[Owasp-board] FW: Suggested Core Values Attached

Matt Tesauro matt.tesauro at owasp.org
Tue Jan 4 16:26:51 UTC 2011


Eoin,

I fixed the typo you noticed - that sentence got re-written by me
several times - thanks for pointing it out.

I've answered your edit request so have at it.

I'm a bit hesitant about adding something about "not a hacking group" -
at least using that term.  I'd hate to have to debate the whole hacking
vs cracking vs cyber-criminal vs ...

Maybe there's a way to talk positively about testing like "ethical
testing" or "responsible testing" or some such thing.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site

On 01/04/2011 09:45 AM, Eoin wrote:
> It does not feel as strong as the previous draft but it does cover the
> bases.......
>  
> Phrases like "OWASP is not for sale" and "not influenced by commercial
> organisations" is strong stuff in my opinion.
>  
> "OWASP understands that application security is a global in scope and
> knows..." is there a typo here?
> should it be "OWASP understands that application security is a global
> challenge and knows...."
>  
> Do we need something about "OWASP is not a hacking
> organisation./collective....."under ethical?
>  
> -ek
> 
>  
> On 3 January 2011 20:45, Matt Tesauro <matt.tesauro at owasp.org
> <mailto:matt.tesauro at owasp.org>> wrote:
> 
>     To keep this thread alive, I've modified the latest version from Jeff.
> 
>     All the board members should have received an email alerting them of
>     their edit privileges to the current draft of the OWASP Core Values.
> 
>     It is a Google document, which should, show real-time collaboration due
>     to the new Google Docs format [1].
> 
>     I moved this from email to Google docs to keep the formatting Jeff added
>     in his last modification.  Since we all have @owasp emails, I've added
>     the following with edit privileges:
>     jeff.williams at owasp.org <mailto:jeff.williams at owasp.org>,
>     dinis.cruz at owasp.org <mailto:dinis.cruz at owasp.org>,
>     dave.wichers at owasp.org <mailto:dave.wichers at owasp.org>,
>     tom.brennan at owasp.org <mailto:tom.brennan at owasp.org>, seba at owasp.org
>     <mailto:seba at owasp.org>, eoin.keary at owasp.org
>     <mailto:eoin.keary at owasp.org>
> 
>     When we get greater consensus on the draft, I'll move it over to the
>     OWASP wiki.
> 
>     The document is also available (view-only) at this URL:
>     https://docs.google.com/document/pub?id=1EbQ17h_G7HOAmnGxtf_dvZyjln9AGQcbXBzCJnNpA2M
> 
> 
>     [1] https://docs.google.com/support/bin/answer.py?answer=176442
> 
>     --
>     -- Matt Tesauro
>     OWASP Board Member
>     OWASP WTE Project Lead
>     http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>     http://AppSecLive.org <http://appseclive.org/> - Community and
>     Download site
> 
>     On 12/22/2010 10:47 AM, Jeff Williams wrote:
>     > I think this is where we are….
>     >
>     > * *
>     >
>     > *1.      **Open – *_At OWASP, everything we do is radically
>     > transparent_. This means that our work is done in public so that
>     we can
>     > get early feedback and participation. Our governance and finances are
>     > also fully disclosed so that anyone can verify that we are good
>     steward
>     > for the application security community.
>     >
>     >
>     >
>     > *2.      **Integrity – *_OWASP is not for sale_.  Our most precious
>     > commodity is the trust that people put in our work. If we even
>     show the
>     > appearance of being biased by commercial forces, we lose that trust.
>     > OWASP’s non-profit status and volunteer leadership helps to shield us
>     > from these forces. This does not imply that we cannot work with
>     > commercial companies when their goals align with ours, just that
>     we must
>     > remain vigilant against the appearance of impropriety.
>     >
>     >
>     >
>     > *3.      **Global – *_OWASP engages a global community for a global
>     > problem_. Anyone anywhere is open to participate in the OWASP
>     community.
>     > MORE HERE.**
>     >
>     >
>     >
>     > *4.      **Experimentation – *_OWASP uses projects to create
>     progress_.
>     > Application security is still a very young discipline. At OWASP, we
