[Owasp-board] Vote Request - OWASP Participation at RSA

Tobias tobias.gondrom at owasp.org
Tue Jan 7 14:47:44 UTC 2014


Just to clarify:

I would agree with Eoin in that I was not totally happy with Michael's
vote question either, but as time is of the essence, I voted according
to the question posed.

And to be fair, if we withdraw from the co-marketing agreement, the
training question may no longer be required anyway.

All the best, Tobias



On 07/01/14 10:08, Eoin wrote:
> I am not voting but the topic that is up for vote is wrong in my opinion.
>
> Some media, people in general will see OWASP participation in RSA as
> negative, hence the debate.
> Cancelling a contract does not really cut it. its "window dressing."
>
> Either we  (OWASP) are engaging with RSAC or not, its that simple.
>
> Delivering anything at RSAC shall be interpreted as a sign of support,
> this is the root cause of the debate: *Are we to support RSAC this
> year given the allegations?* (contract is circumstantial).
>
>
>
>
> On 7 January 2014 00:42, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     My vote is: Yes. OWASP shall terminate the co-marketing agreement
>     with RSA for RSA 2014.
>
>     My reasons are:
>
>     1. community feedback and discussion (there seems to be a
>     significant part of the community concerned about this) Note: I
>     would have loved to see an OWASP community poll on this before
>     making this decision to get a better feel for the wishes of our
>     community, but acknowledge Michael's request that we need to
>     decide this urgently.
>
>     2. we have an alternative (as outlined in Sarah's email, BSides)
>     that can fulfil the goal equally.
>
>     3. I understand that there is a lot of uncertainty about RSA's
>     level of involvement. And I don't feel in a position to make a
>     final judgement about this. And as often with secrecy, we possibly
>     never will be.
>     But in this case we don't have to have final judgement. The
>     co-marketing agreement is quite extensive and could be seen as
>     active endorsement. To follow such an agreement we would need to
>     have a very high level of confidence and trust in the other party.
>     So already a reasonable shadow of doubt is sufficient grounds, to
>     distance OWASP in this case from a very active co-marketing
>     agreement with the company RSA, to avoid being interpreted as an
>     active endorsement of a commercial entity currently under review.
>     And we should abstain from actively endorsing RSA for the time
>     being, until all facts of the case have been properly examined
>     (note: not by us, as we are not an investigative body).
>
>     In addition to that:
>     I propose that OWASP should prepare and release a press release or
>     public statement that OWASP thinks weakening or undermining crypto
>     is a really bad idea. (I will be happy to assist with the
>     preparation of the text.) This press release shall advocate our
>     general OWASP principles and shall _not_ mention RSA, the RSA
>     conference or any other company by name. (personal note: btw. RSA
>     should have no problem with such a press release, as they
>     officially deny any such activities...)
>
>     All the best, Tobias
>
>
>     Tobias Gondrom
>     Owasp Global Board
>
>
>
>
>
>
>     On 06/01/14 23:51, Michael Coates wrote:
>>     "OWASP will terminate the co-marketing agreement with RSA for RSA
>>     2014.
>>     This may place our training at risk, but if permitted we will
>>     still provide the free training at RSA and the OWASP speaking slot."
>>
>>     Michael - Yes
>>     Tom -
>>     Tobias -
>>     Fabio -
>>     Josh - Yes
>>     Jim - abstain
>>     Eoin - abstain
>>
>>
>>
>>
>>
>>     --
>>     Michael Coates
>>
>>
>>
>>
>>     On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary <eoin.keary at owasp.org
>>     <mailto:eoin.keary at owasp.org>> wrote:
>>
>>         Same here, I can't vote, I believe as the class delivery and
>>         material is mine and it would be a conflict.
>>         I would be a "no" if I could.
>>
>>         Not sure why participation in an event requires a vote given
>>         other events did not require such....
>>
>>         My view is based on 
>>
>>         1. community feeling, (it has split the community very strongly).
>>
>>         2. logic (we have somewhere else), and 
>>
>>         3. the goal (I don't care which roof the class is delivered
>>         under as long as we teach many people and serve our mission). 
>>
>>
>>         Eoin Keary
>>         Owasp Global Board
>>         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>
>>
>>         On 6 Jan 2014, at 23:23, Jim Manico <jim.manico at owasp.org
>>         <mailto:jim.manico at owasp.org>> wrote:
>>
>>>         I state conflict of interest here and cannot vote. But I
>>>         certainly respect the boards opinion and am leaning towards
>>>         "no" if I could vote.
>>>
>>>         --
>>>         Jim Manico
>>>         @Manicode
>>>         (808) 652-3805 <tel:%28808%29%20652-3805>
>>>
>>>         On Jan 6, 2014, at 12:31 PM, Michael Coates
>>>         <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
>>>         wrote:
>>>
>>>>         Board,
>>>>
>>>>         I'd like to request a vote on OWASP's participation at RSA.
>>>>         I've captured my position on the public OWASP thread.
>>>>         http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html
>>>>
>>>>         Please provide any discussion to the vote or cast your
>>>>         vote. Note that this is a time sensitive issue.
>>>>
>>>>
>>>>         My vote request is as follows:
>>>>
>>>>         OWASP will terminate the co-marketing agreement with RSA
>>>>         for RSA 2014.
>>>>         This may place our training at risk, but if permitted we
>>>>         will still provide the free training at RSA and the OWASP
>>>>         speaking slot.
>>>>
>>>>         Board Votes:
>>>>         Michael
>>>>         Tom
>>>>         Tobias
>>>>         Fabio
>>>>         Josh
>>>>         Jim
>>>>         Eoin
>>>>
>>>>
>>>>
>>>>         Note: Unrelated to the vote - we can still provide free
>>>>         training at BSides too.
>>>>
>>>>
>>>>         --
>>>>         Michael Coates
>>>>         Chair of OWASP Board
>>>>         @_mwc
>>>>
>>>>         _______________________________________________
>>>>         Owasp-board mailing list
>>>>         Owasp-board at lists.owasp.org
>>>>         <mailto:Owasp-board at lists.owasp.org>
>>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>         _______________________________________________
>>>         Owasp-board mailing list
>>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> -- 
> Eoin Keary
> OWASP Member
> https://twitter.com/EoinKeary
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/5bbb928e/attachment-0001.html>


More information about the Owasp-board mailing list