[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Jim Manico jim.manico at owasp.org
Sat Jan 4 22:52:45 UTC 2014

With respect, this is a RSA association slot. The whole point is to
officially represent OWASP at RSA....

Jim Manico
(808) 652-3805

On Jan 4, 2014, at 7:53 AM, Tobias <tobias.gondrom at owasp.org> wrote:

 No. There was no vote.

And to be clear, my understanding was that everyone would be attending as
individuals and not as representatives of the board or OWASP.

I am not quite sure how this perception came about. But we may have to take
clarifying action.
If other board members would concur, I would propose to make a simple
statement that OWASP leaders and members speaking at the RSA conference do
so as individuals and not in their function as representatives of OWASP.

Best regards, Tobias

OWASP Global Board Member and Secretary of the Board

On 04/01/14 17:39, Tom Brennan - OWASP wrote:

 There was a vote ?

On Jan 4, 2014, at 12:31 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

  Many negative tweets re RSA an OWASP. (below).
As I brought this up already, are we sure we are making the right decision
by pushing forward with this?

Eoin Keary
Owasp Global Board
+353 87 977 2988

Begin forwarded message:

 *From:* Sastry Tumuluri <sastry.tumuluri at owasp.org>
*Date:* 4 January 2014 16:48:50 GMT
*To:* "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com>, Ravdeep Sodhi <
ravdeep.sodhi at ecoretechnos.com>, "Nishant Johar (EMOBX)" <nj at emobx.com>,
Rochak Chauhan <rochak.chauhan at owasp.org>
*Cc:* "Jim Manico (OWASP)" <jim.manico at owasp.org>, "Eoin Keary (OWASP)" <
eoin.keary at owasp.org>
*Subject:* *OWASP Board decision that I don't agree with*


 Please see the following full conversation on twitter:

 Eoin Keary and Jim Manico (both OWASP board members) will be
presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA
Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said
to be present. Apparently, this was discussed at the OWASP board level; and
the board has decided to go ahead, keeping in mind the benefit to the
attending developers.

 As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm
afraid) of being complicit with NSA in enabling fatal weakening of crypto
products. RSA has issued a sort of a denial that only deepens the mistrust.
As a protest, many leading speakers are cancelling their talks at the
upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
Jeffrey Carr and Josh Thomas.

 At such a time, I am saddened by the OWASP board decision to support RSAC
by their presence. At a time when they had the opportunity to let the world
know how much they care for the Information Security profession (esp.,
against weakening crypto); and how much they care about the privacy of
people (against NSA's unabashed spying on Americans & non-Americans alike),
the board has copped out using a flimsy rationalization ("benefit of (a
few) developers", many of who would rethink their attendance had OWASP and
more organizations didn't blink!").

 I'm sure there was a heated debate. I'm sure all angles were considered.
However, this goes too deep for me to take it as "better men than me have
considered and decided". As a matter of my personal values, if the
situation doesn't change, I would no longer wish to continue as the OWASP
Chapter Lead. Please let me know if any of you would like to take over from

 I will also share my feelings with fellow chapter members at our next
chapter meeting on Jan 21st. Needless to say, no matter how things go, I
remain committed to the principles of our open and open-source infosec

 Best regards,


Owasp-board mailing list
Owasp-board at lists.owasp.org

Owasp-board mailing
listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/88bef56e/attachment-0001.html>

More information about the Owasp-board mailing list