[Owasp-board] Fwd: With Regret

Laurence Casey larry.casey at owasp.org
Mon Oct 6 22:20:20 UTC 2008


Originally we tried to transfer the domain to our control, but the  
site that was hosting the dns would not release it. I had access to  
the dns too, but due to the language barrier I was not able to manage  
it. Since that time the domain name has become available. I have  
registered both owasp.tw and owasp.com.tw and have those domain names  
redirecting to the Taiwan chapter page.

--Larry


On Oct 6, 2008, at 4:13 PM, Dave Wichers wrote:

> They ran their own finances last year, but I think the event was free.
>
> India ran their own finances and charged a fee. They provided their  
> financial data to Alison for analysis.
>
> OWASP Israel also handles their own finances and they are run by  
> Ofer through his company (I believe).
>
> So there is certainly precedent for doing it yourself. I think OWASP  
> Minnesota and OWASP Denver mini conferences are also self managed  
> with regard to their funding.
>
> The domain registrars show that owasp.tw is actually available but I  
> did see their site once,  but frequently I get that it can’t be  
> resolved. I had thought that they had provided the domain info to  
> Larry so he could take it over, but I might have confused that with  
> thewww.webgoat.org domain that SPI bought and handed over to OWASP  
> at one point.
>
> -Dave
>
> From: owasp-board-bounces at lists.owasp.org [mailto:owasp-board-bounces at lists.owasp.org 
> ] On Behalf Of Seba
> Sent: Monday, October 06, 2008 7:24 AM
> To: OWASP Foundation Board List
> Subject: [Owasp-board] Fwd: With Regret
>
> Gents,
>
> Check out http://66.102.9.104/translate_c?hl=nl&sl=zh-CN&tl=en&u=http://owasp.org.tw/blog/&usg=ALkJrhiv19RcIwo3yodI5_RLFmMvfLjQSw
>
> The usage of a seperate owasp.tw domain is indeed disturbing!
> Do we have proof the domain is transferred to OWASP ?
>
> They are charging a registration fee: is this under control of the  
> OWASP Foundation ?
>
> regards
>
> Seba
> ---------- Forwarded message ----------
> From: jderry jderry <jderry at owasp.org>
> Date: Mon, Oct 6, 2008 at 12:57 PM
> Subject: With Regret
> To: dinis cruz <dinis.cruz at owasp.org>, Dave Wichers <dave.wichers at owasp.org 
> >, Tom Brennan <tomb at owasp.org>, jeff williams <jeff.williams at owasp.org 
> >, seba seba <seba at owasp.org>
>
> HI Everyone,
> So i am sure i am on the tip of everyone's tongue (probably not for  
> good reasons) in regards to the movements in Asia Pacific. Anyhow I  
> have been discussing numerous events with Tom and have recently  
> engaged with Wayne (Taiwan Chapter) to help out with the so called  
> ASIA event.
>
> Anyhow in the past 48 hours i have communicated numerous emails with  
> Wayne (i have included the emails below) suggesting things for the  
> event and offering to help out with any planning etc. Wayne has  
> refused any assistance (as you can read below). I am left with no  
> alternative but to remove myself from most OWASP activities  
> effective immediately. It's really unfortunate, but I do not believe  
> in the OWASP way of things anymore. i.e I have lost complete faith.  
> There are many like me, and there is alot of people that i am  
> associated with across the world that i have spoken with about  
> what's been going on and I have also been collecting advice from  
> these people. (mostly OWASP project/chapter leaders). I think some  
> of them may vent a little over the coming weeks to the OWASP board  
> or leaders list so apologies but i am not the only one feeling this  
> way.
>
> I suppose if anything my concerns relate specifically to governance  
> but more to complete in-action by the board. More than likely  
> because they do not share my view of things (which is fine everyone  
> is entitled to their opinion.)
>
> OWASP is a not-for-profit organization and most activities  
> undertaken by people are done so on their own time. (Like myself and  
> the amount of effort i have put into the region these days and the  
> past 4-5 years). These people work on the concept of everyone doing  
> the right thing and putting effort in to help the cause, not helping  
> themselves. It should be the role of the OWASP board to ensure that  
> a collective and open non vendor and non self/business promotion  
> approach is taken by all members, unfortunately it's my belief the  
> board has fallen way short of this.
>
> The core of the problem is in the APAC region where i have invested  
> alot of personal time and actually even business time lately. I  
> struggle with everything when I see people within the OWASP using  
> the organization for complete self/business promotion. Why should I  
> invest time and effort into an organization that will allow this to  
> continue.
>
> So lets get to the core of my problem. OWASP ASIA and Wayne. Sorry  
> guys, but he is doing this for self/business promotion!.. Here's the  
> reason why.....
>
> 1)      This is not a regional event, he has not contacted any  
> chapter leader other than those contacting him (i know Japan & china  
> and all of AU have not been involved) why - i have met each one of  
> these in the past week. None know about this conference.
> 2)      No Call for Papers, yep, he handpicked the people he wanted  
