[Owasp-board] [Owasp-leaders] OWASP Board and Asia Pacific

Tom Brennan tomb at owasp.org
Wed Oct 1 12:02:31 UTC 2008


Guys,

It is very clear from the thread of emails below that Justin does not
have the full regional support of the other regional chapter leaders
hence I would recommend that at this time Justin focus his efforts on
his local chapter(s) and attend when possible the other chapter
meetings in his business travels.

I really hope that all of you can make the Portugal Summit so that we
can drop the personal attacks in email and simply determine how as a
collective we can do more to meet the mission of OWASP Foundation.

"Our mission is to make application security "visible," so that people
and organizations can make informed decisions about application
security risks."

Concerning governance issues (board elections/local chapters etc..)
that is what I am working on and look forward to taking input from
everyone in Portugal to get a consensus.  As always, you can simply
call me to further discuss.

Brennan/9737951046 x112



On Wed, Oct 1, 2008 at 6:52 AM, Tim Bass <tim.silkroad at gmail.com> wrote:
> Dear Folks,
>
> I think Justin has done a great job of highlighting why he should NOT
> be on the OWASP board, especially representing Asia.
>
> First of all, Justin, your language is abusive and childish, I am
> sorry to say.  Your ambition seems to control your emotion.
>
> Regarding OWASP Thailand, I have no idea what you are talking about;
> and I think you do not have any idea either!   You certainly have
> zero comprehension of Thai or Thai politics, as evident by your
> slanderous email.   How could anyone say such a think without
> talking to me first?
>
> First of all, I have been working in Thailand to insure that OWASP is
> represented by both foreigners working in Thailand and Thai's.
> This has met some resistant from a handful of Thai's who want to take
> over OWASP Thailand, hijack the OWASP brand, and lock out
> foreigners.  In addition, Thailand is famous for corruption, and I
> have made it clear to everyone that OWASP Thailand with be
> a chapter with the highest ethics and complete transparency.   Many
> people here do not like foreigners, transparancy and then
> to operate with little to no ethics.
>
> Hence, I suggest you stay of OWASP Thailand and not make threats to me
> or anyone.   Your threats and slander are absolute
> proof that you should NOT be on the OWASP board, or any board.
>
> Yours sincerely, Tim
>
>
> On Wed, Oct 1, 2008 at 2:40 PM, jderry jderry <jderry at owasp.org> wrote:
>> Hi Wayne,
>> Lets be clear on one thing. Your OWASP ASIA was originally your OWASP Taiwan
>> and actually initially was a Amorize event.
>> Tim and Wayne you can have your opionons but unless you are going to get off
>> your bum and help out in the region. Lets not bitch about we don't want and
>> get off our bums and do something about. This was a "FREE" mini conference
>> in taiwan. Nothing like the bigger conferences in Asia Pac/Australia, NYC or
>> Europe.
>>
>> The concept of having someone represent asia pacific and the needs for OWASP
>> is critical. You gDearuys have done a great job at focusing on your regions and
>> yes Wayne you have got across more regions as you are in a similar case to
>> me and you travel around with amorize.
>>
>> I want to make one other point very clear. the current OWASP board members
>> were not elected in any clear or open forum. I never got a vote for example.
>> I know of many others that didn't as well.
>>
>> The goal of this is to grow the region and not to play stupid little games
>> about self growth. Let me say Tim, your OWASP chapter has so much on you
>> personally it's insane. And wayne lets not go into the fact you purchased
>> without the consent of OWASP the owasp.org.tw domain name and did a number
>> of inappropriate things..
>>
>> I think both of you need to take a back seat, offer advice or better yet get
>> of your bums and actually do something.. Instead of just complaining that
>> when someone actually puts something into action you cry about it.
>>
>> Regards
>> Justin
>>
>> On Tue, Sep 30, 2008 at 7:17 PM, Wayne Huang <wayne at armorize.com> wrote:
>>>
>>> Hi Tim, Justin and All,
>>>
>>>  I just read this thread, and cannot agree more with Tim.
>>>
>>>  Last time the official OWASP AppSec Asia had 650 participants. Actually
>>> we had more than 1000 registrations but had to turn down some of the
>>> participants due to limitation of the venue. A photo is up here:
>>>
>>>  http://www.owasp.org/index.php/OWASP_AppSec_Asia_2007
>>>
>>>
>>>
>>> We've been to OWASP India this year as well, and the event was great. My
