[Owasp-board] Code of conduct for OWASP events

Kelly Santalucia kelly.santalucia at owasp.org
Fri Feb 27 13:40:18 UTC 2015


Andrew,

Our Anti Harassment Policy, Privacy Policy and the OWASP Code of Ethics are
included on all contracts that are sent to every sponsor as well all our
partnership/co-markteing agreements.

On Thu, Feb 26, 2015 at 10:13 PM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Hi folks,
>
> It's way, way, way past time for discussions to start as we are running
> several global branded events in 2015 and NONE of them have a code of
> conduct or anti-harrassment policy and already two of our three or four
> events have either zero or only one woman speakers, despite AppSec EU
> having over 120 CFP submissions.
>
> If you believe things are fine or that is just how our industry is, that
> ship sailed back in 1950. Let's get to a consensus and work towards fixing
> this problem.
>
> We have almost certainly started to sign up sponsors, vendors, and CFPs
> are open, so we have to do something now before we can't until 2016.
> Inaction allows the status quo to thrive, and it's really unacceptable.
>
> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
> https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf
>
> LatAm Tour 2015: Instructor agreement: Nothing. No women instructors as
> far as I can tell
>
> https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf
>
> LatAm Tour 2015: Sponsor opportunities. Nothing
>
> https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf
>
> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor information.
> Just one woman co-speaker selected from 120 submissions. Really? In 2015?
>
> http://2015.appsec.eu/wp-content/uploads/2014/12/AppSec-Eu_Research-2015_Amsterdam_Sponsor-document.pdf
>
> AppSecUSA 2015 code of conduct: Nothing.
>
> AppSecUSA 2015 vendor form: Nothing.
>
> https://docs.google.com/forms/d/1Mh7PoELRg1fyc9NHQVrzHrmEh3yEh3qPljKa93oISjc/viewform
>
> AppSecUSA 2015 speaker agreement form: Nothing
>
> https://2015.appsecusa.org/c/wp-content/uploads/2015/02/AppSec-USA-2015_Speaker-Agreement.pdf
>
> Maybe now you can see the problem. It shouldn't be up to the organizers of
> each year to determine and include these policies, they should be overlays
> for all our events, like our Code of Ethics is.
>
> Despite all this doom and gloom, our anti-harassment policy for OWASP
> AppSec USA 2014 is okay. It's not surprising that there were women speakers
> at this event, but only just barely: five women speakers out of 78 (6%),
> including Kate who talked about starting a chapter. This is actually our
> best representation for all the events I looked at.
>
> AppSecUSA 2014 Code of conduct:
>
> https://www.owasp.org/index.php/AppSec_USA_2014/Conference_Policies#Anti_Harassment_Policy
>
> It should be linked to in all speaker agreement, the vendor and
> sponsorship agreements. I am very disappointed that none of the events in
> 2015 seem to be using it.
>
> Other code of conducts you may be interested in:
>
> Linux.conf.au is the only global Linux conference Linus attends every
> year.
> http://linux.conf.au/cor/code_of_conduct
>
> Black Hat did not implode with this code of conduct:
> https://www.blackhat.com/code-of-conduct.html
>
> KiwiCon's Code of Conduct is antipodean direct:
> https://www.kiwicon.org/faq/code-of-conduct/
>
> They kicked out speakers Ben Nagy and the Grugq last year, so it's not
> just ASCII art.
>
> I wanted to share with you BruCon's Code of Conduct as they started with
> the Ada Initiative in 2013, and then modified it after it was used against
> them.
>
> At the very least, I'm looking for the Board to discuss this issue at our
> next Board meeting, and I'd like for us to vote on the following as a
> package:
>
> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment policy the
> de facto starting point for all our conferences, globally.
>
> * Adopt a reference in the standard OWASP Speaker's agreement form that
> points to this policy
>
> * Add in a reference to the standard OWASP vendor / sponsor agreement form
> that points to this policy, as well as prohibiting sexualized staff members
> (booth babes and the fictitious booth dudes).
>
> * Require the LatAm Tour, AppSec EU and AppSec US 2015 organisers to use
> these updated policies, which will almost certainly entail getting back to
> the already chosen speakers, sponsors and vendors and getting them to
> re-agree to it. As it was already policy in 2014, this shouldn't be too
> much of a stretch as it was most likely overlooked or forgotten.
>
> For AppSec USA 2015 and beyond, we really need to get them to encourage
> submissions from women. If a conference gets zero CFP submissions by women,
> you will have zero talks by women. I do not believe for a second there are
> zero women in our industry. We need to stop being passive about this, and
> start recruiting women to submit talks.
>
> * Require conference committees to send out invitations to as many women
> speakers as possible there is diversity in submissions.
>
> * We should also help with helping folks create solid CFPs that are more
> likely to succeed if submissions are to be chosen solely by merit. I don't
> think this should be restricted to just women, but should also include
> first time speakers, who often struggle to get their first speaking gig at
> a large conference.
>
> I would like to get us to talk about the best way to achieve a desired
> outcome - what is the desired percentage of talks that should be given by
> women, how we will achieve that goal, and when shall we achieve that goal?
>
> thanks,
> Andrew
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
*Kelly Santalucia*

*Membership and Business Liaison*

*OWASP Foundation*

*1200-C Agora Drive, #232*

*Bel Air, MD  21014*

*USA*

*Direct: 1+ 973-670-5784*

*Fax: 1+ 443-283-4021 *

Skype: kelly.santalucia
Url:https://www.owasp.org

*Join us at AppSecEU 2015 <https://2015.appsec.eu> in Amsterdam and at
AppSecUSA 2015 <http://2015.appsecusa.org/home.html> in San Francisco!!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150227/bb55cc9e/attachment-0003.html>


More information about the Owasp-board mailing list