[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 21:54:48 UTC 2014


Eoin,

I made three observations which you answered with a general "this is not
correct".
Could you please specify which of the three you claim to be not correct?
a) that there was a short exchange of about 12 emails exchanged on the topic
b) there was no vote and no agreement recorded in favour of OWASP as an
org doing this.
c) that I stated my understanding was that Jim and Eoin are making the
decision to go to RSA as individuals.

And on a personal question out of curiosity:
You mentioned that "training material is freely available on the web
donated by him and myself".
Would you mind to point me to where it is. Would love to take a look.
And potentially in which form it was donated? Is it a free license so it
could be incorporated into other OWASP training material projects?

Best regards, Tobias


On 04/01/14 20:11, Eoin Keary wrote:
> Tobias, this is not correct. The original request was to OWASP,
> Sarah/Kelly can clarify.
>
> Our material is OWASP branded with no commercial reference and is not
> part of any OWASP project such as the top 10.
>
> There was no vote but the consensus was to stay away from politics
> after I mentioned mikkos cancellation and proceed with the training.
>
> The training material is not the result of a project but our own work.
> The training material is freely available on the web donated by him
> and myself. 
>
>  
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 19:01, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>> Eoin,
>>
>> to be clear on a few details:
>> - to my attention there was a short exchange of about 12 emails (some
>> off and some on the board mailing-list).
>> - there was no vote and no agreement recorded in favour of OWASP as
>> an org doing this.
>> - in fact, in the email exchange (unfortunately offlist, following
>> someone else move the thread offlist), I clearly stated my
>> understanding was that Jim and Eoin are making the decision to go to
>> RSA as individuals. (my email was on Dec-29). And that therefore it
>> was their decision whether they want to go there or not. And I can
>> not recall that this was contradicted at any time.
>>
>> Best regards, Tobias
>>
>>
>> Ps.: The branding of the material is not relevant for this. In
>> principle all OWASP material can be used freely by anybody. That does
>> not imply that our organisation as a whole does sanction or support
>> any specific company.
>> E.g. anyone can use the OWASP Top-10 presentation (with the OWASP
>> branding) and present it at RSA or the next NSA conference for that
>> matter.
>>
>>
>>
>>
>> On 04/01/14 18:10, Eoin Keary wrote:
>>> Sorry tobias,
>>>
>>> But we are delivering the training as OWASP.
>>> OWASP was approached by RSA.
>>> Our material is non commercial branded and branded with OWASP,
>>> donated by Jim and Myself.
>>>
>>> There was no vote but a debate started by myself which landed firmly
>>> in favour of going ahead with it.
>>>
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 4 Jan 2014, at 17:53, Tobias <tobias.gondrom at owasp.org
>>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>>
>>>> No. There was no vote.
>>>>
>>>> And to be clear, my understanding was that everyone would be
>>>> attending as individuals and not as representatives of the board or
>>>> OWASP.
>>>>
>>>> I am not quite sure how this perception came about. But we may have
>>>> to take clarifying action.
>>>> If other board members would concur, I would propose to make a
>>>> simple statement that OWASP leaders and members speaking at the RSA
>>>> conference do so as individuals and not in their function as
>>>> representatives of OWASP.
>>>>
>>>> Best regards, Tobias
>>>>
>>>>
>>>> OWASP Global Board Member and Secretary of the Board
>>>>
>>>>
>>>>
>>>>
>>>> On 04/01/14 17:39, Tom Brennan - OWASP wrote:
>>>>> There was a vote ?
>>>>>
>>>>> On Jan 4, 2014, at 12:31 PM, Eoin Keary <eoin.keary at owasp.org
>>>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>>>
>>>>>> Many negative tweets re RSA an OWASP. (below).
>>>>>> As I brought this up already, are we sure we are making the right
>>>>>> decision by pushing forward with this?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Eoin Keary
>>>>>> Owasp Global Board
>>>>>> +353 87 977 2988
>>>>>>
>>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>>> *From:* Sastry Tumuluri <sastry.tumuluri at owasp.org
>>>>>>> <mailto:sastry.tumuluri at owasp.org>>
>>>>>>> *Date:* 4 January 2014 16:48:50 GMT
>>>>>>> *To:* "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com
>>>>>>> <mailto:kanwalsb at gmail.com>>, Ravdeep Sodhi
>>>>>>> <ravdeep.sodhi at ecoretechnos.com
>>>>>>> <mailto:ravdeep.sodhi at ecoretechnos.com>>, "Nishant Johar
>>>>>>> (EMOBX)" <nj at emobx.com <mailto:nj at emobx.com>>, Rochak Chauhan
>>>>>>> <rochak.chauhan at owasp.org <mailto:rochak.chauhan at owasp.org>>
>>>>>>> *Cc:* "Jim Manico (OWASP)" <jim.manico at owasp.org
>>>>>>> <mailto:jim.manico at owasp.org>>, "Eoin Keary (OWASP)"
>>>>>>> <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>>>>>>> *Subject:* *OWASP Board decision that I don't agree with*
>>>>>>>
>>>>>>> Friends,
>>>>>>>
>>>>>>> Please see the following full conversation on twitter: 
>>>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>>
>>>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at
>>>>>>> the RSA Conference, 2014. Michael Coates, Chairman of the OWASP
>>>>>>> Board is also said to be present. Apparently, this was discussed
>>>>>>> at the OWASP board level; and the board has decided to go ahead,
>>>>>>> keeping in mind the benefit to the attending developers.
>>>>>>>
>>>>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>>>>> that only deepens the mistrust. As a protest, many leading
>>>>>>> speakers are cancelling their talks at the upcoming RSAC 2014.
>>>>>>> Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr
>>>>>>> and Josh Thomas.
>>>>>>>
>>>>>>> At such a time, I am saddened by the OWASP board decision to
>>>>>>> support RSAC by their presence. At a time when they had the
>>>>>>> opportunity to let the world know how much they care for the
>>>>>>> Information Security profession (esp., against weakening
>>>>>>> crypto); and how much they care about the privacy of people
>>>>>>> (against NSA's unabashed spying on Americans & non-Americans
>>>>>>> alike), the board has copped out using a flimsy rationalization
>>>>>>> ("benefit of (a few) developers", many of who would rethink
>>>>>>> their attendance had OWASP and more organizations didn't blink!"). 
>>>>>>>
>>>>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>>>>> considered. However, this goes too deep for me to take it as
>>>>>>> "better men than me have considered and decided". As a matter of
>>>>>>> my personal values, if the situation doesn't change, I would no
>>>>>>> longer wish to continue as the OWASP Chapter Lead. Please let me
>>>>>>> know if any of you would like to take over from me. 
>>>>>>>
>>>>>>> I will also share my feelings with fellow chapter members at our
>>>>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>>>>> things go, I remain committed to the principles of our open and
>>>>>>> open-source infosec community.
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> ==Sas3==
>>>>>> _______________________________________________
>>>>>> Owasp-board mailing list
>>>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/b8fa5fd1/attachment-0001.html>


More information about the Owasp-board mailing list