> to talk. There are 3 people that work for amorize presenting. Funny  
> do some research, the speakers at the conference have been speaking  
> at every conference wayne has been associated with since 2005. The  
> same names pop up every time....
> 3)      Refuses categorically (after 3 separate emails) to take me  
> up on my offer for help (see emails below) even though i would  
> change coffee cups to help out... (he doesn't want me around)
> 4)      He is taking funds on behalf of OWASP without being OWASP.  
> Sorry but i believe this is the biggest thing you SHOULDN'T DO.  
> Where's the governance.
> 5)      Advertising? How is he inviting people to this conference?  
> It hasn't gone to the everyone list as a CFP/Event notification, nor  
> has it officially gone to anyone in AU apart from Taiwan. Actually i  
> looked at the Taiwan mailing list through owasp and can't see  
> anything, but it's possible he is using something associated with  
> the owasp.org.twdomain name he still controls and uses.
> 6)      Self promotion, he gets the people there because he invites  
> them from Taiwan Government on behalf of armorize (it's the only way  
> people in Taiwan and some countries will attend a "vendor" type  
> session). I am more then happy to give you the name of the GM i know  
> in the Defence department that categorically told me the invite last  
> year and this year is from Armorize and that Wayne is the president  
> of OWASP and so both of them do it together? If this is not true how  
> else is he advertising to the OWASP community or abroad??
> 7)      This is a business benefit to armorize, I have had numerous  
> people tell me stories about wayne's activities in the region (even  
> before last year's event?)
> 8)      NO Sponsors? Armorize put money in last year, and I can bet  
> Armorize is helping out with costs this year. Thats great, but i  
> can't see that he isn't getting something out of it can you?  
> Seriously what kind of crazy marketing scheme exists where there is  
> no benefit back to the company? And on this note, why isn't other  
> vendors/corporate sponsors or OWASP allowed to get involved. Oh and  
> BTW Fortify is not wanting to put money into the event (we will  
> provide staff to assist) but our marketing budget is spent for the  
> year.
> 9)      Won't involve other people across the region. I know of 3  
> others (1 outspoken) whom is also upset with the fact there is no  
> CFP (Call for Papers) or anything like this and he will allow us to  
> attend but not assist in the planning?
> 10)   The chapter in Taiwan is totally inactive. The last meeting  
> was the conference last year, no updates no nothing? Then he pulls  
> the conference? Doesn't this sound a little strange?
> 11)   Normally the prep work for an event like this would take  
> months at least? Why have we heard about it now? Surely this has  
> been on the cards for a long time? And last year the same thing  
> happened? The Taiwan chapter's last OWASP meeting according to the  
> web site and mailing list was 12 months ago (the 2007 conference).
> 12) Wayne's speaking as a key speaker at his own conference? Not on  
> OWASP but on APPSEC topics, i looked back through other conferences  
> no one has done this before?? Not as the organizer at least?
> So I could go on and on with the problems relating to this. But I am  
> not going to (i've had enough trying to prove my point to the board.  
> Though a little confused at why the 12 points above are ignored, i  
> think they are pretty valid?). The fact is Wayne has done things in  
> the past that are inappropriate and the board has had to step in  
> previously.
>
> Let me give you some business promotion quotes that are interesting:  
> (i thought it was Wayne whom founded the chapter not armorize? This  
> is exactly how wayne sells in the region..
>
> "Open Web Application Security Project (OWASP) Taiwan chapter,  
> founded by
> Armorize Technologies - an open community"
> http://www.armorize.com.tw/news/pdf/ArmorizeAttendsHITCon2006.pdf
>
> http://armorize-cht.blogspot.com/ (Corporate Blog, and personally my  
> feelings are there is too much OWASP stuff relating to Armorize and  
> OWASP.) Maybe it's just me.
>
> Unfortunately I have been putting alot of personal time into OWASP  
> and honestly I feel like an idiot. Helping someone else build their  
> business off of my hard work.  - Can't do it. I understand that  
> OWASP gets abused these days, but not deliberately and not in front  
> of the board and we let them get away with it.
>
> Anyhow my activities currently involve:
>
> 1)      Planning for OWASP AU 2009
> 2)      SOC Interceptor Project
> 3)      Brisbane Chapter Leader
> 4)      Helping out AU and JP and SG and CHINA chapters with  
> speakers (not me) etc
> 5)      Significant involvement in the OWASP CMM project as Jeff/ 
> Dave are aware
> 6)      Many other activities and speaking spots at OWASP and  
> promotion of OWASP in the true APAC region. (which don't include  
> self promotion, google it, you won't find anything thats not what i  
> am about.. even last year at the Au conference i spoke for OWASP on  
> the status of OWASP in the region never a topic as a keynote?)
