[Owasp-board] Public Statements, Personal Thoughts, The Voice of OWASP

Michael Coates michael.coates at owasp.org
Wed Feb 5 19:40:06 UTC 2014


Thanks Jim,

Yes. I've looked at the first 2 episodes and reviewed it's perception. The
exact comments you raised are items I'm actively making changes to
eliminate. Here's a bit more info:

1. The goal of the show is to represent myself, my views in the industry
and not represent my employer or OWASP. To that end I asked earlier this
week to add a disclaimer at the bottom of each show notes. I sent this note
to Mark (who runs the podcast)  on Tuesday and he'll be adding the
following below my bio on each video page:

Comments within these interviews represent Michael's own opinions and are
not endorsements by any other organization he is affiliated with.

2. In general more awareness of OWASP is a good thing. However, in this
scenario (and as you pointed out) I think this creates confusion and may in
fact nullify item #1 and my goal to represent only myself. So, after review
of the first 2 episodes I've decided to pass on further discussions of
official owasp items or discussions that appear to be owasp updates from an
owasp board member.


-Michael





--
Michael Coates
@_mwc



On Wed, Feb 5, 2014 at 11:30 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  +1 Michael. If you see anything from me other others that is of concern,
> please say so. I suggest that anyone who is going to speak on behalf of
> OWASP go through press training with members of staff. We also have to
> balance this with the "open" nature of our bylaws and mission. We really
> are a unique organization.
>
> I think - especially for board members - to clarify when speaking in
> public. Something like:  "OWASP does not endorse any commercial entity,
> including myself or my company. These opinions are my own and not official
> OWASP policy."
>
> Michael, I don't mean to point the finger at you, but I'm about to do just
> that. Check out
> http://trustedsoftwarealliance.com/2014/01/28/january-28-2014-security-start-ups-with-co-host-michael-coates-video/where you give commercial analysis on security startups. In this broadcast,
> the OWASP logo is used, very contentious OWASP political issues are being
> discussed, and the mix of commercialism and official OWASP representation
> seems muddled. This is exactly the kind of thing we want to avoid.
>
> Perhaps we could separate commercial analysis from "official" updates on
> OWASP? Or at least provide some kind of disclaimer?
>
> Hey we are all human here. If you ever interpret any of my actions as
> stepping over the line, please call me on it and I'll try to do better.
>
> Aloha,
> Jim
>
>
>
>
>
>  Board,
>
>  I'd like to bring up a topic for thought. As board members we
> individually have very little power. Hence the entire process of a vote for
> decisions and the rule of majority.
>
> In addition, we also each wear a variety of hats - our professional "day
> job" our "owasp hat", our own ideas separate from each, etc.
>
>  I mention these items for the following scenarios:
>  1. We need to be careful about acting as individuals and issuing
> statements on behalf of OWASP. I believe an official channel for OWASP
> statements is much more clear for the community and the world rather then
> individual statements by board members on blogs, twitter, interviews, etc.
>
>  2. Currently our owasp blog serves a variety of purposes. Whether or not
> we intend, any post made here will also be interpreted as an official
> statement by OWASP. Food for thought - there are multiple people that can
> post to this blog. If we hastily issue a post here it could be picked up as
> an official statement by OWASP before we have a chance to fully flush out
> the wording or message.
>
>  3. Our mailing lists are all publicly archived. This is great and by
> design. Keep in mind that your statements will be referenced within
> stories, future discussions, etc. We should do our best to keep on topic
> within subject threads, change subject lines when conversation drifts, and
> be cognizant that emails sent in haste will live on forever.
>
>  I'm interested in others thoughts on this. Building clear official
> channels for OWASP statements will make our messages more powerful and
> easier for others to spread.
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140205/4da19683/attachment.html>


More information about the Owasp-board mailing list