[Owasp-board] [Owasp-leaders] Please provide a status update to the membership

Tobias tobias.gondrom at owasp.org
Wed Oct 15 15:00:10 UTC 2014

Hi Andrew,
I understand your feelings and concerns.
Something has gone wrong and we are analysing the situation and will 
communicate as soon as we learn more. FYI: there is a call scheduled for 
later today with the ED and I hope we can get more clarity then.
Best, Tobias

On 15/10/14 15:50, Andrew Muller wrote:
> Josh/Tobias,
>   I don't think anyone is attacking the actions of the ops team or 
> trying to interrupt their work. Rather Andrew, myself and others 
> believe that this isn't just a technical issue. Something has clearly 
> gone wrong during an election and OWASP should determine whether the 
> integrity of the election process has been compromised as a result and 
> keep the community informed. If it has been compromised, then what 
> next? If not, then why not let people know?
> You may think I'm overstating it, but I can't help but think of 
> analogies of poor communications after security incidents that have 
> damaged the reputation of organisations. I don't want to see OWASP 
> suffer this fate.
> Andrew
> On Thu, Oct 16, 2014 at 1:26 AM, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>     +1 for Josh.
>     I can fully support Josh's statements.
>     I know things may look calm on the outside, but let me assure you
>     the whole team (incl. the board) takes this as the highest
>     priority and there is very high activity on the inside by everyone
>     pulling together to get this analysed and fixed ASAP.
>     As you know the election is still open for another 9 days until
>     Oct-24 (https://www.owasp.org/index.php/2014_Board_Elections), so
>     please have a little more patience and give our team a chance to
>     fix it. And based on the findings we will decide on what to do in
>     addition - hopefully we know more in a few hours.
>     Best wishes, Tobias
>     Tobias Gondrom
>     OWASP Global Board Member
>     On 15/10/14 15:10, Josh Sokol wrote:
>>     Andrew,
>>     I had at least half a dozen emails back and forth yesterday
>>     related to my issue with not receiving the voting email and Kelly
>>     was well engaged with me and SimplyVoting.  They tracked my
>>     particular issue down to having unsubscribed to a SimplyVoting
>>     email during the WASPY awards process.  My issue was just one of
>>     many reported and being worked on.  Kate, who was in training
>>     this week, was pulled from it in order to work on these issues. 
>>     This is item #1 on the ops team's plate and they are laser
>>     focused on making sure this process is being handled
>>     professionally and without missing votes.  Your concerns are very
>>     valid and are all being investigated.   If there is cause to
>>     pause the election process, I assure you that it will be done.  I
>>     do want to say, however, that this is an operations issue and
>>     Board involvement beyond supporting the ops team could constitute
>>     tampering with the election process.  We need to work diligently,
>>     yet judiciously, in order to ensure the process is fair for
>>     everyone involved.  There were several emails on this topic
>>     yesterday along with a TON of ops team activity, and an update is
>>     planned for today.  Keep in mind that its early morning on day 2
>>     here in the US where the ops team is based.  I'm not saying that
>>     there isn't a problem, but patience is definitely a virtue when
>>     you want to make sure that things are handled properly. Please
>>     give the ops team a chance to research what happened and
>>     communicate it out before assuming that the issue is just being
>>     ignored.  Thank you.
>>     Sincerely,
>>     Josh Sokol
>>     On Oct 15, 2014 7:16 AM, "Andrew van der Stock"
>>     <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>>         Michael and the Board,
>>         I write to you formally to request a status update on the
>>         global OWASP
>>         Board of Directors election process, in particular, I implore the
>>         current Board to take affirmative action to investigate and
>>         manage a
>>         resolution to the technical hitches in membership and
>>         balloting, and
>>         if necessary delay the election, so that all eligible members can
>>         vote. There is no activity on the Board list to address this
>>         issue,
>>         and this, too, needs to be addressed.
>>         Members need to have trust of the integrity of the balloting
>>         (enfranchisement) and voting processes. There are rules posted
>>         regarding the process and deadlines, and for at least some (and
>>         possibly many) members, these deadlines have been missed by
>>         the OWASP
>>         Foundation. There is no current membership list. Members have
>>         expired
>>         and not been renewed or processed and have missed out on
>>         receiving
>>         their vote to the election. It is entirely possible that some
>>         of the
>>         candidates, through no fault of their own, are not in good
>>         standing.
>>         We just don't know.
>>         The only semi-official message in relation to my queries so
>>         far is
>>         "please don't be inflammatory". That is simply not good
>>         enough. I am
>>         not sledging the ops team - that is not my intent - but I am
>>         saying
>>         there is an critical issue and it is not being managed or
>>         communicated