>>> other eight colleagues and I just returned to Taiwan from New York, the
>>> conference was great, too, thanks everyone!
>>>
>>>
>>>
>>> It's the second time that OWASP AppSec Asia will be in Taipei, we'll be
>>> announcing the program soon (4 speakers from OWASP US '08 and 1 from OWASP
>>> India '08), but next year I've already coordinated with the Delhi Chapter to
>>> move OWASP AppSec Asia to India.
>>>
>>>
>>>
>>> I've been to most of the security events in India, China, Taiwan, Japan,
>>> Korea, Singapore, Malaysia and Vietnam. I believe I know the security
>>> community well.
>>>
>>>
>>>
>>> I'd be happy to work with you, Justin, but I don't agree it is necessary
>>> for you to be a representative for "OWASP Asia Pacific."
>>>
>>>
>>>
>>> I'm also very happy with how the OWASP Board is running at the moment.
>>> Jeff, Dave, Dinis and Tom are all just a phone call / email away, and have
>>> always been very helpful despite their busy schedules. I don't really see
>>> why we need Board representation for specific regions. If someone in Asia is
>>> active enough in OWASP events and puts in enough efforts and time to benefit
>>> OWASP, and would like to become a board, the community will recognize this
>>> and he will be elected. In my own opinion, the current Board members were
>>> elected for their dedication to OWASP and for their time spent for OWASP,
>>> not for their regions. Dinis is a Board member not because he's based out of
>>> Europe, but because he's spent a lot of time to make OWASP better. For
>>> anyone needing assistance from the Board, I would strongly recommend
>>> contacting the current Board members directly. They have always done a good
>>> job and I see no need to have a proxy in between.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Wayne
>>>
>>>
>>>
>>>
>>>
>>> From: owasp-leaders-bounces at lists.owasp.org
>>> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Tim Bass
>>> Sent: Sunday, September 28, 2008 10:09 PM
>>> To: dinis cruz
>>> Cc: OWASP Leaders
>>> Subject: Re: [Owasp-leaders] OWASP Board and Asia Pacific
>>>
>>>
>>>
>>> Dear Folks,
>>>
>>> This is nothing personal, so I think folks should not take it personally.
>>>
>>> I am only speaking from experience.   For example, software companies in
>>> the US (I used to travel from the US to Tokyo and places like Singapore for
>>> TIBCO Software) often pick someone from Australia as the "representative"
>>> for Asia Pacific, to manage the whole region.    I see this model fail
>>> repeatedly.
>>>
>>> All I said was that Asia is not "one" with Australia, New Zealand, and
>>> "the rest" of Asia.   I have not read any rationale for China, Japan etc
>>> needing proxy representation to the OWASP board.
>>>
>>> Yes, I agree all I saw was an one email where someone nominated themself
>>> as the "board representative" for Asia Pacific and then said "Asia, NZ and
>>> Australia" are one.
>>>
>>> I do think I am entitled to an opinion, even if others disagree.   Japan,
>>> China, etc. Australia, are not "one" ...... as I said earlier.
>>>
>>> Yours sincerely, Tim
>>>
>>> On Sun, Sep 28, 2008 at 5:00 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>>>
>>> Easy Tim,
>>>
>>> The same statement could be said for Europe, and we are also a very
>>> diverse bunch over here :)
>>>
>>> Justin is correct in that the Board at the moment is very US heavy (3
>>> members), with Europe coming next (2 members) and then the rest of the world
>>> with the grand total of 0
>>>
>>> Dinis
>>>
>>> 2008/9/26 Tim Bass <tim.silkroad at gmail.com>
>>>
>>>
>>>
>>> Hi Guys,
>>>
>>> I think this statement might be self-serving,
>>>
>>> "Australia NZ and Asia are really one"
>>>
>>> No one outside of Auz and NZ believe that.
>>>
>>> Asia is one of the most diverse parts of the world and there is nothing
>>> "unified" or "one" about "Australia NZ and Asia".
>>>
>>> Let's keep this real....
>>>
>>> Your sincerely, Tim
>>>
>>> OWASP Thailand Chapter.
>>>
>>> On Fri, Sep 26, 2008 at 11:17 PM, jderry jderry <jderry at owasp.org> wrote:
>>>
>>> Tom thanks for the quick reply and vote of confidence in the direction. I
>>> would like to add a couple of points.
>>>
>>> I agree with everything you have stated, and i am glad that your purpose
>>> on the board is governance.
>>>
>>>
>>>
>>> I think we need to move quickly on getting support in Asia Pac. I have sat
>>> by for at least 12 months now, and it's the time to act in the region.
>>>
>>> Australia NZ and Asia are really one, if you take a look at a few of the
>>> bigger conferences they all have Asia Pac all together. For the time being
>>> this might be the best way to cover it off, but i would suggest we fully
