[Owasp-board] (Final Results) Vote Request - OWASP Participation at RSA

Tobias tobias.gondrom at owasp.org
Tue Jan 7 23:37:03 UTC 2014


Dear Michael and fellow board members,

thank you for summarising the vote results.
As secretary, I note that we fulfilled the quorum and confirm and record
the results as such.
I note that two board members abstained from the vote to avoid potential
conflicts of interest as outlined in section 7.03 of the bylaws.
*
Vote Proposal:*

OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
This may place our training at risk, but if permitted we will still
provide the free training at RSA and the OWASP speaking slot.
(Yes/Affirm or No/Against)

*Vote Results:*

Michael - Yes
Tom - No
Tobias - Yes
Fabio - No
Josh - Yes
Jim - abstain
Eoin - abstain

*Result: *Vote Pass - 3 / 5 votes in favor*
**

**@Sarah:* could please you or one of your team enter the vote results
in our vote records
https://www.owasp.org/index.php/OWASP_Board_Votes
(And we should probably update the edit rights for this page to reflect
the new board secretary, as I can't make any entries.)


*@Chairman and Board:* and a procedural note in my role as secretary: in
this case we were in a hurry, but it would usually be advisable to have
some board consensus on the question or at least a second board member
supporting the question put to vote before starting the vote on it.
However in this case, time was extremely short, so this shortcut was
understandable.


Thank you and best regards, Tobias

(Board Member and Secretary of the Board)