>     > encourage and support all kinds of experiments to find solutions
>     to our
>     > challenges. Where we have success we may create standards that
>     encourage
>     > further experimentation. Leadership in OWASP is based on effort and
>     > results, and we want anyone with the drive to create and promote new
>     > ideas to join with us.**
>     >
>     >
>     >
>     > *5.      **Ethical - *_At OWASP we behave ethically and treat others
>     > with respect_. MORE HERE.**
>     >
>     >
>     >
>     > I apologize for not getting these finished.  I’m hoping you all can
>     > drive this forward.
>     >
>     >
>     >
>     > --Jeff
>     >
>     >
>     >
>     >
>     >
>     > *From:*owasp-board-bounces at lists.owasp.org
>     <mailto:owasp-board-bounces at lists.owasp.org>
>     > [mailto:owasp-board-bounces at lists.owasp.org
>     <mailto:owasp-board-bounces at lists.owasp.org>] *On Behalf Of *Kate
>     Hartmann
>     > *Sent:* Wednesday, December 22, 2010 9:06 AM
>     > *To:* OWASP Foundation Board List
>     > *Subject:* [Owasp-board] FW: Suggested Core Values Attached
>     > *Importance:* High
>     >
>     >
>     >
>     > Board, I have heard that Seba, Jeff, and Tom will NOT be able to make
>     > the call.  I have not specifically heard from Dave, but I believe
>     he is
>     > also on vacation.
>     >
>     >
>     >
>     > That being said, it seems like the purpose and content of the call can
>     > be discussed and finalized through an email thread.
>     >
>     >
>     >
>     > Please take a look at the content of this email and the
>     attachments and
>     > see if you agree.
>     >
>     >
>     >
>     > Kate Hartmann
>     >
>     > Operations Director
>     >
>     > 301-275-9403
>     >
>     > www.owasp.org <http://www.owasp.org/> <http://www.owasp.org/>
>     >
>     > Skype:  Kate.hartmann1
>     >
>     >
>     >
>     > *From:*Richard Tesauro [mailto:tesauros at mac.com
>     <mailto:tesauros at mac.com>]
>     > *Sent:* Wednesday, December 22, 2010 9:02 AM
>     > *To:* Kate Hartmann
>     > *Cc:* Matt Tesauro
>     > *Subject:* Suggested Core Values Attached
>     > *Importance:* High
>     >
>     >
>     >
>     > Good morning Kate,
>     >
>     >
>     >
>     > At my request, Matt posted the attached on the TMC wiki. It is the
>     > consolidation of "values" emails in a single document.
>     >
>     >
>     >
>     > Presuming you will email the Board again, I need your help informing
>     > them about the wiki addition as well as the the call purpose and
>     ground
>     > rules below.
>     >
>     >
>     >
>     > *Call Purpose:*
>     >
>     > 1) Select the OWASP Core Values
>     >
>     > 2) Draft Core Values Definitions
>     >
>     > 3) List Core Values in Desired Order
>     >
>     >
>     >
>     > *Call Process Ground Rules:*
>     >
>     > 1) The 5 Questions for Validating a Core Value will be the reference
>     > point for discussion
>     >
>     > 2) 30-40 seconds per speaker comment
>     >
>     > 3) Based on wiki posted data and information through December 23
>     >
>     >
>     >
>     > Please call or email with any questions or desired clarifications. I
>     > hope to encourage Thursday's call and drafting of OWASP Core Values.
>     >
>     >
>     >
>     > Thanks again,
>     > Richard A. (Dick) Tesauro
>     >
>     > President and Founder
>     > *Tesauro Management Counselors (TMC)*
>     >
>     > *Trusted Advisor and Catalyst*
>     >
>     >
>     >
>     > *Helping Leaders Create Enduring, Growing, "Great" Organizations*
>     >
>     >
>     >
>     > 3124 Trevolle Place
>     > Dallas, Texas 75204-5537
>     > 214-823-6028 (Phone)
>     > 214-924-1154 (Cell)
>     > RA at TesauroMC.com
>     > www.TesauroMC.com <http://www.tesauromc.com/>
>     <http://www.tesauromc.com/>
>     >
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > Owasp-board mailing list
>     > Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     > https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> 
> 
> 
> -- 
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> 
> Sent from my i-Transmogrifier
> http://asg.ie/
> https://twitter.com/EoinKeary

-- 
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site



More information about the Owasp-board mailing list