>
> I am going to pull out of most (probably not all) but definitely the  
> conference. Will remain as the Brisbane Chapter lead as this has  
> enough effort in itself. (And take tom's advice and already seeking  
> a second person to be put onto the web site – Jason harris from  
> Brisbane has already agreed to this.)
>
> I used to believe in OWASP and I thought the goal of awareness is  
> critical to fixing this problem globally. However i can't simply  
> stand by and watch this go on. It's crazy! And I know that there are  
> many more like me, some unspoken.
>
> It's a real struggle, i am sorry for the long email, but i don't  
> like jumping the gun without evidence and my feelings. I hope over  
> the coming time that the OWASP board will look at how some people  
> abuse OWASP and the people that put "real" effort into the  
> organization. Show me where these people that above have ever done  
> anything other then run a small chapter (which is still to be  
> rewarded) or run a conference that benefits them. Actually Taiwan's  
> annual chapter meeting is every year for this conference thats it...
>
> Ok, so thanks for listening hopefully some of this will make it onto  
> people's mind and they will do something about it at a later time..  
> Maybe then i will be prepared to get involved again.
>
> Tom to ensure that i haven't been "un" professional, i have remained  
> nice (no personal attacks) and completed significant research on all  
> comments in this email.. Just making sure... Still disappointed that  
> it has come to this...
>
> Kindest Regards
>
> Justin Derry (Brisbane Chapter Lead).
>
>
> ---------- Forwarded message ----------
> From: jderry jderry <jderry at owasp.org>
> Date: Mon, Oct 6, 2008 at 6:22 PM
> Subject: Re: DId you get my previous email about assistance
> To: Wayne Huang <wayne at armorize.com>
>
> Its pretty clear your stance on things. Which is fine.
> I am wording an email to the board and I will be pulling out of all  
> OWASP activities as i cannot be part of something i don't believe  
> in, and I am sorry but there is more then enough evidence (and many  
> others agree) that you are abusing your position with OWASP which is  
> disappointing.
>
> Anyhow good luck with your conference and growing your company.
> Kindest Regards
> Justin
> On Mon, Oct 6, 2008 at 6:06 PM, Wayne Huang <wayne at armorize.com>  
> wrote:
> Hi Justin,
>
>
>
> I wanted to give you my mobile--+886-922780838, feel free to call me  
> any time if you want to discuss something. If you can let me have  
> yours that would be great.
>
>
>
> Wayne
>
>
>
> From: jderry jderry [mailto:jderry at owasp.org]
>
> Sent: Monday, October 06, 2008 1:16 PM
> To: Wayne Huang
> Cc: Wayne Huang
> Subject: Re: DId you get my previous email about assistance
>
>
> HI Wayne,
>
> I suppose the problem i have is that if this is to be called OWASP  
> ASIA then lets make it OWASP ASIA.
>
> I would like to see people from China, Japan, Singapore etc  
> attending and being involved.? (possibly even Australia/NZ)
>
>
>
> I have no problems if you wish to call this OWASP Taiwan conference  
> with international speakers, but i will be honest and say i have a  
> problem when we call this ASIA (and you and tim argured that  
> Australia shouldn't be included) then lets make it a regional  
> conference. (What happens with Japan/China etc)
>
>
>
> Tell me what i can do to help make this a great regional true "ASIA"  
> conference including all countries in ASIA?
>
> There seems to be 3 speakers from Amorize talking. Wouldn't it be  
> much better from a governance and regional standpoint to open this  
> open to the region?
>
>
>
> Your comments appreciated.
>
> Please also answer if you would like assistance from me for the  
> conference.?
>
> Kindest Regards
>
> Justin
>
>
>
>
>
> On Mon, Oct 6, 2008 at 1:43 PM, Wayne Huang <wayne at armorize.com>  
> wrote:
>
> Hi Justin,
>
>
>
> It would be good if chapter leaders can be here. I know everyone has  
> very interesting talks but right now the agenda is very full  
> already. Many have asked to speak, but we really cannot squeeze in  
> everyone. We already have speakers from India, Thailand, and Taiwan.
>
>
>
> Thanks,
>
> Wayne
>
>
>
> From: jderry jderry [mailto:jderry at owasp.org]
> Sent: Monday, October 06, 2008 12:22 PM
> To: Wayne Huang; Wayne Huang
> Subject: DId you get my previous email about assistance
>
>
>
> Hi Wayne,
>
> I wanna help with this conference, it would also be nice to have  
> regional speakers etc and really make this something big across the  
> region.
>
> (thats if it is called the ASIA conference)
>
>
>
> My Okada from Japan chapter and the guys up here in tokyo (i am  
> currently here) want to get involved and can provide a speaker also,  
> and China can get involved also.
>
> I think the guys from singapore or someone might also want to.
>
>
>
> Let me know what i can do to help, i wouldn't mind also talking on  
> the hot OWASP project OWASP CMM (Maturity Model Project) that i am  
> involved with.
>
>
>
> Looking forward to hearing from you.
>
> Kindest Regards
>
> Justin
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081006/3e680484/attachment-0002.html>


More information about the Owasp-board mailing list