[Owasp-board] Additional Conference policies

Sarah Baso sarah.baso at owasp.org
Wed May 14 22:45:37 UTC 2014


Great points - I will push this out to the community for input and a
poll... obviously all of you can continue with input there!

Thanks,
Sarah


On Wed, May 14, 2014 at 3:36 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> I understand the context, but still don't agree with it.  Giving discount
> codes to a vendor as a result of sponsoring is already a value add.
> Providing them with a list of people who used the code is a privacy
> violation.  If we choose to do this, then it should be made clear before
> completing the transaction each time someone uses one of these codes with a
> stipulation attached to it.  I'm fine leaving it as a decision for our
> members to make, though, as Jim suggested, since I'm pretty confident the
> majority will feel the same way.
> On May 14, 2014 5:14 PM, "Tom Brennan - proactiveRISK" <
> tomb at proactiverisk.com> wrote:
>
>> I think your looking at it wrong.
>>
>> The context is more about supporters who market the event as a "come see
>> XYZ vendor at the event use code #xyz for discount off admission or to get
>> a free shirt/gift at the booth etc.. This is not a member PII item rather a
>> clarification on a policy for conference : training events that  should not
>> even be a board list ask for yes/no.. The leaders list or a blog post with
>> a request for comment is likely more appropriate. As a conference you new
>> to offer those bi-directional opportunities to promote the event and the
>> supporter IMHO.
>>
>> I support sponsor promotional codes and did so at OWASP
>> AppSecUSA2013/LASCON/Nova/<insert> event these are OWASP events.
>>
>> What was a violation was vendors standing/guarding the doors to the
>> conference rooms scanning people as they entered the room. Had to tell A
>> sponsor to STOP that aggressive sales/marketing practice as it was a
>> violation of my personal privacy as a individual + as a Owasp event was not
>> authorized.
>>
>> So perhaps that sheds some color to that..
>>
>> Photography, videos etc at the event should be on the receipt as the
>> event wants to promote the event before, during and after.  The privacy
>> issue is rather simple if you don't want to be on camera decline the
>> opportunity.
>>
>> The speakers, the staff, the projects NEED visibility inline with the
>> mission so all promotional activities are welcomed to promote software
>> security.
>>
>> So yes to the second item too.
>>
>> Tom Brennan
>> 1-973-202-0122
>>
>> On May 14, 2014, at 5:10 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> +1 Josh
>>
>> We need to maintain a good balance between gratitude towards vendors who
>> fund OWASP and our hard working members who demand privacy by default when
>> possible. But don't take our word for it, poll the membership and see what
>> they say.
>>
>> I'm of the opinion that we need to grow the quality of our open source
>> documents, wiki and projects way more than we need to grow finances. But
>> again, hit leaders with this questions, the board does not need to be (and
>> should not be) the final word here.
>>
>> My 2 cents,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On May 14, 2014, at 1:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> I strongly dislike the discount codes policy.  It's never been like this
>> before and, in fact, our policy has been that under no circumstances will
>> we sell or give attendee information to vendors.  If vendors are giving out
>> discount codes, then chances are that they have the attendee information
>> already so I'm not sure what the value is in this.  If they're just
>> throwing the code out there to use, then I'd want a disclaimer on each and
>> every ticket purchased with the code saying that by using it your info is
>> being provided to the vendor.  That doesn't really seem feasible, though,
>> so my gut says we shouldn't be doing this.
>>
>> ~josh
>>
>>
>> On Wed, May 14, 2014 at 3:34 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>> Board -
>>>
>>> The AppSec USA 2014 team and I have been working on a couple of
>>> additional policies for their conference, that would be applicable to ALL
>>> conference (IMHO) :
>>> https://www.owasp.org/index.php/Governance/Conference_Policies
>>>
>>> Please let me know within the next week if you have any issues with
>>> updating the global conference policies to include these.
>>>
>>> *Discount Codes*
>>>
>>>
>>>
>>> Opt-In Notice:  OWASP events would not be possible without the help of
>>> our sponsors who are also provided the opportunity to offset the cost for
>>> attendees as well.  Per OWASP agreement with event sponsors, your
>>> registration information is provided to the sponsor associated with the
>>> code used.  If you do not wish to share your registration information with
>>> the associated sponsor, please do not use the code.
>>>
>>>
>>>
>>> *Photography*
>>>
>>>
>>>
>>> OWASP events are open to the public, and OWASP does not restrict
>>> attendees (including OWASP staff, volunteers, sponsors, and media) from
>>> taking photos or videos at our events. By attending out events, you
>>> acknowledge that you are in a public space and that attendees  (including
>>> OWASP staff, volunteers, sponsors, and media) may capture your image in
>>> photos and videos.  Nevertheless, OWASP encourages event attendees to
>>> exercise common sense and good judgment, and respect the wishes of other
>>> attendees who do not wish to be photographed at the Events.
>>>
>>>
>>>
>>> OWASP reserves the right to use images taken at the conference with your
>>> photograph and/or likeness in future marketing materials.
>>>
>>>
>>>
>>> Sarah
>>>
>>> --
>>> Executive Director
>>> OWASP Foundation
>>>
>>> sarah.baso at owasp.org
>>> +1.312.869.2779
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Executive Director
OWASP Foundation

sarah.baso at owasp.org
+1.312.869.2779
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140514/9db94e88/attachment-0001.html>


More information about the Owasp-board mailing list