[Owasp-board] [Governance] OWASP statement on security: your opinion? - until Monday 14:00 CST

Tobias tobias.gondrom at owasp.org
Tue Jan 28 00:28:29 UTC 2014

we can continue this discussion after the release which will happen
Best regards, Tobias

Ps.: reg. your last question: as in my understanding your emails are not
sent to the leaders list (as it is only for OWASP leaders), it was
appropriate that I should not include the leaders-list in my reply either.

On 28/01/14 00:19, Christian Heinrich wrote:
> Tobias,
> On Tue, Jan 28, 2014 at 5:40 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>> I do listen to everyones input. And I take the community's feedback very
>> serious, including the more than 90% community votes that asked for such
>> a statement to be made. It would be a little bit silly to discuss the
>> text here with you, as you are at this moment not an OWASP member (as
>> you can see from the membership list), nor have read the proposed text.
>> I ask you to have some trust in the OWASP community members and their
>> great efforts in the review.
> That's an incredibly short sighted view and yet even after both a
> questionable suspension and termination the public still associate me
> to OWASP i.e. https://twitter.com/DinisCruz/status/366228396348411904
> On Tue, Jan 28, 2014 at 5:40 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>> Regarding your comments:
>> 1. there is no need for Jeff to make any points with regard to this
>> statement.
> Then RSA/EMC will discredit OWASP on this point?
> On Tue, Jan 28, 2014 at 5:40 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>> 2. as you could take from my email, the statement objective is to
>> promote our OWASP goals,
> Yet OWASP has zero experience in the development of crypto, including
> the development of libraries for each reference implementation i.e.
> http://lists.owasp.org/pipermail/owasp-leaders/2013-September/010122.html.
> Unfortunately, any PR will be seen as attempting to ride the coattails
> of a trend which will have blown over by 2015 and this view has
> already been made by the @thegrugq to over 12.5K followers.
> Again, OWASP should make a donation to http://www.keyczar.org/ (or a
> similar effort), this is a much better spend of any public relations
> budget.
> On Tue, Jan 28, 2014 at 5:40 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>> And regarding your wish that we shall explicitly say in the press
>> release text that you are personally against it: I will not add such
>> text to the statement to include that it doesn't promote your personal
>> view. This would be unprofessional. This is a statement for the
>> community not about you. And you are not even a member of OWASP at this
>> point in time (as you can see from the membership list), so I can not
>> see how anyone would assume that this statement would be your personal
>> view unless you actively support it - which I still hope you will do
>> once you have actually read it. Of course, please feel free to distance
>> yourself from the statement if you don't agree with its text once it has
>> been published.
> Even members of the public are permitted to view quotes in the media
> by OWASP i.e. https://www.owasp.org/index.php/Quotes but you are more
> than welcome to release the text to me of the PR and I will not
> disclose it under embargo?
> Is there a reason you omitted the OWASP Leaders mailing list?

More information about the Owasp-board mailing list