On 07/01/14 22:53, Michael Coates wrote:
>
> *Here are the updated votes.
> *
> 3 Yes
> 2 No
> 2 Abstain*
>
> Result: *Vote Pass - 3 / 5 votes in favor*
> *
> *
> Vote Proposal:*
>
> OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
> This may place our training at risk, but if permitted we will still
> provide the free training at RSA and the OWASP speaking slot.
>
> *Vote Results:*
>
> Michael - Yes
> Tom - No
> Tobias - Yes
> Fabio - No
> Josh - Yes
> Jim - abstain
> Eoin - abstain
>
>
> *Next Steps:*
> Sarah will work with RSA to explore the details of canceling the
> co-marketing agreement and whether the OWASP training can still be
> provided.
>
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> On Tue, Jan 7, 2014 at 2:16 PM, Michael Coates
> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>
>     Tobias & Board,
>
>     Here are the updated votes.
>     We have 3 YES votes, 1 NO vote, 2 abstain and Fabio's vote is unclear.
>
>     This vote has quorum 6 of 7 board members vote recorded (Fabio's
>     vote pending) and a majority of the votes (3 of 5) voted in favor
>     of the measure. Unless there are any other comments we should move
>     forward with this finalized vote. Tobias, as Secretary any further
>     comments on this vote? Can you record the results?
>
>
>     *Vote Proposal:*
>
>     OWASP will terminate the co-marketing agreement with RSA for RSA
>     2014.
>     This may place our training at risk, but if permitted we will
>     still provide the free training at RSA and the OWASP speaking slot.
>
>     *Vote Results:*
>
>     Michael - Yes
>     Tom - No
>     Tobias - Yes
>     Fabio - clarification needed*
>
>     Josh - Yes
>     Jim - abstain
>     Eoin - abstain
>
>
>     From Fabio's email:
>     "But for the time being, my decision stands to go ahead as
>     planned." I'd interpret this as a NO to the proposal, but no vote
>     has been recorded until Fabio clarifies.
>
>
>     --
>     Michael Coates
>     @_mwc
>
>
>
>     On Tue, Jan 7, 2014 at 10:33 AM, Michael Coates
>     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>
>         Board,
>
>         Here is the current status of the vote:
>
>         Michael - Yes
>         Tom - No vote cast or opinion stated
>         Tobias - Yes
>         Fabio - clarification needed
>         Josh - Yes
>         Jim - abstain
>         Eoin - abstain
>
>
>
>
>
>
>         --
>         Michael Coates
>         @_mwc
>
>
>
>         On Tue, Jan 7, 2014 at 8:32 AM, Michael Coates
>         <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
>         wrote:
>
>             Fabio,
>
>             Thanks for your thoughts and reading through the thread of
>             discussion.
>
>             Can you clarify your position in regards to the proposed
>             vote? In addition to whether or not OWASP provides the
>             free training there is also the element of co-marketing
>             with RSA. Sarah provided all the details here
>             (http://lists.owasp.org/pipermail/owasp-board/2014-January/012876.html)
>
>             The proposed vote is to cancel the co-marketing contract
>             and, if possible, still provide the free training. This
>             specifically means OWASP would be at RSA; however, we
>             would not be engaging in any promotion of the event per
>             the contract outlined in Sarah's email.
>
>             Here is the exact wording proposed:
>
>
>             OWASP will terminate the co-marketing agreement with RSA
>             for RSA 2014.
>             This may place our training at risk, but if permitted we
>             will still provide the free training at RSA and the OWASP
>             speaking slot.
>
>
>
>             Thanks,
>             Michael
>
>
>
>
>
>
>             On Tue, Jan 7, 2014 at 6:23 AM, Fabio Cerullo
>             <fcerullo at owasp.org <mailto:fcerullo at owasp.org>> wrote:
>
>                 Hey guys
>
>                 Apologies for the silence in the last couple of days.
>                 It took me a while to read the whole thread and
>                 reviewing external sources as well while on the road.
>
>                 As Eoin's just stated below, we need to take an 'in or
>                 out' decision.
>
>                 Cancelling the contract but maybe delivering training
>                 is not an option.
>
>                 To his question "*Are we to support RSAC this year
>                 given the allegations?"*
>                 *
>                 *
>                 I would personally vote YES. My reasoning is as follows:
>
>                 - There is no concrete evidence about the allegations
>                 of a payout.
>                 - RSA is firmly refuting any accusations.
>                 - i still believe in the premise: "Innocent until
>                 proven guilty"
>
>                 I'm also monitoring the poll created by Simon to get a
>                 feel of the Community and there is no clear
>                 distinction between one opinion or the other. If the
>                 Community strongly believes we should pull out, and as
>                 a matter of principles, I might be inclined to change
>                 my decision and vote NO instead. But for the time
>                 being, my decision stands to go ahead as planned.
>
>                 In any case, if we (OWASP) are dropping our support
>                 and making an official statement about 'weaking crypto
>                 in products is bad' I would highly recommend for this
>                 document to be reviewed by a solicitor or qualified
>                 professional before making it public. I don't feel is
>                 OWASP position to accuse companies of any
>                 wrongdoings based on news articles or blog posts. 
>
>                 Regards
>                 Fabio
>
>
>
>
>                 El Tuesday, January 7, 2014, Eoin escribió:
>
>                     I am not voting but the topic that is up for vote
>                     is wrong in my opinion.
>
>                     Some media, people in general will see OWASP
>                     participation in RSA as negative, hence the debate.
>                     Cancelling a contract does not really cut it. its
>                     "window dressing."
>
>                     Either we  (OWASP) are engaging with RSAC or not,
>                     its that simple.
>
>                     Delivering anything at RSAC shall be interpreted
>                     as a sign of support, this is the root cause of
>                     the debate: *Are we to support RSAC this year
>                     given the allegations?* (contract is circumstantial).
>
>
>
>
>                     On 7 January 2014 00:42, Tobias
>                     <tobias.gondrom at owasp.org> wrote:
>
>                         My vote is: Yes. OWASP shall terminate the
>                         co-marketing agreement with RSA for RSA 2014.
>
>                         My reasons are:
>
>                         1. community feedback and discussion (there
>                         seems to be a significant part of the
>                         community concerned about this) Note: I would
>                         have loved to see an OWASP community poll on
>                         this before making this decision to get a
>                         better feel for the wishes of our community,
>                         but acknowledge Michael's request that we need
>                         to decide this urgently.
>
>                         2. we have an alternative (as outlined in
>                         Sarah's email, BSides) that can fulfil the
>                         goal equally.
>
>                         3. I understand that there is a lot of
>                         uncertainty about RSA's level of involvement.
>                         And I don't feel in a position to make a final
>                         judgement about this. And as often with
>                         secrecy, we possibly never will be.
>                         But in this case we don't have to have final
>                         judgement. The co-marketing agreement is quite
>                         extensive and could be seen as active
>                         endorsement. To follow such an agreement we
>                         would need to have a very high level of
>                         confidence and trust in the other party. So
>                         already a reasonable shadow of doubt is
>                         sufficient grounds, to distance OWASP in this
>                         case from a very active co-marketing agreement
>                         with the company RSA, to avoid being
>                         interpreted as an active endorsement of a
>                         commercial entity currently under review. And
>                         we should abstain from actively endorsing RSA
>                         for the time being, until all facts of the
>                         case have been properly examined (note: not by
>                         us, as we are not an investigative body).
>
>                         In addition to that:
>                         I propose that OWASP should prepare and
>                         release a press release or public statement
>                         that OWASP thinks weakening or undermining
>                         crypto is a really bad idea. (I will be happy
>                         to assist with the preparation of the text.)
>                         This press release shall advocate our general
>                         OWASP principles and shall _not_ mention RSA,
>                         the RSA conference or any other company by
>                         name. (personal note: btw. RSA should have no
>                         problem with such a press release, as they
>                         officially deny any such activities...)
>
>                         All the best, Tobias
>
>
>                         Tobias Gondrom
>                         Owasp Global Board
>
>
>
>
>
>
>                         On 06/01/14 23:51, Michael Coates wrote:
>>                         "OWASP will terminate the co-marketing
>>                         agreement with RSA for RSA 2014.
>>                         This may place our training at risk, but if
>>                         permitted we will still provide the free
>>                         training at RSA and the OWASP speaking slot."
>>
>>                         Michael - Yes
>>                         Tom -
>>                         Tobias -
>>                         Fabio -
>>                         Josh - Yes
>>                         Jim - abstain
>>                         Eoin - abstain
>>
>>
>>
>>
>>
>>                         --
>>                         Michael Coates
>>
>>
>>
>>
>>                         On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary
>>                         <eoin.keary at owasp.org> wrote:
>>
>>                             Same here, I can't vote, I believe as the
>>                             class delivery and material is mine and
>>                             it would be a conflict.
>>                             I would be a "no" if I could.
>>
>>                             Not sure why participation in an event
>>                             requires a vote given other events did
>>                             not require such....
>>
>>                             My view is based on 
>>
>>                             1.
>>
>                     -- 
>                     Eoin Keary
>                     OWASP Member
>                     https://twitter.com/EoinKeary
>
>
>                 _______________________________________________
>                 Owasp-board mailing list
>                 Owasp-board at lists.owasp.org
>                 <mailto:Owasp-board at lists.owasp.org>
>                 https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/533d0829/attachment-0001.html>


More information about the Owasp-board mailing list