[Owasp-board] Vote Request - OWASP Participation at RSA

Sarah Baso sarah.baso at owasp.org
Tue Jan 7 23:39:46 UTC 2014


Tobias -
Thanks for your offer to prepare a press release with a public statement
regarding OWASP principles & that we think weakening or undermining crypto
is a bad idea....

Would you start preparing something as a google doc and share it with the
rest of the board and myself for review?

Also, what is our timeline/goal for release?  Next week?  I can do this
through our OR newswire account when we are ready.

Thanks,

Sarah


On Mon, Jan 6, 2014 at 6:42 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  My vote is: Yes. OWASP shall terminate the co-marketing agreement with
> RSA for RSA 2014.
>
> My reasons are:
>
>  1. community feedback and discussion (there seems to be a significant
> part of the community concerned about this) Note: I would have loved to see
> an OWASP community poll on this before making this decision to get a better
> feel for the wishes of our community, but acknowledge Michael's request
> that we need to decide this urgently.
>
>  2. we have an alternative (as outlined in Sarah's email, BSides) that
> can fulfil the goal equally.
>
>  3. I understand that there is a lot of uncertainty about RSA's level of
> involvement. And I don't feel in a position to make a final judgement about
> this. And as often with secrecy, we possibly never will be.
> But in this case we don't have to have final judgement. The co-marketing
> agreement is quite extensive and could be seen as active endorsement. To
> follow such an agreement we would need to have a very high level of
> confidence and trust in the other party. So already a reasonable shadow of
> doubt is sufficient grounds, to distance OWASP in this case from a very
> active co-marketing agreement with the company RSA, to avoid being
> interpreted as an active endorsement of a commercial entity currently under
> review. And we should abstain from actively endorsing RSA for the time
> being, until all facts of the case have been properly examined (note: not
> by us, as we are not an investigative body).
>
> In addition to that:
> I propose that OWASP should prepare and release a press release or public
> statement that OWASP thinks weakening or undermining crypto is a really bad
> idea. (I will be happy to assist with the preparation of the text.) This
> press release shall advocate our general OWASP principles and shall _not_
> mention RSA, the RSA conference or any other company by name. (personal
> note: btw. RSA should have no problem with such a press release, as they
> officially deny any such activities...)
>
> All the best, Tobias
>
>
> Tobias Gondrom
> Owasp Global Board
>
>
>
>
>
>
> On 06/01/14 23:51, Michael Coates wrote:
>
>   "OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
> This may place our training at risk, but if permitted we will still
> provide the free training at RSA and the OWASP speaking slot."
>
>  Michael - Yes
> Tom -
> Tobias -
> Fabio -
> Josh - Yes
>  Jim - abstain
>  Eoin - abstain
>
>
>
>
>
> --
> Michael Coates
>
>
>
>
> On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>>  Same here, I can't vote, I believe as the class delivery and material
>> is mine and it would be a conflict.
>> I would be a "no" if I could.
>>
>>  Not sure why participation in an event requires a vote given other
>> events did not require such....
>>
>>  My view is based on
>>
>>  1. community feeling, (it has split the community very strongly).
>>
>>  2. logic (we have somewhere else), and
>>
>>  3. the goal (I don't care which roof the class is delivered under as
>> long as we teach many people and serve our mission).
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988 <%2B353%2087%20977%202988>
>>
>>
>> On 6 Jan 2014, at 23:23, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>   I state conflict of interest here and cannot vote. But I certainly
>> respect the boards opinion and am leaning towards "no" if I could vote.
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805 <%28808%29%20652-3805>
>>
>> On Jan 6, 2014, at 12:31 PM, Michael Coates <michael.coates at owasp.org>
>> wrote:
>>
>>    Board,
>>
>> I'd like to request a vote on OWASP's participation at RSA. I've captured
>> my position on the public OWASP thread.
>> http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html
>>
>> Please provide any discussion to the vote or cast your vote. Note that
>> this is a time sensitive issue.
>>
>>
>> My vote request is as follows:
>>
>>  OWASP will terminate the co-marketing agreement with RSA for RSA 2014.
>> This may place our training at risk, but if permitted we will still
>> provide the free training at RSA and the OWASP speaking slot.
>>
>>  Board Votes:
>>  Michael
>>  Tom
>>  Tobias
>>  Fabio
>>  Josh
>>  Jim
>> Eoin
>>
>>
>>
>>  Note: Unrelated to the vote - we can still provide free training at
>> BSides too.
>>
>>
>> --
>>    Michael Coates
>> Chair of OWASP Board
>> @_mwc
>>
>>       _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>   _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/03fa681b/attachment.html>


More information about the Owasp-board mailing list