[Owasp-board] OWASP Community Vote - Board Review

Jim Manico jim.manico at owasp.org
Wed Apr 2 18:36:22 UTC 2014

Yes, while I agree with Eoin my main point here is lets talk to the chapter
leaders and chapter attendees and talk to them about it before setting
policy! :)

Jim Manico
(808) 652-3805

On Apr 2, 2014, at 8:34 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

I've ran or helped run a chapter for 9 years now. I believe a community
vote is the best approach.

Eoin Keary
Owasp Global Board
+353 87 977 2988

On 2 Apr 2014, at 16:16, Josh Sokol <josh.sokol at owasp.org> wrote:

No offense meant, but this is spoken like a guy who has not run a chapter.
Quite frequently our leaders are presented with opportunities.  Many of
these opportunities, while backed by commercial interests, are offered for
free or at significantly reduced cost to OWASP members.  Passing those
opportunities along to members does not imply support of a vendor, merely
that an opportunity exists that could provide value.  If you want to add a
disclaimer at the bottom of messages saying that the OWASP Foundation does
not endorse product or services, then I have no issue with that, other than
how you're ever going to actually enforce it.  The only issue with being
vendor agnostic comes if a leader is excluding one vendor, but allowing
another in similar circumstances.  Do you have examples where this is the

My thought is that if we are going to generate a rule on this, it should be
that commericial SPAM from any vendor is not allowed on the mailing lists,
but it can be sent to the chapter leader for review and to pass along if it
provides value to our membership.  A great example is the Innotech
Conference that comes to Austin annually.  It's definitely a commercial,
for-profit, venture, but each year they provide us with a free attendance
code to provide to our membership.  It definitely provides value as they
have lots of technology tracks and even a security track there.  Why would
I not want to provide my membership with that opportunity just because it
is backed by a company that makes money?

I don't agree with the "let's make exceptions" approach either.  Too much
red tape for something that should be in our leaders hands anyway.  We
should trust our leadership to do the right thing, but have a process in
place to handle when they don't.


On Wed, Apr 2, 2014 at 4:41 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  I tend to agree with Eoin on this point. We really need to limit any
> appearance of commercial activity.  I would support a rule where "no
> commercial spamming on OWASP lists" is the norm. We would have the make
> exceptions such as ads in the the newsletter and similar...
> Before making this call I think we should talk to the other chapter
> leaders in regards to what they think about this.
> - Jim
> On 4/1/14, 8:57 AM, Eoin Keary wrote:
> We don't want to jeopardise out charity status by promoting commercial
> activities. A rule helps prevent that. A community vote help establish the
> rule.
> Just sayin...
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 1 Apr 2014, at 19:04, Josh Sokol <josh.sokol at owasp.org> wrote:
>   Sure.  But sometimes chapters only have one person at the helm.  And if
> the leader is being selective without a good reason, then hopefully that
> gets brought to the attention of our staff or the Board and we can handle
> it.  I don't think this is an issue until it is an issue.
>  ~josh
> On Tue, Apr 1, 2014 at 12:58 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>  There may be conflict of interest/bias at play if decision issue by 1
>> person.
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988 <%2B353%2087%20977%202988>
>> On 1 Apr 2014, at 17:12, Josh Sokol <josh.sokol at owasp.org> wrote:
>>   My personal feeling is that any advertisements should be sent to the
>> chapter leader and not to the list.  The chapter leader then has the
>> responsibility to decide if the offer is of value to the members and
>> whether to pass it along or not.
>>  ~josh
>> On Tue, Apr 1, 2014 at 11:10 AM, Fabio Cerullo <fcerullo at owasp.org>wrote:
>>> hi there,
>>>  I'm going to submit a community vote to the leaders list this Friday
>>> 4th April.
>>>  *OWASP "No-Advertising" Policy*
>>>  At present our rules are not clear on commercial advertising through
>>> the OWASP mailing lists and some chapters allow this and others don't.  It
>>> has been suggested to have a "no advertising" policy on all of our mailing
>>> lists.  So then the question is "what is advertising?"  Any commercial
>>> activity such as training, consulting services, or paid conferences. These
>>> activities have to be reviewed and handled by OWASP HQ before posting them
>>> to the mailing lists.
>>> https://docs.google.com/a/owasp.org/forms/d/1R_u0eRFsc5VQpmcWelUfck5hDuLPsmEpA_jDHKu87Qk/viewform
>>>  Your comments are welcome.
>>>  Thanks
>>> Fabio
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>   _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140402/b7465b7a/attachment-0001.html>

More information about the Owasp-board mailing list