[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Jim Manico jim.manico at owasp.org
Sat Jan 4 22:51:32 UTC 2014

I'm voting a weak "yes" right now, but if the board voted to abort RSA I
would respect that decision.

Jim Manico
(808) 652-3805

On Jan 4, 2014, at 7:31 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

Many negative tweets re RSA an OWASP. (below).
As I brought this up already, are we sure we are making the right decision
by pushing forward with this?

Eoin Keary
Owasp Global Board
+353 87 977 2988

Begin forwarded message:

*From:* Sastry Tumuluri <sastry.tumuluri at owasp.org>
*Date:* 4 January 2014 16:48:50 GMT
*To:* "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com>, Ravdeep Sodhi <
ravdeep.sodhi at ecoretechnos.com>, "Nishant Johar (EMOBX)" <nj at emobx.com>,
Rochak Chauhan <rochak.chauhan at owasp.org>
*Cc:* "Jim Manico (OWASP)" <jim.manico at owasp.org>, "Eoin Keary (OWASP)" <
eoin.keary at owasp.org>
*Subject:* *OWASP Board decision that I don't agree with*


Please see the following full conversation on twitter:

Eoin Keary and Jim Manico (both OWASP board members) will be
presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA
Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said
to be present. Apparently, this was discussed at the OWASP board level; and
the board has decided to go ahead, keeping in mind the benefit to the
attending developers.

As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm
afraid) of being complicit with NSA in enabling fatal weakening of crypto
products. RSA has issued a sort of a denial that only deepens the mistrust.
As a protest, many leading speakers are cancelling their talks at the
upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
Jeffrey Carr and Josh Thomas.

At such a time, I am saddened by the OWASP board decision to support RSAC
by their presence. At a time when they had the opportunity to let the world
know how much they care for the Information Security profession (esp.,
against weakening crypto); and how much they care about the privacy of
people (against NSA's unabashed spying on Americans & non-Americans alike),
the board has copped out using a flimsy rationalization ("benefit of (a
few) developers", many of who would rethink their attendance had OWASP and
more organizations didn't blink!").

I'm sure there was a heated debate. I'm sure all angles were considered.
However, this goes too deep for me to take it as "better men than me have
considered and decided". As a matter of my personal values, if the
situation doesn't change, I would no longer wish to continue as the OWASP
Chapter Lead. Please let me know if any of you would like to take over from

I will also share my feelings with fellow chapter members at our next
chapter meeting on Jan 21st. Needless to say, no matter how things go, I
remain committed to the principles of our open and open-source infosec

Best regards,


Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/1a8c0718/attachment.html>

More information about the Owasp-board mailing list