[Owasp-board] [Owasp-leaders] OWASP Board decision that I don't agree with

Dennis Groves dennis.groves at owasp.org
Sat Jan 4 20:49:13 UTC 2014


Indeed, everywhere I look on RSA's website it is heavily branded as OWASP.
The slides are currently branded as OWASP.  We are sending our board
members???

RSA are no better than criminals at this point; it is obvious why they want
the OWASP brand associated with their brand; why in the world do we want
our brand sullied by their less that above board reputation?

I am starting to disagree more and more with this, I just fail to see what
good for OWASP can come from lying down with a dog full of fleas.

Dennis


On Sat, Jan 4, 2014 at 1:26 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Thanks please keep letting us know your feelings on this.
>
> Id like to hear from our executive director and other board members also
> please?
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 19:59, Larry Conklin <larry.conklin at owasp.org> wrote:
>
> I totally support Eoin and Jim with Michael on giving free training at RSA
> convetion. Seems we have two very clear-cut issues at hand. In fact I want
> to thank then for being willing to take time away from their work, families
> in doing this.
>
>
>
> First issue is security training. In wake of the Target data breach, which
> I am caught up in, this should be OWASP first mission, “ disseminate
> security principles and information to everyone, especially software
> deveopers,CEO’s and CIO’s”. This is what they are doing. We should all get
> behind them and thank them for their willniess to do exactly this.
>
>
>
> Second issue is NSA issue. I realize the OWASP is an internation
> origazation. But the NSA issue is an American issue. Granted the resolution
> with be influenced by internation pressure and our own (American)
> political, judicial systems and (American and Internation) free enterprise
> capital markets. How that will work out I am unsure of. I can say with some
> certainity that the resolution will not to everyones satisfaction.
>
>
>
> The idea that saying something in front of an origanization like RSA is
> saying you fully support everything they do and say is without merit and an
> over reach. Working for BP Oil does not mean you favior private enterprise
> over environmental safety.
>
>
> Larry Conklin, CISSP
>
>
> On Sat, Jan 4, 2014 at 1:31 PM, John Wilander <john.wilander at owasp.org>wrote:
>
>> My personal view as a longtime community member …
>>
>> I would like OWASP to cancel the developer training and any other
>> official presence at this year's RSA Con.
>>
>> You might argue the NSA revelations are politics. I disagree. This is
>> technology, standards, research, business, and politics in a disastrous
>> cocktail. Global mass surveillance and weakened crypto are things we used
>> to talk about as worst case scenarios, remember? Others would call us
>> paranoids.
>>
>> Now we know. This is earthshakingly bad, at the core of what OWASP stands
>> for.
>>
>> Our brand is strong. We're independent, community-driven and global. This
>> is our chance to show we're better than RSA and our conference series OWASP
>> AppSec is a better place to give talks and meet peers.
>>
>> Don't support RSA until they come clean. Please.
>>
>> /John
>>
>> --
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>>
>> 4 jan 2014 kl. 19:42 skrev Eoin Keary <eoin.keary at owasp.org>:
>>
>> we are participating as OWASP.
>> OWASP was asked to do this initially by RSA.
>> Our material has no personal or company branding but OWASP branding.
>> Thanks for feedback.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 18:24, Abbas Naderi <abbas.naderi at owasp.org> wrote:
>>
>> I strongly support Sastry on this one.
>>
>> You might be participating as individuals, but people see you guys as the
>> OWASP Board, and that’s something that many of us don’t like to be the
>> image of OWASP.
>>
>> Thanks
>> -Abbas
>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>> To be clear, there was no recorded vote on this but a debate.
>>
>> I started the debate after reading about Mikko. (Even though I was
>> delivering the training with Jim and it is my material).
>>
>> The majority of board of OWASP feels getting involved in politics is
>> wrong and wanted to push ahead with the training.
>>
>> So if feelings are strong we need to vote on this ASAP? as leaders of
>> OWASP. A formal board vote? Executive decision from Sarah, our executive
>> director.
>>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org>
>> wrote:
>>
>> Friends,
>>
>> Please see the following full conversation on twitter:
>> https://twitter.com/EoinKeary/status/419111748424454145
>>
>> Eoin Keary and Jim Manico (both OWASP board members) will be
>> presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA
>> Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said
>> to be present. Apparently, this was discussed at the OWASP board level; and
>> the board has decided to go ahead, keeping in mind the benefit to the
>> attending developers.
>>
>> As you are aware, RSA is strongly suspected (we'll never be 100% sure,
>> I'm afraid) of being complicit with NSA in enabling fatal weakening of
>> crypto products. RSA has issued a sort of a denial that only deepens the
>> mistrust. As a protest, many leading speakers are cancelling their talks at
>> the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
>> Jeffrey Carr and Josh Thomas.
>>
>> At such a time, I am saddened by the OWASP board decision to support RSAC
>> by their presence. At a time when they had the opportunity to let the world
>> know how much they care for the Information Security profession (esp.,
>> against weakening crypto); and how much they care about the privacy of
>> people (against NSA's unabashed spying on Americans & non-Americans alike),
>> the board has copped out using a flimsy rationalization ("benefit of (a
>> few) developers", many of who would rethink their attendance had OWASP and
>> more organizations didn't blink!").
>>
>> I'm sure there was a heated debate. I'm sure all angles were considered.
>> However, this goes too deep for me to take it as "better men than me have
>> considered and decided". As a matter of my personal values, if the
>> situation doesn't change, I would no longer wish to continue as the OWASP
>> Chapter Lead. Please let me know if any of you would like to take over from
>> me.
>>
>> I will also share my feelings with fellow chapter members at our next
>> chapter meeting on Jan 21st. Needless to say, no matter how things go, I
>> remain committed to the principles of our open and open-source infosec
>> community.
>>
>> Best regards,
>>
>> ==Sas3==
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dennis Groves <http://about.me/dennis.groves>, MSc
Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
.
*This email is licensed under a CC BY-ND 3.0
<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
Stand up for your freedom to install free
software.<http://www.fsf.org/campaigns/secure-boot/statement>
Please do not send me Microsoft Office/Apple iWork documents.
Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!

<http://www.owasp.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/1ce3e8c1/attachment.html>


More information about the Owasp-board mailing list