[Governance] Stepping down from Project Reviews

Christian Heinrich christian.heinrich at cmlh.id.au
Wed Sep 2 23:43:23 UTC 2015


Martin,

Jim supported the complaint against the OWASP Top Ten 2013 release but then
"manipulated"
https://www.owasp.org/index.php?title=Issues_Concerning_The_OWASP_Top_Ten_2013&diff=0&oldid=153296
of which I sent him several e-mails seeking an explanation this action
which remain unanswered?

Since the time of this amendment he then went on to state "I did indeed
bring this up in the past but was largely outvoted by the board." within
http://lists.owasp.org/pipermail/owasp-board/2014-April/013518.html

In addition, Jim had stated to me when we met in Sydney that he an ongoing
issue with Jeff Williams since his employment at Aspect Security and hence
his continued attacks against their flagship projects which have resulted
in a significant loss of their reputation e.g. "*OWASP's ESAPI is no longer
a flagship product for OWASP anymore: major development work on the library
stagnated and the 2.1 release was just to fix a major CVE.* " to quote
http://stackoverflow.com/questions/27825322/difference-between-hdiv-and-esapi

Can I please request that a formal inquiry be undertaken against Jim
Manico?  He has already stated that he would be dismissed from the OWASP
Board and I would expect this outcome based on the evidence tendered in
this matter as part of proceeding at the upcoming OWASP Board Meeting i.e.
http://lists.owasp.org/pipermail/owasp-board/2015-September/016018.html

On Thu, Sep 3, 2015 at 6:24 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Johanna,
>
> This is a *very* serious manner. Manipulating reviews of projects I manage
> would be grounds to have me dismissed from the board. If you are seriously
> concerned that my involvement would lead ethical problems of that nature,
> then I encourage you to talk to other board members and escalate this
> issue. Corruption of that nature is very serious and would be a breach of
> my fiduciary duty to the OWASP Foundation.
>
> My main concern (and my sole reason for involvement) is that OWASP
> presents its catalog of projects in a fair way. In the past, we held up
> projects as "Flagship" that had very serious quality issues. I do not feel
> that is the case any more.
>
> Is there anything else you are concerned with while we are on the topic of
> ethics and project review?
>
> - Jim
>


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150903/8ba54812/attachment-0001.html>


More information about the Governance mailing list