>>> encourage local conferences. (i.e India and Taiwan are running local ones.)
>>>
>>>
>>>
>>> Regards
>>>
>>> Justin
>>>
>>> On Fri, Sep 26, 2008 at 11:52 AM, Tom Brennan <tomb at owasp.org> wrote:
>>>
>>> Glad to hear that you enjoyed it.  I found a great blogger this
>>> morning about it -
>>>
>>> http://www.webadminblog.com/index.php/category/conference/owasp-appsec-nyc-2008/
>>>
>>> in response to your email, now that we're done with the 6+ months of
>>> efforts with NYC APPSEC (except for posting the video of all the
>>> speakers to www.owasp.tv in the next 30 days... )  I am looking
>>> forward to Portugal
>>> http://www.owasp.org/index.php/OWASP_EU_Summit_2008 to work on the
>>> reason i was appointed to the OWASP Foundation board in Nov 2007 for
>>> governance areas that you identified in your email and using the feed
>>> back from the chapter leader meeting of the 24th at 7pm and many talk
>>> over with leaders, chapter attendees old timer's and  new members
>>> during the event. Presenting them to the board with organization
>>> consensus. Not as sexy... but helpful for a growing organization that
>>> is effecting the world.
>>>
>>> Simply from the governance side of the house, I support the following
>>> GOAL (it will take time to make this happen) but this is my vision on
>>> a 12-24 month plan.
>>>
>>> OWASP Foundation is the "mothership"
>>> In theory I believe that there is a goal to have a global board member
>>> from each Africa, Antarctica (ok so its pretty cold there. and I am
>>> not aware of any owasp polar bears..), Asia, Australia, Europe, North
>>> America, and South America so when we have a global agreement, we have
>>> a global agreement. That is OWASP "from the top" with an annual "plan"
>>> agreed on by the mothership with defined goals and milestones
>>> including industry focus groups
>>>
>>> At the regional level example USA, Germany, Asia, Sweden, etc..etc..
>>> they can have there own working team to always promote the mission
>>> stated very clearly at www.owasp.org (mission)  so they don't need
>>> "permission" they can do things regionally with a simply policy of
>>> "shall do no evil" and they bring "regional" issues to the global
>>> board as needed for agreement worldwide issues. Governance is also
>>> local/regional with a annual "plan" that incorporates the mother ship
>>> with more granular defined issues, goals, and milestones including
>>> industry focus groups and regional projects.
>>>
>>> Local chapters (120+ of them) again can do the same thing -  so in the
>>> USA as a example there are lots of chapters... and we would like to
>>> see 3+ people identified as "chapter leaders" on the local board to
>>> local efforts alive simply having them name/phone and email included
>>> in the mailing as a admin joins them to owasp-leaders and poof done
>>> simple...... we again keep the same "just do it" attitude keeping the
>>> mission clear and "do no evil" with local chapter governance hence 1
>>> of the 3 people -- and you might agree at the local level they also
>>> need an a annual "plan" with defined goals and milestones that allows
>>> measurement including local projects.
>>>
>>> ---
>>>
>>> On conferences and I know they take a lot of work - I would propose a
>>> 4 "owasp global conferences per year".  In 2009, I will suggest a GOAL
>>> of picking a conference chair/champion in Asia, Australia, Europe,
>>> North America, and South America  simply have these coordinated with
>>> the regional "board member" + owasp employees that get paid to do so
>>> on the back end for accounting and event coordination. The reason we
>>> have them IS to bring together 500+, 1000+, 5000+ people
>>>
>>> Define "OWASP APPSEC <REGION> 2XXX Conference as:  A multi-day,
>>> multi-track regional event that requires OWASP Foundation involvement,
>>> funds, insurance, staff and that fees will be charged for attendance
>>> by individuals and sponsors etc.. and is promoted as such by OWASP
>>> Foundation with press releases etc.. (NY/NJ Metro typically has 250
>>> people meetings is that a "conference" no it is not.
>>>
>>> Define "Local Chapter, Local Regional Event as" a single day event
>>> (might even be multi-track) that does NOT require assistance from
>>> OWASP Foundation or the employees of and will be solely handled by the
>>> local chapter / local regional people.
>>>
>>> ---
>>>
>>> Continue to support and drive projects via the grant program for the
>>> mission - http://www.owasp.org/index.php/OWASP_Grants
>>>
>>> Continue to support and drive the OWASP on the move -
>>> http://www.owasp.org/index.php/Category:OWASP_on_the_Move_Project
>>>
>>> I support that today OWASP foundation has (2.5) great employees
