[Owasp-board] Compliance Officer for 2015

Yiannis Pavlosoglou yiannis at seleucus.net
Thu Apr 30 08:14:58 UTC 2015


Hi all,

I would like to volunteer as the compliance officer and also would like to
propose a way to address the issue of this thread that Martin correctly
identified in a 2 year plan.

Thank you,

Yiannis
On 30 Apr 2015 09:11, "Martin Knobloch" <martin.knobloch at owasp.org> wrote:

> All,
>
> Due to the upcomming AppSec-Eu conference, I have not been able to join
> the last board call.
>
> For your remark, Matt, just some thoughts that cam up when reading your
> comment (and writing this):
>
> The regular ongoing cases are not the problem. Indeed, in case of a major
> compliant case, as last year, I do not scale much as one person. Saying, as
> I am volunteer in this role, a case of that extend as last year does take
> quite some resources in time-wise.
> Also, I have a serious feeling (you never can tell for sure) in person
> meeting with the involved parties could have prevented  the case to blow up
> as it did. In the past I have asked if a travel budget during a serious
> case would be possible, but was rejected by the previous board. I
> understand the reasoning, we are IT people and know you can meet online,
> but in such a case in person meetings are very helpful. You just can talk
> differently in a private space, face to face, than online.
>
> As I am involved in OWASP for quite some time, many have become friends.
> Luckily, until now parties have always accepted and approved my
> independence and objectiveness.
> This might be more difficult for a committee, I don't know.
>
> To be honest, I have mixed feelings about the idea of a compliant
> committee, in previous emails I have explained my concerns about creating a
> compliance committee.
> Most definitely, it differs from regular committees, as there is a trust
> factor to be taken in account. It cannot be, as for current committee
> setup, you register and you are in.
>
> As we hopefully will not face to many complaint cases of the extent of the
> one major case we had so far, a committee is not solving much:
> - scalability
> - local presence (could be interesting)
>
> As the responsibility of my role is defined, it is to investigate, mediate
> where possible, report and advice the board.
> To be honest, in my experience after last year, I rather predict a
> complaint committee can make communications cumbersome. Therefore, I
> currently see more problems than than solutions in having a complaint
> committee.
>
> Cheers,
> -martin
>
> On Thu, Apr 30, 2015 at 5:36 AM, Matt Konda <matt.konda at owasp.org> wrote:
>
>> Follow up on this discussion about the Compliance Officer role...
>>
>> I was surprised to hear that Martin (or others) might need a committee to
>> help handle compliance issues.
>>
>> I certainly appreciate Martin's work and I understand 2014 was a tough
>> year for this role, but doing a reality check my sense is that it should be
>> a relatively manageable amount of work in most years.  I'm worried that
>> without formal training, lines of responsibility and accountability that
>> the credibility of the people in this role could get eroded.  I think
>> Martin maintained credibility and that is part of why he was successful in
>> the role.
>>
>> Therefore, I would suggest that for 2016, we define what the time,
>> experience and process expectations are more formally and then consider how
>> to fit that need.  It may be that we do need a committee.  I'm just wary of
>> going that route prematurely.  Reading the current policy, it is written to
>> a single person filling the role.
>>
>> Thanks,
>> Matt
>>
>>
>> On Tue, Apr 28, 2015 at 11:08 AM, Andrew van der Stock <
>> vanderaj at owasp.org> wrote:
>>
>>> +1 for Martin here.
>>>
>>> On Wed, Apr 8, 2015 at 1:02 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>>  I'll do it. On it now.
>>>>
>>>>
>>>> On 4/7/15 8:11 AM, Tobias wrote:
>>>>
>>>> I agree that Martin has done a great job as our compliance officer in
>>>> this tough past year.
>>>>
>>>> For the transparency, I would still like to do a quick call for
>>>> volunteers. Ok?
>>>>
>>>> Anyone from my fellow board members volunteering to launch that call?
>>>> ;-)
>>>>
>>>> Cheers, Tobias
>>>>
>>>>
>>>> On 06/04/15 01:32, Josh Sokol wrote:
>>>>
>>>>  I just realized that we forgot to nominate and vote on a Compliance
>>>> Officer for 2015.  For simplicity's sake, and because I think he has done a
>>>> phenomenal job so far, I wanted to propose that we re-affirm Martin
>>>> Knobloch as our Compliance Officer for 2015.  Hopefully, after last year's
>>>> issues, he is still willing to do it.
>>>>
>>>>  ~josh
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
>
> --
> Met vriendelijke groet,
> -martin
>
> ___________________
> Martin Knobloch
> OWASP AppSec-Eu/Research 2015 Conference Chair
> OWASP Netherlands Chapter Leader
>
> Email: martin.knobloch at owasp.org
> Mobile: +31623226933
> Twitter:  @AppsScE
>             @owasp_NL
> Web:    http://owasp.nl
>             http://appsec.eu
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150430/49f0fa9a/attachment.html>


More information about the Owasp-board mailing list