[Owasp-board] Vote Request - OWASP Participation at RSA

Tom Brennan - OWASP tomb at owasp.org
Tue Jan 7 23:43:43 UTC 2014


+1

> On Jan 7, 2014, at 5:48 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
> 
> Michael
> 
> I would vote NOT to terminate the agreement and training.
> 
> There is not enough evidence to make any judgements about RSA.
> 
> Regards
> Fabio
> 
> El Tuesday, January 7, 2014, Michael Coates escribió:
>> Sure, the email thread and Simon's poll are all different perspectives and thoughts. There is no direct mapping between these items and the various options forward. I'm very happy to see the large discussion and many people's views.
>> 
>> In the end easy decisions are easy - this is not one of those scenarios. After weighing all the information it's our job on the board to determine the difficult decision we believe is best for OWASP.
>> 
>> One view of this current situation, as you put it, is an all or nothing view. I believe this was, for the most part, the discussion until the co-marketing agreement entered into play. We now have the additional variable to consider. I won't restate my views (it's long and archived on the leaders thread). But, in short, I believe we should train at RSA and at any other venue that we can. I believe we should pause on co-marketing until all facts come to light.
>> 
>> Without any board vote we would consider along the previous path - RSA training and the terms of the co-marketing agreement.
>> 
>> However, if we pass a vote we'll update our path accordingly. 
>> 
>> 
>> 
>> 
>> --
>> Michael Coates
>> @_mwc
>> 
>> 
>> 
>> On Tue, Jan 7, 2014 at 9:07 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Hi Michael, 
>> Man, this board member stuff can be difficult!!
>> 
>> The email thread or peoples views do not distinguish between contract or presence at the event IMHO.
>> 
>> I think the argument, be it right or wrong is; "should OWASP be involved with the RSA event or not."
>> 
>> That's just my interpretation of the discussion.
>> 
>> Again, id like to present the class to 200 developers regardless of venue which is the important aspect of this discussion for me.
>> 
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>>> On 7 Jan 2014, at 16:25, Michael Coates <michael.coates at owasp.org> wrote:
>>> 
>>> Eoin,
>>> 
>>> Correct. Some people see participating as the right choice, some people see canceling as the right choice, and we have the element of co-marketing in the mix too.
>>> 
>>> The vote that I proposed is to cancel the co-marketing and participate if possible. I support participating. I don't support co-marketing at this time until the details of the accusations are cleared up.
>>> 
>>> -Michael
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On Tue, Jan 7, 2014 at 2:08 AM, Eoin <eoin.keary at owasp.org> wrote:
>>> I am not voting but the topic that is up for vote is wrong in my opinion.
>>> 
>>> Some media, people in general will see OWASP participation in RSA as negative, hence the debate.
>>> Cancelling a contract does not really cut it. its "window dressing."
>>> 
>>> Either we  (OWASP) are engaging with RSAC or not, its that simple.
>>> 
>>> Delivering anything at RSAC shall be interpreted as a sign of support, this is the root cause of the debate: Are we to support RSAC this year given the allegations? (contract is circumstantial).
>>> 
>>> 
>>> 
>>> 
>>> On 7 January 2014 00:42, Tobias <tobias.gondrom at owasp.org> wrote:
>>> My vote is: Yes. OWASP shall terminate the co-marketing agreement with RSA for RSA 2014. 
>>> 
>>> My reasons are: 
>>> 
>>> 1. community feedback and discussion (there seems to be a significant part of the community concerned about this) Note: I would have loved to see an OWASP community poll on this before making this decision to get a better feel for the wishes of our community, but acknowledge Michael's request that we need to decide this urgently. 
>>> 
>>> 2. we have an alternative (as outlined in Sarah's email, BSides) that can fulfil the goal equally. 
>>> 
>>> 3. I understand that there is a lot of uncertainty about RSA's level of involvement. And I don't feel in a position to make a final judgement about this. And as often with secrecy, we possibly never will be. 
>>> But in this case we don't have to have final judgement. The co-marketing agreement is quite extensive and could be seen as active endorsement. To follow such an agreement we would need to have a very high level of confidence and trust in the other party. So already a reasonable shadow of doubt is sufficient grounds, to distance OWASP in this case from a very active co-marketing agreement with the company RSA, to avoid being interpreted as an active endorsement of a commercial entity currently under review. And we should abstain from actively endorsing RSA for the time being, until all facts of the case have been properly examined
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/8ed98017/attachment-0001.html>


More information about the Owasp-board mailing list