[Owasp-board] Public Statements, Personal Thoughts, The Voice of OWASP

Michael Coates michael.coates at owasp.org
Wed Feb 5 19:40:06 UTC 2014

Thanks Jim,

Yes. I've looked at the first 2 episodes and reviewed it's perception. The
exact comments you raised are items I'm actively making changes to
eliminate. Here's a bit more info:

1. The goal of the show is to represent myself, my views in the industry
and not represent my employer or OWASP. To that end I asked earlier this
week to add a disclaimer at the bottom of each show notes. I sent this note
to Mark (who runs the podcast)  on Tuesday and he'll be adding the
following below my bio on each video page:

Comments within these interviews represent Michael's own opinions and are
not endorsements by any other organization he is affiliated with.

2. In general more awareness of OWASP is a good thing. However, in this
scenario (and as you pointed out) I think this creates confusion and may in
fact nullify item #1 and my goal to represent only myself. So, after review
of the first 2 episodes I've decided to pass on further discussions of
official owasp items or discussions that appear to be owasp updates from an
owasp board member.


Michael Coates

On Wed, Feb 5, 2014 at 11:30 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  +1 Michael. If you see anything from me other others that is of concern,
> please say so. I suggest that anyone who is going to speak on behalf of
> OWASP go through press training with members of staff. We also have to
> balance this with the "open" nature of our bylaws and mission. We really
> are a unique organization.
> I think - especially for board members - to clarify when speaking in
> public. Something like:  "OWASP does not endorse any commercial entity,
> including myself or my company. These opinions are my own and not official
> OWASP policy."
> Michael, I don't mean to point the finger at you, but I'm about to do just
> that. Check out
> http://trustedsoftwarealliance.com/2014/01/28/january-28-2014-security-start-ups-with-co-host-michael-coates-video/where you give commercial analysis on security startups. In this broadcast,
> the OWASP logo is used, very contentious OWASP political issues are being
> discussed, and the mix of commercialism and official OWASP representation
> seems muddled. This is exactly the kind of thing we want to avoid.
> Perhaps we could separate commercial analysis from "official" updates on
> OWASP? Or at least provide some kind of disclaimer?
> Hey we are all human here. If you ever interpret any of my actions as
> stepping over the line, please call me on it and I'll try to do better.
> Aloha,
> Jim
>  Board,
>  I'd like to bring up a topic for thought. As board members we
> individually have very little power. Hence the entire process of a vote for
> decisions and the rule of majority.
> In addition, we also each wear a variety of hats - our professional "day
> job" our "owasp hat", our own ideas separate from each, etc.
>  I mention these items for the following scenarios:
>  1. We need to be careful about acting as individuals and issuing
> statements on behalf of OWASP. I believe an official channel for OWASP
> statements is much more clear for the community and the world rather then
> individual statements by board members on blogs, twitter, interviews, etc.
>  2. Currently our owasp blog serves a variety of purposes. Whether or not
> we intend, any post made here will also be interpreted as an official
> statement by OWASP. Food for thought - there are multiple people that can
> post to this blog. If we hastily issue a post here it could be picked up as
> an official statement by OWASP before we have a chance to fully flush out
> the wording or message.
>  3. Our mailing lists are all publicly archived. This is great and by
> design. Keep in mind that your statements will be referenced within
> stories, future discussions, etc. We should do our best to keep on topic
> within subject threads, change subject lines when conversation drifts, and
> be cognizant that emails sent in haste will live on forever.
>  I'm interested in others thoughts on this. Building clear official
> channels for OWASP statements will make our messages more powerful and
> easier for others to spread.
> --
> Michael Coates
> @_mwc
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140205/4da19683/attachment.html>

More information about the Owasp-board mailing list