[Owasp-board] Public Statements, Personal Thoughts, The Voice of OWASP

Tobias tobias.gondrom at owasp.org
Wed Feb 5 20:01:01 UTC 2014

Michael and fellow board members,

yes, this is a good discussion to have.

regarding 1+2:
IMHO we need indeed to be a bit more careful about in which function we
make statements, because the outside world will perceive certain things.

Having said that, I think the default for any board member when stating
his opinion should be that this is only his personal opinion. So I think
it would be fair to assume that as the baseline. But we should each be
careful to avoid misconstrued statements or messages being interpreted
as OWASP messages even though they are only personal opinions. This is
mostly important / relevant when people cite or introduce you as an
OWASP board member or when you use OWASP communication channels (blogs,
post on the wiki). In this case it could be healthy to clarify that this
is your personal opinion or a draft at the beginning.

3. Regarding our mailing-lists:
- yes, I noted that one blogger cited comments from the mailing-list
during an ongoing internal open discussion. That is unfortunate and in
fact also to some degree unprofessional for a journalist, but
unavoidable with open lists. I always try to weigh my words carefully,
but still our mailing-lists are to discuss different opinions openly. If
a journalist takes text from the mailing-lists we might inform him that
these are ongoing discussions and do not express opinions of the
- and yes, I am all for discipline in terms of staying on subject and/or
changing the subject of an email when the content shifts to a new topic.
It makes reading so much easier. ;-)

Cheers, Tobias

On 05/02/14 19:14, Michael Coates wrote:
> Board,
> I'd like to bring up a topic for thought. As board members we
> individually have very little power. Hence the entire process of a
> vote for decisions and the rule of majority.
> In addition, we also each wear a variety of hats - our professional
> "day job" our "owasp hat", our own ideas separate from each, etc.
> I mention these items for the following scenarios:
> 1. We need to be careful about acting as individuals and issuing
> statements on behalf of OWASP. I believe an official channel for OWASP
> statements is much more clear for the community and the world rather
> then individual statements by board members on blogs, twitter,
> interviews, etc.
> 2. Currently our owasp blog serves a variety of purposes. Whether or
> not we intend, any post made here will also be interpreted as an
> official statement by OWASP. Food for thought - there are multiple
> people that can post to this blog. If we hastily issue a post here it
> could be picked up as an official statement by OWASP before we have a
> chance to fully flush out the wording or message.
> 3. Our mailing lists are all publicly archived. This is great and by
> design. Keep in mind that your statements will be referenced within
> stories, future discussions, etc. We should do our best to keep on
> topic within subject threads, change subject lines when conversation
> drifts, and be cognizant that emails sent in haste will live on forever.
> I'm interested in others thoughts on this. Building clear official
> channels for OWASP statements will make our messages more powerful and
> easier for others to spread.
> --
> Michael Coates
> @_mwc
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140205/b02b49bf/attachment.html>

More information about the Owasp-board mailing list