol wrote:
> Austin even set up a private server with open source communication
> software and almost no one outside of Austin used it.
> I can only assume that you're talking about Ning. If that's the case,
> then I don't think your statement is correct. There are 357 users in
> Ning right now. Considering that the OWASP Austin Study Group is the
> largest group in there, and only has 67 members, that's a far cry from
> "almost no one outside of Austin used it". While it may not be the
> most popular social media platform within OWASP, it is definitely
> getting used.
> On Mon, Jul 27, 2015 at 4:48 PM, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
> One interesting note from staff.
> When we suggested a more private/closed service, it was rejected
> primarily because it was "closed" unlike the other public facing
> social media platforms. We even paid for and set up a private
> Salesforce communication instance that was not shared in any
> way... and that was rejected since it was a closed system and not
> an open platform already used by our membership. Austin even set
> up a private server with open source communication software and
> almost no one outside of Austin used it.
> So we have gone super private, cloud private, and open cloud
> services. And by far, the community wants to use open cloud
> communication services, as well as *publicly archived email* from
> our public list service.
> I still asked Matt (IT) and Paul (Director) to take a look at this
> and did file this via our OWASP comment system so it's not lost
> track of, and several staff are on this list. :)
> On 7/27/15 11:12 AM, Ann Racuya-Robbins wrote:
>> Thanks Jim. I am hoping others will weigh in on this as well.
>> What do you mean by "a service of this nature"? At the least I
>> agree that we should include some guidance about its use. I would
>> be happy to work on that.
>> In general it is the behavioral analysis and "social networking"
>> relationship information that concerns me here. I don't think it
>> is a best practice to allow third parties to collect, use and
>> retain this kind of OWASP membership information. Do you? How
>> might we find a tool that will serve us better in this regard. I
>> am happy to help.
>> Ann Racuya-Robbins
>> I think there is a need for something like this
>> On Mon, Jul 27, 2015 at 4:01 PM, Jim Manico <jim.manico at owasp.org
>> <mailto:jim.manico at owasp.org>> wrote:
>> Slack is an optional communication platform for the OWASP
>> community. I read the Slack policy and for a service of this
>> nature the policy looks very honest and transparent. I do not
>> think using slack for private communications is appropriate,
>> I think we should think of it more as a list service or other
>> public posting service.
>> So after a first read of their policy, I like the detail,
>> honestly and tradeoffs they are making.
>> Perhaps OWASP should publish a little guide explaining that
>> uses for Slack are most appropriate?
>> On 7/27/15 9:55 AM, Ann Racuya-Robbins wrote:
>>> Thank you Fabio for the invitation to SLACK. It looks like
>>> this could be very useful. I have attached the SLACK Privacy
>>> Policy where I have highlighted a number of concerns. Is
>>> OWASP not able to find a product with better Privacy
>>> Ann Racuya-Robbins
>>> Governance mailing list
>>> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> Join me at AppSecUSA 2015!
> Jim Manico
> Global Board Member
> OWASP Foundation
> Join me at AppSecUSA 2015!
> Governance mailing list
> Governance at lists.owasp.org <mailto:Governance at lists.owasp.org>
Global Board Member
Join me at AppSecUSA 2015!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Governance