[Owasp-board] press release (was: Vote Request - OWASP Participation at RSA)

Tobias tobias.gondrom at owasp.org
Tue Jan 7 23:48:50 UTC 2014


Sarah,

will be my pleasure.
Please give me one or two days to write it up and let my PA check my
spelling.
And will upload it as Google Doc.
Then you and the board need to have some time (3-7 days?) to review,
edit and finalise it.
Then my recommendation would be to put it for 3-5 days towards the
leaders and governance list to confirm, though by then we should have
done our very best so that no more edits are needed.

So I would expect a release in maybe 20 days. Unless you see the need
for a hurry?

What do you think?

Thanks and all the best, Tobias


On 07/01/14 23:39, Sarah Baso wrote:
> Tobias -
> Thanks for your offer to prepare a press release with a public
> statement regarding OWASP principles & that we think weakening or
> undermining crypto is a bad idea....
>
> Would you start preparing something as a google doc and share it with
> the rest of the board and myself for review?
>
> Also, what is our timeline/goal for release?  Next week?  I can do
> this through our OR newswire account when we are ready.
>
> Thanks,
>
> Sarah
>
>
> On Mon, Jan 6, 2014 at 6:42 PM, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     My vote is: Yes. OWASP shall terminate the co-marketing agreement
>     with RSA for RSA 2014.
>
>     My reasons are:
>
>     1. community feedback and discussion (there seems to be a
>     significant part of the community concerned about this) Note: I
>     would have loved to see an OWASP community poll on this before
>     making this decision to get a better feel for the wishes of our
>     community, but acknowledge Michael's request that we need to
>     decide this urgently.
>
>     2. we have an alternative (as outlined in Sarah's email, BSides)
>     that can fulfil the goal equally.
>
>     3. I understand that there is a lot of uncertainty about RSA's
>     level of involvement. And I don't feel in a position to make a
>     final judgement about this. And as often with secrecy, we possibly
>     never will be.
>     But in this case we don't have to have final judgement. The
>     co-marketing agreement is quite extensive and could be seen as
>     active endorsement. To follow such an agreement we would need to
>     have a very high level of confidence and trust in the other party.
>     So already a reasonable shadow of doubt is sufficient grounds, to
>     distance OWASP in this case from a very active co-marketing
>     agreement with the company RSA, to avoid being interpreted as an
>     active endorsement of a commercial entity currently under review.
>     And we should abstain from actively endorsing RSA for the time
>     being, until all facts of the case have been properly examined
>     (note: not by us, as we are not an investigative body).
>
>     In addition to that:
>     I propose that OWASP should prepare and release a press release or
>     public statement that OWASP thinks weakening or undermining crypto
>     is a really bad idea. (I will be happy to assist with the
>     preparation of the text.) This press release shall advocate our
>     general OWASP principles and shall _not_ mention RSA, the RSA
>     conference or any other company by name. (personal note: btw. RSA
>     should have no problem with such a press release, as they
>     officially deny any such activities...)
>
>     All the best, Tobias
>
>
>     Tobias Gondrom
>     Owasp Global Board
>
>
>
>
>
>
>     On 06/01/14 23:51, Michael Coates wrote:
>>     "OWASP will terminate the co-marketing agreement with RSA for RSA
>>     2014.
>>     This may place our training at risk, but if permitted we will
>>     still provide the free training at RSA and the OWASP speaking slot."
>>
>>     Michael - Yes
>>     Tom -
>>     Tobias -
>>     Fabio -
>>     Josh - Yes
>>     Jim - abstain
>>     Eoin - abstain
>>
>>
>>
>>
>>
>>     --
>>     Michael Coates
>>
>>
>>
>>
>>     On Mon, Jan 6, 2014 at 3:47 PM, Eoin Keary <eoin.keary at owasp.org
>>     <mailto:eoin.keary at owasp.org>> wrote:
>>
>>         Same here, I can't vote, I believe as the class delivery and
>>         material is mine and it would be a conflict.
>>         I would be a "no" if I could.
>>
>>         Not sure why participation in an event requires a vote given
>>         other events did not require such....
>>
>>         My view is based on 
>>
>>         1. community feeling, (it has split the community very strongly).
>>
>>         2. logic (we have somewhere else), and 
>>
>>         3. the goal (I don't care which roof the class is delivered
>>         under as long as we teach many people and serve our mission). 
>>
>>
>>         Eoin Keary
>>         Owasp Global Board
>>         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>
>>
>>         On 6 Jan 2014, at 23:23, Jim Manico <jim.manico at owasp.org
>>         <mailto:jim.manico at owasp.org>> wrote:
>>
>>>         I state conflict of interest here and cannot vote. But I
>>>         certainly respect the boards opinion and am leaning towards
>>>         "no" if I could vote.
>>>
>>>         --
>>>         Jim Manico
>>>         @Manicode
>>>         (808) 652-3805 <tel:%28808%29%20652-3805>
>>>
>>>         On Jan 6, 2014, at 12:31 PM, Michael Coates
>>>         <michael.coates at owasp.org <mailto:michael.coates at owasp.org>>
>>>         wrote:
>>>
>>>>         Board,
>>>>
>>>>         I'd like to request a vote on OWASP's participation at RSA.
>>>>         I've captured my position on the public OWASP thread.
>>>>         http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html
>>>>
>>>>         Please provide any discussion to the vote or cast your
>>>>         vote. Note that this is a time sensitive issue.
>>>>
>>>>
>>>>         My vote request is as follows:
>>>>
>>>>         OWASP will terminate the co-marketing agreement with RSA
>>>>         for RSA 2014.
>>>>         This may place our training at risk, but if permitted we
>>>>         will still provide the free training at RSA and the OWASP
>>>>         speaking slot.
>>>>
>>>>         Board Votes:
>>>>         Michael
>>>>         Tom
>>>>         Tobias
>>>>         Fabio
>>>>         Josh
>>>>         Jim
>>>>         Eoin
>>>>
>>>>
>>>>
>>>>         Note: Unrelated to the vote - we can still provide free
>>>>         training at BSides too.
>>>>
>>>>
>>>>         --
>>>>         Michael Coates
>>>>         Chair of OWASP Board
>>>>         @_mwc
>>>>
>>>>         _______________________________________________
>>>>         Owasp-board mailing list
>>>>         Owasp-board at lists.owasp.org
>>>>         <mailto:Owasp-board at lists.owasp.org>
>>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>>         _______________________________________________
>>>         Owasp-board mailing list
>>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> -- 
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org <mailto:sarah.baso at owasp.org>
> +1.312.869.2779
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140107/f141000a/attachment-0001.html>


More information about the Owasp-board mailing list