[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 19:01:51 UTC 2014


to be clear on a few details:
- to my attention there was a short exchange of about 12 emails (some
off and some on the board mailing-list).
- there was no vote and no agreement recorded in favour of OWASP as an
org doing this.
- in fact, in the email exchange (unfortunately offlist, following
someone else move the thread offlist), I clearly stated my understanding
was that Jim and Eoin are making the decision to go to RSA as
individuals. (my email was on Dec-29). And that therefore it was their
decision whether they want to go there or not. And I can not recall that
this was contradicted at any time.

Best regards, Tobias

Ps.: The branding of the material is not relevant for this. In principle
all OWASP material can be used freely by anybody. That does not imply
that our organisation as a whole does sanction or support any specific
E.g. anyone can use the OWASP Top-10 presentation (with the OWASP
branding) and present it at RSA or the next NSA conference for that matter.

On 04/01/14 18:10, Eoin Keary wrote:
> Sorry tobias,
> But we are delivering the training as OWASP.
> OWASP was approached by RSA.
> Our material is non commercial branded and branded with OWASP, donated
> by Jim and Myself.
> There was no vote but a debate started by myself which landed firmly
> in favour of going ahead with it.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 4 Jan 2014, at 17:53, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>> No. There was no vote.
>> And to be clear, my understanding was that everyone would be
>> attending as individuals and not as representatives of the board or
>> I am not quite sure how this perception came about. But we may have
>> to take clarifying action.
>> If other board members would concur, I would propose to make a simple
>> statement that OWASP leaders and members speaking at the RSA
>> conference do so as individuals and not in their function as
>> representatives of OWASP.
>> Best regards, Tobias
>> OWASP Global Board Member and Secretary of the Board
>> On 04/01/14 17:39, Tom Brennan - OWASP wrote:
>>> There was a vote ?
>>> On Jan 4, 2014, at 12:31 PM, Eoin Keary <eoin.keary at owasp.org
>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>> Many negative tweets re RSA an OWASP. (below).
>>>> As I brought this up already, are we sure we are making the right
>>>> decision by pushing forward with this?
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>> Begin forwarded message:
>>>>> *From:* Sastry Tumuluri <sastry.tumuluri at owasp.org
>>>>> <mailto:sastry.tumuluri at owasp.org>>
>>>>> *Date:* 4 January 2014 16:48:50 GMT
>>>>> *To:* "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com
>>>>> <mailto:kanwalsb at gmail.com>>, Ravdeep Sodhi
>>>>> <ravdeep.sodhi at ecoretechnos.com
>>>>> <mailto:ravdeep.sodhi at ecoretechnos.com>>, "Nishant Johar (EMOBX)"
>>>>> <nj at emobx.com <mailto:nj at emobx.com>>, Rochak Chauhan
>>>>> <rochak.chauhan at owasp.org <mailto:rochak.chauhan at owasp.org>>
>>>>> *Cc:* "Jim Manico (OWASP)" <jim.manico at owasp.org
>>>>> <mailto:jim.manico at owasp.org>>, "Eoin Keary (OWASP)"
>>>>> <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>>>>> *Subject:* *OWASP Board decision that I don't agree with*
>>>>> Friends,
>>>>> Please see the following full conversation on twitter: 
>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at the
>>>>> RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board
>>>>> is also said to be present. Apparently, this was discussed at the
>>>>> OWASP board level; and the board has decided to go ahead, keeping
>>>>> in mind the benefit to the attending developers.
>>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>>> that only deepens the mistrust. As a protest, many leading
>>>>> speakers are cancelling their talks at the upcoming RSAC 2014.
>>>>> Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and
>>>>> Josh Thomas.
>>>>> At such a time, I am saddened by the OWASP board decision to
>>>>> support RSAC by their presence. At a time when they had the
>>>>> opportunity to let the world know how much they care for the
>>>>> Information Security profession (esp., against weakening crypto);
>>>>> and how much they care about the privacy of people (against NSA's
>>>>> unabashed spying on Americans & non-Americans alike), the board
>>>>> has copped out using a flimsy rationalization ("benefit of (a few)
>>>>> developers", many of who would rethink their attendance had OWASP
>>>>> and more organizations didn't blink!"). 
>>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>>> considered. However, this goes too deep for me to take it as
>>>>> "better men than me have considered and decided". As a matter of
>>>>> my personal values, if the situation doesn't change, I would no
>>>>> longer wish to continue as the OWASP Chapter Lead. Please let me
>>>>> know if any of you would like to take over from me. 
>>>>> I will also share my feelings with fellow chapter members at our
>>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>>> things go, I remain committed to the principles of our open and
>>>>> open-source infosec community.
>>>>> Best regards,
>>>>> ==Sas3==
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/d55d0b42/attachment-0001.html>

More information about the Owasp-board mailing list