[Owasp-board] Public Statements, Personal Thoughts, The Voice of OWASP

Tobias tobias.gondrom at owasp.org
Wed Feb 5 22:11:31 UTC 2014

I think the line is: are we speaking for ourselves (and happen to be an
OWASP leader or board member) or are we speaking on behalf of the whole
OWASP organisation. Unfortunately even when we want to do the first,
some external people may too eagerly want to hear the second because it
is more exciting. So we have to be careful when communicating. Sometimes
a very fine line and we get plenty of opportunities to make mistakes or
being misinterpreted.

Having said that, as a general notion: I would rather prefer people
going out and doing stuff, even when we make some mistakes and we then
have to clarify, correct and clean things up afterwards, then to ask
people to always ask for permission first.

But I fully support Michael's notion that we need to be aware of our
situation and be reasonably careful to avoid misinterpretation of
statements we make.

Just my 5cents. Tobias

On 05/02/14 21:46, Michael Coates wrote:
> So, Josh did provide an example, but this thread was not intended to
> focus on any one situation. There's actually a few different ones we
> could look it (including me) and instead I just wanted to cover the
> overall idea. Goal is to be aware of potential situations so we can
> keep doing awesome things effectively.
> --
> Michael Coates
> @_mwc
> On Wed, Feb 5, 2014 at 1:43 PM, Josh Sokol <josh.sokol at owasp.org
> <mailto:josh.sokol at owasp.org>> wrote:
>     I'm not sure I'd necessarily frame it as "crossing the line", but
>     your tweets regarding cancelling the RSA training were definitely
>     regarded as actions by "OWASP" and not "Eoin" in the media that
>     covered it.  Not that you should have to ask for permission to
>     cancel a training, but when you're doing it as an OWASP training,
>     then the cancellation should have been an OWASP message.  What if
>     we had decided to fill your slot with another trainer?  Much of
>     the damage would have already been done.  I think that the point
>     that Michael is trying to make here is that we are viewed as the
>     OWASP Board and statements by one of us can certainly affect the
>     others and the Foundation.  Nobody is asking for you to seek
>     permission, but rather, to consider the consequences as they
>     relate to more than just yourself.
>     ~josh
>     On Wed, Feb 5, 2014 at 3:20 PM, Eoin Keary <eoin.keary at owasp.org
>     <mailto:eoin.keary at owasp.org>> wrote:
>         If someone asks me my opinion as an OWASP leader I am not
>         prepared to ask for permission. I've been with OWASP for 10
>         years and never crossed the line.
>         Eoin Keary
>         Owasp Global Board
>         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>         On 5 Feb 2014, at 19:14, Michael Coates
>         <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
>         wrote:
>         > Board,
>         >
>         > I'd like to bring up a topic for thought. As board members
>         we individually have very little power. Hence the entire
>         process of a vote for decisions and the rule of majority.
>         >
>         > In addition, we also each wear a variety of hats - our
>         professional "day job" our "owasp hat", our own ideas separate
>         from each, etc.
>         >
>         > I mention these items for the following scenarios:
>         > 1. We need to be careful about acting as individuals and
>         issuing statements on behalf of OWASP. I believe an official
>         channel for OWASP statements is much more clear for the
>         community and the world rather then individual statements by
>         board members on blogs, twitter, interviews, etc.
>         >
>         > 2. Currently our owasp blog serves a variety of purposes.
>         Whether or not we intend, any post made here will also be
>         interpreted as an official statement by OWASP. Food for
>         thought - there are multiple people that can post to this
>         blog. If we hastily issue a post here it could be picked up as
>         an official statement by OWASP before we have a chance to
>         fully flush out the wording or message.
>         >
>         > 3. Our mailing lists are all publicly archived. This is
>         great and by design. Keep in mind that your statements will be
>         referenced within stories, future discussions, etc. We should
>         do our best to keep on topic within subject threads, change
>         subject lines when conversation drifts, and be cognizant that
>         emails sent in haste will live on forever.
>         >
>         > I'm interested in others thoughts on this. Building clear
>         official channels for OWASP statements will make our messages
>         more powerful and easier for others to spread.
>         >
>         >
>         > --
>         > Michael Coates
>         > @_mwc
>         >
>         > _______________________________________________
>         > Owasp-board mailing list
>         > Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         > https://lists.owasp.org/mailman/listinfo/owasp-board
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140205/4444a340/attachment.html>

More information about the Owasp-board mailing list