[Owasp-board] Fwd: [Global_industry_committee] Opportunity to comment: US FedRAMP

dinis cruz dinis.cruz at owasp.org
Fri Dec 17 02:12:08 UTC 2010


FYI, I had a lengthy (very frustrating) conversation with Yiannis on
Wednesday, where I tried to (unsuccessfully)  explain him that it was a very
BAD idea to allow the OWASP Industry Committee to sign NDAs with companies
(so that they could share information with that committee).

I tried to make him understand that we cannot have NDAs at OWASP because
that would be completely incompatible with OWASP's openness
and transparency. But I had to give up in the end since he was adamant that
NDAs were critical for them (the Industry Committee) to be able to do their
job/tasks/mission ... and ... that they were missing
massive opportunities by not signing NDAs.

Apart from fact that Yiannis didn't want to accept my explanations, I was
left under the impression that he had no idea of how such NDA process could
be implemented in an distributed and open organization like OWASP

Dinis Cruz


On 16 December 2010 13:15, Tom Brennan <tomb at owasp.org> wrote:

> fyi - i got this one
>
>
> Begin forwarded message:
>
> > From: Tom Brennan <tomb at owasp.org>
> > Date: December 16, 2010 8:14:11 AM EST
> > To: Yiannis Pavlosoglou <yiannis at owasp.org>
> > Subject: Re: [Global_industry_committee] Opportunity to comment: US
> FedRAMP
> >
> > Yiannis,
> >
> > I am sure you have only the best intentions - but try to be positive with
> your emails to lists man.
> >
> > As noted from the reply from Rex there is a extension now on FEDRAMP so
> there is time if Rex and you guys can rally folks.  Don't be looked at like
> the grinch at xmas while you try to be a leader that others will follow.
> >
> >
> >
> > On Dec 16, 2010, at 8:07 AM, Yiannis Pavlosoglou wrote:
> >
> >> Hi guys,
> >>
> >> Shame indeed; just to state that we have identified a problem with our
> "radar", so to speak and that it is based on the good will of people.
> >>
> >> As much as we have plenty of that within the industry, I don't think
> that is enough.
> >>
> >> My belief is that we are hiding behind our openness (in procedures not
> output!) and that is what is impeding us from progressing.
> >>
> >> Still, there is an initiative where a number of people, including the
> board, have been contacted on a one to one level to try and resolve this.
> >>
> >> This will take time! Please bare with us, while we continue this
> appalling behaviour of missing stuff...
> >>
> >> Thank you,
> >>
> >> Yiannis
> >>
> >> On 15 Dec 2010 17:26, "Colin Watson" <colin.watson at owasp.org> wrote:
> >>> Pity, it would have been good to contribute. No,I don't think anyone
> >>> else had picked up on this one.
> >>>
> >>> Colin
> >>>
> >>> On 15 December 2010 17:12, Tom Brennan <tomb at owasp.org> wrote:
> >>>> Comments on the documents can be submitted using the FedRAMP online
> comment form available at www.FedRAMP.gov through 11:59 pm Eastern Time on
> December 2nd - window is closed.
> >>>>
> >>>>
> >>>> On Dec 15, 2010, at 11:12 AM, Rex Booth wrote:
> >>>>
> >>>>> All,
> >>>>>
> >>>>> Is this on our radar screen yet?
> >>> _______________________________________________
> >>> Global_industry_committee mailing list
> >>> Global_industry_committee at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/global_industry_committee
> >> _______________________________________________
> >> Global_industry_committee mailing list
> >> Global_industry_committee at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/global_industry_committee
> >
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101217/6daa25d7/attachment-0002.html>


More information about the Owasp-board mailing list