>>         properly, and that requires Board oversight.
>>         In Australia, we recently had to send an entire state back to
>>         re-vote
>>         their senate because our electoral commission lost 1300
>>         votes, which
>>         was more votes than the winning margin. I don't ever recall
>>         any open
>>         source project or Foundation ever having this type of problem
>>         before.
>>         I hope that it's a small issue that can be addressed in a
>>         timely and
>>         comprehensive fashion.
>>         Please as a matter of urgency, please work out and
>>         communicate with
>>         all the members, (and not just those on the leaders list):
>>         * What is the Board's position on challenges to the election,
>>         postponing or delaying the vote to get the membership and
>>         balloting
>>         right, or doing a re-run?
>>         * Were renewal notices sent out to expiring and expired
>>         members in a
>>         timely fashion to make the September 30 renewal eligibility
>>         deadline?
>>         * If not, will OWASP be e-mailing or making contact with all
>>         expired
>>         members to see if they wanted to renew and give them a vote
>>         in the
>>         election? If so, when will this occur? Will it occur by the time
>>         voting closes?
>>         * Are all current Board candidates in good standing? If not,
>>         will the
>>         Board reach out to the candidates in question, and offer them
>>         back
>>         dated honorary membership to comply with the bylaws? Or will
>>         they be
>>         ineligible to stand?
>>         * Are all membership renewals (paid, lifetime, and honorary)
>>         submitted
>>         prior to September 30 now processed?
>>         * If so, is there an up to date membership list that does not
>>         date
>>         back to April 8, 2014? Can this be added to the OWASP Board 2014
>>         elections page?
>>         * As the CRM process wasn't working for some time, what steps
>>         are the
>>         Board putting into place to ensure that it is fixed and
>>         monitored for
>>         the next election?
>>         These questions have to be answered. No answer is simply not an
>>         option. I don't mind if you take these on notice and reply in
>>         pieces,
>>         but please communicate frequently, openly and honestly with us.
>>         I know the vote is open until next week, but I feel that even
>>         if there
>>         are only a handful of members piping up on the Leaders
>>         mailing list
>>         today, the CRM process has been broken for at least two
>>         months, which
>>         covers about 15% of members. It may have been broken as far
>>         back as
>>         April 8 when the membership list was seemingly last
>>         generated, which
>>         covers around 45-50% of the members.
>>         Simply enrolling those who pipe up in one venue misses those
>>         who don't
>>         hang out on the Leaders list and disenfranchises those who
>>         might have
>>         wanted a say in OWASP's future. If this is actually a small
>>         issue, it
>>         should be easy to determine: compare July, August's and
>>         September's
>>         membership totals with that from the year before. If the
>>         totals are
>>         reduced, then there is a problem of a known magnitude. But
>>         without an
>>         accurate and up to date membership list, we cannot determine
>>         if there
>>         are disenfranchised members or how many have been potentially
>>         disenfranchised.
>>         I gave the ops team nearly two month's notice that something
>>         wasn't
>>         right, and stayed in fairly constant communication during
>>         that time. I
>>         even gave a heads up about my fellow candidates, who I
>>         sincerely hope
>>         have their membership sorted so OWASP members have a
>>         geographically
>>         varied and interesting selection of candidates to choose from.
>>         I've been here since very nearly the beginning, I don't think
>>         I've
>>         ever seen such disarray in our internal processes, especially
>>         such key
>>         processes that directly elect the Board.
>>         I implore the Board to take this very seriously. Please
>>         communicate
>>         clearly and frequently with us on next steps. If the Board or the
>>         Foundation needs time - more time than there exists until the
>>         end of
>>         voting, I am more than willing to give the benefit of the
>>         doubt to
>>         ensure that we have an open, transparent membership and
>>         voting system
>>         with integrity for a vote to be open to all members, not just
>>         those
>>         unaffected by the technical glitches. I can't speak for the other
>>         candidates, but please ask them too. I'd rather this be done
>>         right.
>>         I am reachable on +61 451 057 580
>>         <tel:%2B61%20451%20057%20580> if you want a chat, but I am
>>         UTC+11,
>>         which makes it tricky during US business hours.
>>         thanks,
>>         Andrew
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> -- 
> ____________________
> *Andrew Muller*
> Canberra OWASP Chapter Leader
> OWASP Testing Guide Co-Leader

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141015/8cda404e/attachment-0001.html>

More information about the Owasp-board mailing list