[Owasp-board] Vote Request - OWASP Participation at RSA

Tobias tobias.gondrom at owasp.org
Tue Jan 7 00:42:41 UTC 2014


My vote is: Yes. OWASP shall terminate the co-marketing agreement with
RSA for RSA 2014.

My reasons are:

1. community feedback and discussion (there seems to be a significant
part of the community concerned about this) Note: I would have loved to
see an OWASP community poll on this before making this decision to get a
better feel for the wishes of our community, but acknowledge Michael's
request that we need to decide this urgently.

2. we have an alternative (as outlined in Sarah's email, BSides) that
can fulfil the goal equally.

3. I understand that there is a lot of uncertainty about RSA's level of
involvement. And I don't feel in a position to make a final judgement
about this. And as often with secrecy, we possibly never will be.
But in this case we don't have to have final judgement. The co-marketing
agreement is quite extensive and could be seen as active endorsement. To
follow such an agreement we would need to have a very high level of
confidence and trust in the other party. So already a reasonable shadow
of doubt is sufficient grounds, to distance OWASP in this case from a
very active co-marketing agreement with the company RSA, to avoid being
interpreted as an active endorsement of a commercial entity currently
under review. And we should abstain from actively endorsing RSA for the
time being, until all facts of the case have been properly examined
(note: not by us, as we are not an investigative body).

In addition to that:
I propose that OWASP should prepare and release a press release or
public statement that OWASP thinks weakening or undermining crypto is a
really bad idea. (I will be happy to assist with the preparation of the
text.) This press release shall advocate our general OWASP principles
and shall _not_ mention RSA, the RSA conference or any other company by
name. (personal note: btw. RSA should have no problem with such a press
release, as they officially deny any such activities...)

All the best, Tobias


Tobias Gondrom
Owasp Global Board





On 06/01/14 23:51, Michael Coates wrote:
> "OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
> This may place our training at risk, but if permitted we will still
> provide the free training at RSA and the OWASP speaking slot."
>
> Michael - Yes
> Tom -
> Tobias -
> Fabio -
> Josh - Yes
> Jim - abstain
> Eoin - abstain
>
>
>
>
>
> --
> Michael Coates
>
>
>
>
> On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
>     Same here, I can't vote, I believe as the class delivery and
>     material is mine and it would be a conflict.
>     I would be a "no" if I could.
>
>     Not sure why participation in an event requires a vote given other
>     events did not require such....
>
>     My view is based on 
>
>     1. community feeling, (it has split the community very strongly).
>
>     2. logic (we have somewhere else), and 
>
>     3. the goal (I don't care which roof the class is delivered under
>     as long as we teach many people and serve our mission). 
>
>
>     Eoin Keary
>     Owasp Global Board
>     +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>
>
>     On 6 Jan 2014, at 23:23, Jim Manico <jim.manico at owasp.org
>     <mailto:jim.manico at owasp.org>> wrote:
>
>>     I state conflict of interest here and cannot vote. But I
>>     certainly respect the boards opinion and am leaning towards "no"
>>     if I could vote.
>>
>>     --
>>     Jim Manico
>>     @Manicode
>>     (808) 652-3805 <tel:%28808%29%20652-3805>
>>
>>     On Jan 6, 2014, at 12:31 PM, Michael Coates
>>     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>>
>>>     Board,
>>>
>>>     I'd like to request a vote on OWASP's participation at RSA. I've
>>>     captured my position on the public OWASP thread.
>>>     http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html
>>>
>>>     Please provide any discussion to the vote or cast your vote.
>>>     Note that this is a time sensitive issue.
>>>
>>>
>>>     My vote request is as follows:
>>>
>>>     OWASP will terminate the co-marketing agreement with RSA for RSA
>>>     2014.
>>>     This may place our training at risk, but if permitted we will
>>>     still provide the free training at RSA and the OWASP speaking slot.
>>>
>>>     Board Votes:
>>>     Michael
>>>     Tom
>>>     Tobias
>>>     Fabio
>>>     Josh
>>>     Jim
>>>     Eoin
>>>
>>>
>>>
>>>     Note: Unrelated to the vote - we can still provide free training
>>>     at BSides too.
>>>
>>>
>>>     --
>>>     Michael Coates
>>>     Chair of OWASP Board
>>>     @_mwc
>>>
>>>     _______________________________________________
>>>     Owasp-board mailing list
>>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/a57991d9/attachment-0001.html>


More information about the Owasp-board mailing list