[Owasp-board] [Governance] OWASP statement on security: your opinion? - until Monday 14:00 CST
tobias.gondrom at owasp.org
Wed Jan 29 22:51:58 UTC 2014
I totally agree with Michael.
No message is "fool-proof". With every message there are always a few
who don't read carefully enough and then jump to wrong conclusions. This
is normal. So in these single instances we just clarify with the right
And overall, I am actually quite happy with the reception and feedback
from the general security community and beyond.
Best regards, Tobias
On 29/01/14 22:36, Michael Coates wrote:
> Sure, some people got the wrong impression without reading the whole
> story. But these things happen and I followed up with people to
> clarify. I also sent the owasp link with all the info. Overall I think
> the main message is getting out there nicely.
> I'm not concerned about sending clarifications myself. We're just
> providing information to be sure people are aware of all the details.
> Michael Coates
> On Wed, Jan 29, 2014 at 2:13 PM, Christian Heinrich
> <christian.heinrich at cmlh.id.au <mailto:christian.heinrich at cmlh.id.au>>
> Due to the public perception that OWASP has re-associated itself the
> RSA Conference after condemning it two weeks before I strategically
> withhold my public comment for the the moment.
> Negative public sentiment such as
> https://twitter.com/info_dox/status/428278242378661888 wouldn't have
> occurred had the OWASP Board followed my advice and cancelled the
> training for February 2014. Furthermore, Michael's clarification
> achieves nothing because he is perceived as bias due to being an
> instructor and OWASP Board Member, you need an independent third party
> (e.g. WASC) to issuing this clarification on your behalf.
> Subsequently the message of
> has been lost since the creditability of OWASP is now brought into
> question. Hence the reason I am strategically withhold my public
> comment until this background noise dies down as my public comment
> will have more impact after this negative public sentiment while
> ensuring that the public will question OWASP creditability again.
> Hopeful next time I provide you with advice you will consider that I
> have already foreseen the bad outcome for OWASP, just like when I
> explained to Dinis at Hack in the Box Amsterdam that the Google
> Hacking Inquiry will result in smear that is for the ulterior motive
> of Chris and Jody.
> On Wed, Jan 29, 2014 at 11:36 PM, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
> > Christian,
> > yes. This is the released statement.
> > Best regards, Tobias
> > On 28/01/14 23:52, Christian Heinrich wrote:
> >> Tobias,
> >> I just want to make sure that I respond to the correct
> statement which
> >> I am lead to believe is
> >> is this correct?
> >> On Tue, Jan 28, 2014 at 11:48 AM, Christian Heinrich
> >> <christian.heinrich at cmlh.id.au
> <mailto:christian.heinrich at cmlh.id.au>> wrote:
> >>> I look forward to its release and I will continue my offer to
> >>> it under embargo in the interim if you decide to release it to me.
> Christian Heinrich
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board