[Owasp-board] OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 21:59:39 UTC 2014


On 04/01/14 18:18, Eoin Keary wrote:
> To be clear, there was no recorded vote on this but a debate.
>
> I started the debate after reading about Mikko. (Even though I was
> delivering the training with Jim and it is my material).
>
> The majority of board of OWASP feels getting involved in politics is
> wrong and wanted to push ahead with the training.
>
> So if feelings are strong we need to vote on this ASAP? as leaders of
> OWASP. A formal board vote? Executive decision from Sarah, our
> executive director. 
>

If we have to make a decision about this as a community, I expect this
to be voted on by the board following the guidance and input from all
community members.

- Tobias


>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org
> <mailto:sastry.tumuluri at owasp.org>> wrote:
>
>> Friends,
>>
>> Please see the following full conversation on twitter: 
>> https://twitter.com/EoinKeary/status/419111748424454145
>>
>> Eoin Keary and Jim Manico (both OWASP board members) will be
>> presenting/conducting 4 hrs of free-of-cost AppSec training at the
>> RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board is
>> also said to be present. Apparently, this was discussed at the OWASP
>> board level; and the board has decided to go ahead, keeping in mind
>> the benefit to the attending developers.
>>
>> As you are aware, RSA is strongly suspected (we'll never be 100%
>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>> weakening of crypto products. RSA has issued a sort of a denial that
>> only deepens the mistrust. As a protest, many leading speakers are
>> cancelling their talks at the upcoming RSAC 2014. Among them are (to
>> my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>
>> At such a time, I am saddened by the OWASP board decision to support
>> RSAC by their presence. At a time when they had the opportunity to
>> let the world know how much they care for the Information Security
>> profession (esp., against weakening crypto); and how much they care
>> about the privacy of people (against NSA's unabashed spying on
>> Americans & non-Americans alike), the board has copped out using a
>> flimsy rationalization ("benefit of (a few) developers", many of who
>> would rethink their attendance had OWASP and more organizations
>> didn't blink!"). 
>>
>> I'm sure there was a heated debate. I'm sure all angles were
>> considered. However, this goes too deep for me to take it as "better
>> men than me have considered and decided". As a matter of my personal
>> values, if the situation doesn't change, I would no longer wish to
>> continue as the OWASP Chapter Lead. Please let me know if any of you
>> would like to take over from me. 
>>
>> I will also share my feelings with fellow chapter members at our next
>> chapter meeting on Jan 21st. Needless to say, no matter how things
>> go, I remain committed to the principles of our open and open-source
>> infosec community.
>>
>> Best regards,
>>
>> ==Sas3==
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/744d03c1/attachment.html>


More information about the Owasp-board mailing list