[Owasp-board] Fwd: OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 23:04:51 UTC 2014


Jim, Eoin and Sarah,

it would have been nice for someone to mention that "the whole point is
to officially represent OWASP" when I sent the email on Dec-29 stating
the assumption that you are attending as individuals:
http://lists.owasp.org/pipermail/owasp-board/2014-January/012844.html

This does indeed change the perception of this. :-(

Best regards, Tobias



On 04/01/14 22:54, Eoin Keary wrote:
> +1
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 22:52, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
>> With respect, this is a RSA association slot. The whole point is to
>> officially represent OWASP at RSA....
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jan 4, 2014, at 7:53 AM, Tobias <tobias.gondrom at owasp.org
>> <mailto:tobias.gondrom at owasp.org>> wrote:
>>
>>> No. There was no vote.
>>>
>>> And to be clear, my understanding was that everyone would be
>>> attending as individuals and not as representatives of the board or
>>> OWASP.
>>>
>>> I am not quite sure how this perception came about. But we may have
>>> to take clarifying action.
>>> If other board members would concur, I would propose to make a
>>> simple statement that OWASP leaders and members speaking at the RSA
>>> conference do so as individuals and not in their function as
>>> representatives of OWASP.
>>>
>>> Best regards, Tobias
>>>
>>>
>>> OWASP Global Board Member and Secretary of the Board
>>>
>>>
>>>
>>>
>>> On 04/01/14 17:39, Tom Brennan - OWASP wrote:
>>>> There was a vote ?
>>>>
>>>> On Jan 4, 2014, at 12:31 PM, Eoin Keary <eoin.keary at owasp.org
>>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>>
>>>>> Many negative tweets re RSA an OWASP. (below).
>>>>> As I brought this up already, are we sure we are making the right
>>>>> decision by pushing forward with this?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> *From:* Sastry Tumuluri <sastry.tumuluri at owasp.org
>>>>>> <mailto:sastry.tumuluri at owasp.org>>
>>>>>> *Date:* 4 January 2014 16:48:50 GMT
>>>>>> *To:* "Kanwal Singh (WebMentors)" <kanwalsb at gmail.com
>>>>>> <mailto:kanwalsb at gmail.com>>, Ravdeep Sodhi
>>>>>> <ravdeep.sodhi at ecoretechnos.com
>>>>>> <mailto:ravdeep.sodhi at ecoretechnos.com>>, "Nishant Johar (EMOBX)"
>>>>>> <nj at emobx.com <mailto:nj at emobx.com>>, Rochak Chauhan
>>>>>> <rochak.chauhan at owasp.org <mailto:rochak.chauhan at owasp.org>>
>>>>>> *Cc:* "Jim Manico (OWASP)" <jim.manico at owasp.org
>>>>>> <mailto:jim.manico at owasp.org>>, "Eoin Keary (OWASP)"
>>>>>> <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>>>>>> *Subject:* *OWASP Board decision that I don't agree with*
>>>>>>
>>>>>> Friends,
>>>>>>
>>>>>> Please see the following full conversation on twitter: 
>>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>
>>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at
>>>>>> the RSA Conference, 2014. Michael Coates, Chairman of the OWASP
>>>>>> Board is also said to be present. Apparently, this was discussed
>>>>>> at the OWASP board level; and the board has decided to go ahead,
>>>>>> keeping in mind the benefit to the attending developers.
>>>>>>
>>>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>>>> that only deepens the mistrust. As a protest, many leading
>>>>>> speakers are cancelling their talks at the upcoming RSAC 2014.
>>>>>> Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and
>>>>>> Josh Thomas.
>>>>>>
>>>>>> At such a time, I am saddened by the OWASP board decision to
>>>>>> support RSAC by their presence. At a time when they had the
>>>>>> opportunity to let the world know how much they care for the
>>>>>> Information Security profession (esp., against weakening crypto);
>>>>>> and how much they care about the privacy of people (against NSA's
>>>>>> unabashed spying on Americans & non-Americans alike), the board
>>>>>> has copped out using a flimsy rationalization ("benefit of (a
>>>>>> few) developers", many of who would rethink their attendance had
>>>>>> OWASP and more organizations didn't blink!"). 
>>>>>>
>>>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>>>> considered. However, this goes too deep for me to take it as
>>>>>> "better men than me have considered and decided". As a matter of
>>>>>> my personal values, if the situation doesn't change, I would no
>>>>>> longer wish to continue as the OWASP Chapter Lead. Please let me
>>>>>> know if any of you would like to take over from me. 
>>>>>>
>>>>>> I will also share my feelings with fellow chapter members at our
>>>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>>>> things go, I remain committed to the principles of our open and
>>>>>> open-source infosec community.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> ==Sas3==
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/0c9a4f2a/attachment.html>


More information about the Owasp-board mailing list