[Owasp-board] OWASP Board decision that I don't agree with

Eoin Keary eoin.keary at owasp.org
Sat Jan 4 23:14:37 UTC 2014


Yep michael is delivering a section also tbd. 

We are happy to have many speakers. 

Asher Javed did it with us at RSA EU in November for example.




Eoin Keary
Owasp Global Board
+353 87 977 2988


On 4 Jan 2014, at 22:55, Tobias <tobias.gondrom at owasp.org> wrote:

> Michael is giving the training, too? 
> I thought it's only Jim and you (Eoin)?
> 
> *Scratch my head* about the conflict of interest: You are probably right. :-( 
> Which is very unfortunate as this decision can have a dimension that may imply an "OWASP statement" about RSA's actions - far beyond the simple scope of whether OWASP is paying for someone's trip to RSA. 
> It seems, if we do it, x people will read this as support for RSA's actions; and if we cancel, y people will read this as a statement of disapproval of RSA's actions. 
> 
> Best regards, Tobias
> 
> 
> Tobias Gondrom
> OWASP Global Board Member
> 
> 
> 
> On 04/01/14 22:24, Eoin Keary wrote:
>> Problem is, 3 of the board are actually delivering the class. So conflict of interest is there? So if vote is the way to go, id suggest we (3) abstain from the vote.
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 4 Jan 2014, at 21:59, Tobias <tobias.gondrom at owasp.org> wrote:
>> 
>>> On 04/01/14 18:18, Eoin Keary wrote:
>>>> To be clear, there was no recorded vote on this but a debate.
>>>> 
>>>> I started the debate after reading about Mikko. (Even though I was delivering the training with Jim and it is my material).
>>>> 
>>>> The majority of board of OWASP feels getting involved in politics is wrong and wanted to push ahead with the training.
>>>> 
>>>> So if feelings are strong we need to vote on this ASAP? as leaders of OWASP. A formal board vote? Executive decision from Sarah, our executive director. 
>>> 
>>> If we have to make a decision about this as a community, I expect this to be voted on by the board following the guidance and input from all community members. 
>>> 
>>> - Tobias
>>> 
>>> 
>>>> 
>>>> 
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>> 
>>>> 
>>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org> wrote:
>>>> 
>>>>> Friends,
>>>>> 
>>>>> Please see the following full conversation on twitter: 
>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>> 
>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said to be present. Apparently, this was discussed at the OWASP board level; and the board has decided to go ahead, keeping in mind the benefit to the attending                     developers.
>>>>> 
>>>>> As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm afraid) of being complicit with NSA in enabling fatal weakening of crypto products. RSA has issued a sort of a denial that only deepens the mistrust. As a protest, many leading speakers are cancelling their talks at the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>>> 
>>>>> At such a time, I am saddened by the OWASP board decision to                     support RSAC by their presence. At a time when they had the opportunity to let the world know how much they care for the Information Security profession (esp., against weakening crypto); and how much they care about the privacy of people (against NSA's unabashed spying on Americans & non-Americans alike), the board has copped out using a flimsy rationalization ("benefit of (a few) developers", many of who would rethink their attendance had OWASP and more organizations didn't blink!"). 
>>>>> 
>>>>> I'm sure there was a heated debate. I'm sure all angles were considered. However, this goes too deep for me to take it as "better men than me have considered and decided". As a matter of my personal values, if the situation doesn't change, I would no longer wish to continue as the OWASP Chapter Lead. Please let me know if any of you would like to take over from me. 
>>>>> 
>>>>> I will also share my feelings with fellow chapter members at our next chapter meeting on Jan 21st. Needless to say, no matter how things go, I remain committed to the principles of our open and open-source infosec community.
>>>>> 
>>>>> Best regards,
>>>>> 
>>>>> ==Sas3==
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140104/203a5dbc/attachment.html>


More information about the Owasp-board mailing list