[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Eoin Keary eoin.keary at owasp.org
Sat Jan 4 17:31:20 UTC 2014


Many negative tweets re RSA an OWASP. (below).
As I brought this up already, are we sure we are making the right decision by pushing forward with this?




Eoin Keary
Owasp Global Board
+353 87 977 2988


Begin forwarded message:

> From: Sastry Tumuluri <sastry.tumuluri at owasp.org>
> Date: 4 January 2014 16:48:50 GMT
> To: "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com>, Ravdeep Sodhi <ravdeep.sodhi at ecoretechnos.com>, "Nishant Johar (EMOBX)" <nj at emobx.com>, Rochak Chauhan <rochak.chauhan at owasp.org>
> Cc: "Jim Manico (OWASP)" <jim.manico at owasp.org>, "Eoin Keary (OWASP)" <eoin.keary at owasp.org>
> Subject: OWASP Board decision that I don't agree with
> 
> Friends,
> 
> Please see the following full conversation on twitter: 
> https://twitter.com/EoinKeary/status/419111748424454145
> 
> Eoin Keary and Jim Manico (both OWASP board members) will be presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said to be present. Apparently, this was discussed at the OWASP board level; and the board has decided to go ahead, keeping in mind the benefit to the attending developers.
> 
> As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm afraid) of being complicit with NSA in enabling fatal weakening of crypto products. RSA has issued a sort of a denial that only deepens the mistrust. As a protest, many leading speakers are cancelling their talks at the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
> 
> At such a time, I am saddened by the OWASP board decision to support RSAC by their presence. At a time when they had the opportunity to let the world know how much they care for the Information Security profession (esp., against weakening crypto); and how much they care about the privacy of people (against NSA's unabashed spying on Americans & non-Americans alike), the board has copped out using a flimsy rationalization ("benefit of (a few) developers", many of who would rethink their attendance had OWASP and more organizations didn't blink!"). 
> 
> I'm sure there was a heated debate. I'm sure all angles were considered. However, this goes too deep for me to take it as "better men than me have considered and decided". As a matter of my personal values, if the situation doesn't change, I would no longer wish to continue as the OWASP Chapter Lead. Please let me know if any of you would like to take over from me. 
> 
> I will also share my feelings with fellow chapter members at our next chapter meeting on Jan 21st. Needless to say, no matter how things go, I remain committed to the principles of our open and open-source infosec community.
> 
> Best regards,
> 
> ==Sas3==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/942fa4ab/attachment.html>


More information about the Owasp-board mailing list