>>> http://www.owasp.org/index.php/Contact and I support the addition of
>>> additional staff working distributed to help with supporting the
>>> efforts of the virtual worldwide effort.
>>>
>>> And more... we can agree, disagree dive deep into new areas, make
>>> broken ones better... etc..... one thing that everyone can agree on
>>> and why we doing a OWASP "SUMMIT" on OWASP stuff in Portugal.. and see
>>> Dinis play the drums ;)
>>>
>>> http://www.owasp.org/index.php/OWASP_EU_Summit_2008
>>>
>>> TO JOIN THE OWASP LINK'IN GROUP CLICK:
>>> http://www.linkedin.com/e/gis/36874
>>>
>>> Brennan/973-795-1046
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Sep 26, 2008 at 10:52 AM, jderry jderry <jderry at owasp.org> wrote:
>>> > Greetings OWASP Board Members,
>>> >
>>> > Well firstly i would like to congratulate Tom and everyone whom put
>>> > together
>>> > the conference in NYC. It was well worth my trip from all the way from
>>> > Australia to come and see. Secondly it was great to meet Tom although it
>>> > was
>>> > brief and see Dinis, Dave Jeff and everyone again.
>>> >
>>> > So one of the things Tom and I originally discussed, but we didn't get
>>> > much
>>> > time at the conference (I mentioned this to Dave) was having better
>>> > support
>>> > and representation of OWASP in Asia Pacific. As some will know I now am
>>> > able
>>> > to allocate a reasonable amount of "business" hours time to OWASP
>>> > events.
>>> > (up to sometimes a day a week.)
>>> >
>>> > Recently I ran the OWASP Australia Conference (which was really an asia
>>> > pac
>>> > conference) and have been now helping all the chapters out in the region
>>> > (Asia Pacific) get running etc. (Fixed Japan chapter etc) Actually did a
>>> > speaking spot at the recent ISEC 2008 Conference in Korea on OWASP and
>>> > will
>>> > do similar in the upcoming China conference.
>>> >
>>> > So what does this all mean, in a nutshell it means I am trying to really
>>> > push OWASP within the Region. Asia Pacific is a huge area and currently
>>> > well
>>> > attended on topics of Application Security. Recently the Singapore,
>>> > Chinese
>>> > and Japan governments implemented laws requiring code reviews to be
>>> > performed on applications. So this has meant a massive interest in the
>>> > region.
>>> >
>>> > The problem, OWASP is a little US/UK heavy when it comes to focus. I
>>> > don't
>>> > mean this in a bad way, simply that's where people have always been
>>> > willing
>>> > to put the effort in. And personally i think everyone heavily involved
>>> > in
>>> > this (ie. Current board members) have done an awesome job. In saying
>>> > that I
>>> > think we need to balance it out.
>>> >
>>> > OWASP is a global organization, and I think it needs to be represented
>>> > in
>>> > every region in some shape or form. I would like to recommend that we
>>> > enhance the current board by having Asia Pacific represented on the
>>> > board.
>>> > Although the board is doing a great job, there is particular focus on
>>> > the
>>> > regions everyone is based in.
>>> >
>>> > I am more than willing to make myself available to this position, and I
>>> > am
>>> > sure i have enough support within OWASP to assist in ensuring I can make
>>> > a
>>> > success of the region. I am also fortunate enough in my role to travel
>>> > to
>>> > each major Asia Pacific Country at least once every 6-8 weeks. Thus
>>> > ensuring
>>> > I can get involved across the region. This in turn with running what is
>>> > to
>>> > be the Asia Pacific OWASP Conference in 2009 should ensure we have many
>>> > new
>>> > members and really spread the word out.
>>> >
>>> > I think having a board with global and local regional focus is critical
>>> > to
>>> > the successful growth of OWASP across the globe. What' everyone's
>>> > thoughts
>>> > on this? I think this is something we need to do as a matter of urgency
>>> > and
>>> > something i would like to get rolling to ensure the next 6 months across
>>> > the
>>> > region OWASP can really be pushed, leading to the bigger conference,
>>> > where
>>> > our goal is to have 50 people from each country attend the asia pac
>>> > conference in Feb 2009.
>>> >
>>> > Thanks for listening please feel free to post replies/comments.
>>> >
>>> > Cheers
>>> >
>>> > Justin
>>>
>>>
>>> --
>>> Tom Brennan
>>> OWASP Foundation Board Member
>>> http://www.linkedin.com/in/tombrennan
>>> Tel: 973-795-1046 x112
>>> Url: www.owasp.org
>>>
>>> Its coming.... are you ready?
>>> https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>>
>>
>



-- 
Tom Brennan
Board Member
OWASP Foundation
Tel: 973-795-1046 x112
Url: www.owasp.org



More information about the Owasp-board mailing list