[Owasp-board] Code of conduct for OWASP events

Kelly Santalucia kelly.santalucia at owasp.org
Fri Feb 27 13:40:18 UTC 2015


Our Anti Harassment Policy, Privacy Policy and the OWASP Code of Ethics are
included on all contracts that are sent to every sponsor as well all our
partnership/co-markteing agreements.

On Thu, Feb 26, 2015 at 10:13 PM, Andrew van der Stock <vanderaj at owasp.org>

> Hi folks,
> It's way, way, way past time for discussions to start as we are running
> several global branded events in 2015 and NONE of them have a code of
> conduct or anti-harrassment policy and already two of our three or four
> events have either zero or only one woman speakers, despite AppSec EU
> having over 120 CFP submissions.
> If you believe things are fine or that is just how our industry is, that
> ship sailed back in 1950. Let's get to a consensus and work towards fixing
> this problem.
> We have almost certainly started to sign up sponsors, vendors, and CFPs
> are open, so we have to do something now before we can't until 2016.
> Inaction allows the status quo to thrive, and it's really unacceptable.
> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
> https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf
> LatAm Tour 2015: Instructor agreement: Nothing. No women instructors as
> far as I can tell
> https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf
> LatAm Tour 2015: Sponsor opportunities. Nothing
> https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf
> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor information.
> Just one woman co-speaker selected from 120 submissions. Really? In 2015?
> http://2015.appsec.eu/wp-content/uploads/2014/12/AppSec-Eu_Research-2015_Amsterdam_Sponsor-document.pdf
> AppSecUSA 2015 code of conduct: Nothing.
> AppSecUSA 2015 vendor form: Nothing.
> https://docs.google.com/forms/d/1Mh7PoELRg1fyc9NHQVrzHrmEh3yEh3qPljKa93oISjc/viewform
> AppSecUSA 2015 speaker agreement form: Nothing
> https://2015.appsecusa.org/c/wp-content/uploads/2015/02/AppSec-USA-2015_Speaker-Agreement.pdf
> Maybe now you can see the problem. It shouldn't be up to the organizers of
> each year to determine and include these policies, they should be overlays
> for all our events, like our Code of Ethics is.
> Despite all this doom and gloom, our anti-harassment policy for OWASP
> AppSec USA 2014 is okay. It's not surprising that there were women speakers
> at this event, but only just barely: five women speakers out of 78 (6%),
> including Kate who talked about starting a chapter. This is actually our
> best representation for all the events I looked at.
> AppSecUSA 2014 Code of conduct:
> https://www.owasp.org/index.php/AppSec_USA_2014/Conference_Policies#Anti_Harassment_Policy
> It should be linked to in all speaker agreement, the vendor and
> sponsorship agreements. I am very disappointed that none of the events in
> 2015 seem to be using it.
> Other code of conducts you may be interested in:
> Linux.conf.au is the only global Linux conference Linus attends every
> year.
> http://linux.conf.au/cor/code_of_conduct
> Black Hat did not implode with this code of conduct:
> https://www.blackhat.com/code-of-conduct.html
> KiwiCon's Code of Conduct is antipodean direct:
> https://www.kiwicon.org/faq/code-of-conduct/
> They kicked out speakers Ben Nagy and the Grugq last year, so it's not
> just ASCII art.
> I wanted to share with you BruCon's Code of Conduct as they started with
> the Ada Initiative in 2013, and then modified it after it was used against
> them.
> At the very least, I'm looking for the Board to discuss this issue at our
> next Board meeting, and I'd like for us to vote on the following as a
> package:
> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment policy the
> de facto starting point for all our conferences, globally.
> * Adopt a reference in the standard OWASP Speaker's agreement form that
> points to this policy
> * Add in a reference to the standard OWASP vendor / sponsor agreement form
> that points to this policy, as well as prohibiting sexualized staff members
> (booth babes and the fictitious booth dudes).
> * Require the LatAm Tour, AppSec EU and AppSec US 2015 organisers to use
> these updated policies, which will almost certainly entail getting back to
> the already chosen speakers, sponsors and vendors and getting them to
> re-agree to it. As it was already policy in 2014, this shouldn't be too
> much of a stretch as it was most likely overlooked or forgotten.
> For AppSec USA 2015 and beyond, we really need to get them to encourage
> submissions from women. If a conference gets zero CFP submissions by women,
> you will have zero talks by women. I do not believe for a second there are
> zero women in our industry. We need to stop being passive about this, and
> start recruiting women to submit talks.
> * Require conference committees to send out invitations to as many women
> speakers as possible there is diversity in submissions.
> * We should also help with helping folks create solid CFPs that are more
> likely to succeed if submissions are to be chosen solely by merit. I don't
> think this should be restricted to just women, but should also include
> first time speakers, who often struggle to get their first speaking gig at
> a large conference.
> I would like to get us to talk about the best way to achieve a desired
> outcome - what is the desired percentage of talks that should be given by
> women, how we will achieve that goal, and when shall we achieve that goal?
> thanks,
> Andrew
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

*Kelly Santalucia*

*Membership and Business Liaison*

*OWASP Foundation*

*1200-C Agora Drive, #232*

*Bel Air, MD  21014*


*Direct: 1+ 973-670-5784*

*Fax: 1+ 443-283-4021 *

Skype: kelly.santalucia

*Join us at AppSecEU 2015 <https://2015.appsec.eu> in Amsterdam and at
AppSecUSA 2015 <http://2015.appsecusa.org/home.html> in San Francisco!!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150227/bb55cc9e/attachment-0003.html>

More information about the Owasp-board mailing list