[Owasp-board] WASPY Awards and Questionable Ethics

Jim Manico jim.manico at owasp.org
Mon Oct 1 10:31:41 UTC 2012


The final vote by the board has not happened yet. Perhaps we can turn this
into a community vote and drop candidates who applied after the deadline
for the sake of integrity.

Jim Manico
(808) 652-3805

On Oct 1, 2012, at 4:01 AM, Eoin <eoin.keary at owasp.org> wrote:

Jim, being a board member I certainly had no part in nominating the
individuals on the short list.
I actually only know what 3 of them actually did for OWASP.
Was the nomination for the finalists Nat a community activity?

Eoin Keary
Owasp Global Board
+353 87 977 2988

On 1 Oct 2012, at 03:02, Jim Manico <jim.manico at owasp.org> wrote:


The WASPY Awards (Web Application Security Person of the Year) is leaving
me very concerned.

After reading...


...it looks like only the board will vote for the winners.

    "The OWASP board will review the profiles of the chapter/project level
winners and will then select 5 Global finalists."

I also noticed that Tom Brennan nominated two candidates who are his
co-workers (2 of the 13 candidates). Tom's company is also one of the
sponsors of this award. And as a board member he helps vote on the winners.
Both of these projects show Tom as the project leader.

 *    Candidate:*Ryan Barnett

*    Candidate Submitted By:*OWASP HTTP POST TOOL

*    Accomplishments:*Ryan is a core developers on the OWASP CRS project

*    Why this person was chosen?*When working on the HTTP POST TOOL we made
it available ....

 *    Candidate:* Charles Henderson

*    Candidate Submitted By:* OWASP RFP Project

*    Accomplishments:* This OWASP effort has been adopted by numerous
organizations worldwide to help them meet their contracting needs when
procuring application security services.

*    Why this person was chosen?*Project contributor

So may I ask if OWASP board members who nominated candidates plan to recuse
themselves from the voting? Or better yet, isn't it more appropriate allow
the membership community to vote for the Web Application Security Person of
the Year?

Or Tom, did you plan to sponsor, nominate and elect the winner? I once
again cry foul. *This is again why I am very concerned with you running for
board when you make decisions like this with questionable ethics.*

PS: Ryan Barnett and Chris Henderson are both stellar professionals and
this is in no way reflective of their talent.

Thank you,
Jim Manico
OWASP Volunteer

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20121001/f366f15d/attachment.html>

More information about the Owasp-board mailing list