[Owasp-board] OWASP Whistleblower Policy Updates

Martin Knobloch martin.knobloch at owasp.org
Wed Nov 12 23:07:35 UTC 2014

Josh, et all,

Two questions from my side as current developments raised this.

1. The compliant officers role as neutral conciliator / mediator
It might be people hesitate in filing an official complaint, as this is a
harsh measure, and reaching out to the compliant officer as neutral party
in an not yet escalated conflict.
The current policy does not describe this possibility, it comes close to "IV.
Commitment to Peaceful Conflict Resolution", but without filing an official
This could be in chapter "IX. Compliance Officer".
Q: is this part of the compliant officers role?

2. Early notification of the compliant officer in case of serious
As reason history has shown actions of investigation should been handed to
the investigation soon possible. It might not be part of the Whistelblower
Policy, but can we find an agreement any serious complaints the board or a
board member has received, the Compliant Officer should be notified about
early, before escalation!

In general, I think the role, responsibility of the Compliance Officer
should be expressed in more clearly. As the independence of the board.


On Wed, Nov 12, 2014 at 7:40 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Based on the feedback I received from Martin, I made a few changes to the
> Whistleblower policy that I had previously sent out.  Please review when
> you have a chance and feel free to provide feedback either via comment or
> by responding back to this e-mail.  Here is the link:
> https://docs.google.com/a/owasp.org/document/d/1OwoHQtNGWxpr2qgSGbTqCRJJYLayh5d8zvzxoh2Cnqk/edit
> Thanks!
> ~josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141113/c541d0a0/attachment-0001.html>

More information about the Owasp-board mailing list