[Owasp-board] Additional Conference policies

Michael Coates michael.coates at owasp.org
Wed May 14 23:33:31 UTC 2014


Looks like we're asking members, which works for me.
If we decide to do it then we make it clear to the individual using the
discount code that their information is being shared. If everyone is aware
of what information is trading hands then we're all good on a privacy
front.

-Michael


--
Michael Coates
@_mwc



On Wed, May 14, 2014 at 3:45 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

> Great points - I will push this out to the community for input and a
> poll... obviously all of you can continue with input there!
>
> Thanks,
> Sarah
>
>
> On Wed, May 14, 2014 at 3:36 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> I understand the context, but still don't agree with it.  Giving discount
>> codes to a vendor as a result of sponsoring is already a value add.
>> Providing them with a list of people who used the code is a privacy
>> violation.  If we choose to do this, then it should be made clear before
>> completing the transaction each time someone uses one of these codes with a
>> stipulation attached to it.  I'm fine leaving it as a decision for our
>> members to make, though, as Jim suggested, since I'm pretty confident the
>> majority will feel the same way.
>>  On May 14, 2014 5:14 PM, "Tom Brennan - proactiveRISK" <
>> tomb at proactiverisk.com> wrote:
>>
>>> I think your looking at it wrong.
>>>
>>> The context is more about supporters who market the event as a "come see
>>> XYZ vendor at the event use code #xyz for discount off admission or to get
>>> a free shirt/gift at the booth etc.. This is not a member PII item rather a
>>> clarification on a policy for conference : training events that  should not
>>> even be a board list ask for yes/no.. The leaders list or a blog post with
>>> a request for comment is likely more appropriate. As a conference you new
>>> to offer those bi-directional opportunities to promote the event and the
>>> supporter IMHO.
>>>
>>> I support sponsor promotional codes and did so at OWASP
>>> AppSecUSA2013/LASCON/Nova/<insert> event these are OWASP events.
>>>
>>> What was a violation was vendors standing/guarding the doors to the
>>> conference rooms scanning people as they entered the room. Had to tell A
>>> sponsor to STOP that aggressive sales/marketing practice as it was a
>>> violation of my personal privacy as a individual + as a Owasp event was not
>>> authorized.
>>>
>>> So perhaps that sheds some color to that..
>>>
>>> Photography, videos etc at the event should be on the receipt as the
>>> event wants to promote the event before, during and after.  The privacy
>>> issue is rather simple if you don't want to be on camera decline the
>>> opportunity.
>>>
>>> The speakers, the staff, the projects NEED visibility inline with the
>>> mission so all promotional activities are welcomed to promote software
>>> security.
>>>
>>> So yes to the second item too.
>>>
>>> Tom Brennan
>>> 1-973-202-0122
>>>
>>> On May 14, 2014, at 5:10 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> +1 Josh
>>>
>>> We need to maintain a good balance between gratitude towards vendors who
>>> fund OWASP and our hard working members who demand privacy by default when
>>> possible. But don't take our word for it, poll the membership and see what
>>> they say.
>>>
>>> I'm of the opinion that we need to grow the quality of our open source
>>> documents, wiki and projects way more than we need to grow finances. But
>>> again, hit leaders with this questions, the board does not need to be (and
>>> should not be) the final word here.
>>>
>>> My 2 cents,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On May 14, 2014, at 1:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>>
>>> I strongly dislike the discount codes policy.  It's never been like this
>>> before and, in fact, our policy has been that under no circumstances will
>>> we sell or give attendee information to vendors.  If vendors are giving out
>>> discount codes, then chances are that they have the attendee information
>>> already so I'm not sure what the value is in this.  If they're just
>>> throwing the code out there to use, then I'd want a disclaimer on each and
>>> every ticket purchased with the code saying that by using it your info is
>>> being provided to the vendor.  That doesn't really seem feasible, though,
>>> so my gut says we shouldn't be doing this.
>>>
>>> ~josh
>>>
>>>
>>> On Wed, May 14, 2014 at 3:34 PM, Sarah Baso <sarah.baso at owasp.org>wrote:
>>>
>>>> Board -
>>>>
>>>> The AppSec USA 2014 team and I have been working on a couple of
>>>> additional policies for their conference, that would be applicable to ALL
>>>> conference (IMHO) :
>>>> https://www.owasp.org/index.php/Governance/Conference_Policies
>>>>
>>>> Please let me know within the next week if you have any issues with
>>>> updating the global conference policies to include these.
>>>>
>>>> *Discount Codes*
>>>>
>>>>
>>>>
>>>> Opt-In Notice:  OWASP events would not be possible without the help of
>>>> our sponsors who are also provided the opportunity to offset the cost for
>>>> attendees as well.  Per OWASP agreement with event sponsors, your
>>>> registration information is provided to the sponsor associated with the
>>>> code used.  If you do not wish to share your registration information with
>>>> the associated sponsor, please do not use the code.
>>>>
>>>>
>>>>
>>>> *Photography*
>>>>
>>>>
>>>>
>>>> OWASP events are open to the public, and OWASP does not restrict
>>>> attendees (including OWASP staff, volunteers, sponsors, and media) from
>>>> taking photos or videos at our events. By attending out events, you
>>>> acknowledge that you are in a public space and that attendees  (including
>>>> OWASP staff, volunteers, sponsors, and media) may capture your image
>>>> in photos and videos.  Nevertheless, OWASP encourages event attendees to
>>>> exercise common sense and good judgment, and respect the wishes of other
>>>> attendees who do not wish to be photographed at the Events.
>>>>
>>>>
>>>>
>>>> OWASP reserves the right to use images taken at the conference with
>>>> your photograph and/or likeness in future marketing materials.
>>>>
>>>>
>>>>
>>>> Sarah
>>>>
>>>> --
>>>> Executive Director
>>>> OWASP Foundation
>>>>
>>>> sarah.baso at owasp.org
>>>> +1.312.869.2779
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> Executive Director
> OWASP Foundation
>
> sarah.baso at owasp.org
> +1.312.869.2779
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140514/72f6b768/attachment.html>


More information about the Owasp-board mailing list