[Owasp-board] [Governance] OWASP statement on security: your opinion? - until Monday 14:00 CST

Tobias tobias.gondrom at owasp.org
Wed Jan 29 22:51:58 UTC 2014


I totally agree with Michael.
No message is "fool-proof". With every message there are always a few
who don't read carefully enough and then jump to wrong conclusions. This
is normal. So in these single instances we just clarify with the right
information.

And overall, I am actually quite happy with the reception and feedback
from the general security community and beyond.

Best regards, Tobias


On 29/01/14 22:36, Michael Coates wrote:
> Sure, some people got the wrong impression without reading the whole
> story. But these things happen and I followed up with people to
> clarify. I also sent the owasp link with all the info. Overall I think
> the main message is getting out there nicely.
>
> I'm not concerned about sending clarifications myself. We're just
> providing information to be sure people are aware of all the details.
>
> -Michael
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> On Wed, Jan 29, 2014 at 2:13 PM, Christian Heinrich
> <christian.heinrich at cmlh.id.au <mailto:christian.heinrich at cmlh.id.au>>
> wrote:
>
>     Tobias,
>
>     Due to the public perception that OWASP has re-associated itself the
>     RSA Conference after condemning it two weeks before I strategically
>     withhold my public comment for the the moment.
>
>     Negative public sentiment such as
>     https://twitter.com/info_dox/status/428278242378661888 wouldn't have
>     occurred had the OWASP Board followed my advice and cancelled the
>     training for February 2014. Furthermore, Michael's clarification
>     achieves nothing because he is perceived as bias due to being an
>     instructor and OWASP Board Member, you need an independent third party
>     (e.g. WASC) to issuing this clarification on your behalf.
>
>     Subsequently the message of
>     http://owasp.blogspot.com/2014/01/owasp-statement-on-security-of-internet.html
>     has been lost since the creditability of OWASP is now brought into
>     question.  Hence the reason I am strategically withhold my public
>     comment until this background noise dies down as my public comment
>     will have more impact after this negative public sentiment while
>     ensuring that the public will question OWASP creditability again.
>
>     Hopeful next time I provide you with advice you will consider that I
>     have already foreseen the bad outcome for OWASP, just like when I
>     explained to Dinis at Hack in the Box Amsterdam that the Google
>     Hacking Inquiry will result in smear that is for the ulterior motive
>     of Chris and Jody.
>
>
>     On Wed, Jan 29, 2014 at 11:36 PM, Tobias <tobias.gondrom at owasp.org
>     <mailto:tobias.gondrom at owasp.org>> wrote:
>     > Christian,
>     > yes. This is the released statement.
>     >
>     http://owasp.blogspot.com/2014/01/owasp-statement-on-security-of-internet.html
>     > Best regards, Tobias
>     >
>     >
>     > On 28/01/14 23:52, Christian Heinrich wrote:
>     >> Tobias,
>     >>
>     >> I just want to make sure that I respond to the correct
>     statement which
>     >> I am lead to believe is
>     >>
>     http://owasp.blogspot.pt/2014/01/owasp-statement-on-security-of-internet.html,
>     >> is this correct?
>     >>
>     >> On Tue, Jan 28, 2014 at 11:48 AM, Christian Heinrich
>     >> <christian.heinrich at cmlh.id.au
>     <mailto:christian.heinrich at cmlh.id.au>> wrote:
>     >>> I look forward to its release and I will continue my offer to
>     receive
>     >>> it under embargo in the interim if you decide to release it to me.
>     >>
>     >
>
>
>
>     --
>     Regards,
>     Christian Heinrich
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140129/52dbe789/attachment.html>


More information about the Owasp-board mailing list