[Owasp-board] Code of conduct for OWASP events
helen.gao at owasp.org
Fri Feb 27 15:16:52 UTC 2015
Hi Andrew, Michael and the board.
I don't know what made me to speak out twice in one day even though I am
not a board member. But I admire Andrew's effort of bring this matter to
the boardroom. The question of the desired percentage reminds me of the 30%
Club <http://30percentclub.org/>. It's launched in the UK in 2010 with a
goal of 30% women corporate boards by end 2015. We shouldn't set a hard
percentage risking the quality of speakers, but the success of 30% Club did
show the effectiveness of goal setting.
BTW, 3 OWASP chapters in the New York metropolitan area are co-organizers
of New York Metro Joint Cyber Security Conference 2015. There was a well
received panel discussion of female CISOs in last year's conference. I
expect to see more female participation this year.
On Fri, Feb 27, 2015 at 1:12 AM, Michael Coates <michael.coates at owasp.org>
> (To address the policies comments)
> Here are the conference speaker policies. These policies address most of
> your comments already.We just need to make sure the policies are visible on
> the conference website and not just on the owasp wiki and also in our terms
> and contracts.
> I'll fix AppSecUSA in just a moment.
> (Regarding diversity of speakers)
> Agree that more diversity in submission is better than less.
> * Require conference committees to send out invitations to as many women
> speakers as possible there is diversity in submissions.
> > I'm not sure what this means in practice. We're broadcasting out CFP far
> and wide. Perhaps the community can create a google spreadsheet with lists
> of ideas to advertise AppSec conferences. We can then make it standard
> practice for conferences to advertise CFP to everything on the list.
> * We should also help with helping folks create solid CFPs that are more
> likely to succeed if submissions are to be chosen solely by merit.
> > Certainly not against it. If a group wants to provide tips and
> techniques to make better CFPs then that's great. I don't think this should
> be a requirement or expectation of the conference organizers. They already
> have plenty of items on their plate.
> * what is the desired percentage of talks that should be given by women,
> how we will achieve that goal, and when shall we achieve that goal?
> > Discussion is good. We should always select the best talks for a
> conference. We should also always encourage a wide range of people to
> submit talks and help them submit good talks. In addition OWASP has such a
> range of speaking opportunities from global conferences to regional and
> local events there are numerous ways for people to build their speaking
> skills This however is separate from target percentages which I don't
> believe would have the net effect you're hoping for.
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
> On Thu, Feb 26, 2015 at 7:13 PM, Andrew van der Stock <vanderaj at owasp.org>
>> Hi folks,
>> It's way, way, way past time for discussions to start as we are running
>> several global branded events in 2015 and NONE of them have a code of
>> conduct or anti-harrassment policy and already two of our three or four
>> events have either zero or only one woman speakers, despite AppSec EU
>> having over 120 CFP submissions.
>> If you believe things are fine or that is just how our industry is, that
>> ship sailed back in 1950. Let's get to a consensus and work towards fixing
>> this problem.
>> We have almost certainly started to sign up sponsors, vendors, and CFPs
>> are open, so we have to do something now before we can't until 2016.
>> Inaction allows the status quo to thrive, and it's really unacceptable.
>> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
>> LatAm Tour 2015: Instructor agreement: Nothing. No women instructors as
>> far as I can tell
>> LatAm Tour 2015: Sponsor opportunities. Nothing
>> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor information.
>> Just one woman co-speaker selected from 120 submissions. Really? In 2015?
>> AppSecUSA 2015 code of conduct: Nothing.
>> AppSecUSA 2015 vendor form: Nothing.
>> AppSecUSA 2015 speaker agreement form: Nothing
>> Maybe now you can see the problem. It shouldn't be up to the organizers
>> of each year to determine and include these policies, they should be
>> overlays for all our events, like our Code of Ethics is.
>> Despite all this doom and gloom, our anti-harassment policy for OWASP
>> AppSec USA 2014 is okay. It's not surprising that there were women speakers
>> at this event, but only just barely: five women speakers out of 78 (6%),
>> including Kate who talked about starting a chapter. This is actually our
>> best representation for all the events I looked at.
>> AppSecUSA 2014 Code of conduct:
>> It should be linked to in all speaker agreement, the vendor and
>> sponsorship agreements. I am very disappointed that none of the events in
>> 2015 seem to be using it.
>> Other code of conducts you may be interested in:
>> Linux.conf.au is the only global Linux conference Linus attends every
>> Black Hat did not implode with this code of conduct:
>> KiwiCon's Code of Conduct is antipodean direct:
>> They kicked out speakers Ben Nagy and the Grugq last year, so it's not
>> just ASCII art.
>> I wanted to share with you BruCon's Code of Conduct as they started with
>> the Ada Initiative in 2013, and then modified it after it was used against
>> At the very least, I'm looking for the Board to discuss this issue at our
>> next Board meeting, and I'd like for us to vote on the following as a
>> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment policy the
>> de facto starting point for all our conferences, globally.
>> * Adopt a reference in the standard OWASP Speaker's agreement form that
>> points to this policy
>> * Add in a reference to the standard OWASP vendor / sponsor agreement
>> form that points to this policy, as well as prohibiting sexualized staff
>> members (booth babes and the fictitious booth dudes).
>> * Require the LatAm Tour, AppSec EU and AppSec US 2015 organisers to use
>> these updated policies, which will almost certainly entail getting back to
>> the already chosen speakers, sponsors and vendors and getting them to
>> re-agree to it. As it was already policy in 2014, this shouldn't be too
>> much of a stretch as it was most likely overlooked or forgotten.
>> For AppSec USA 2015 and beyond, we really need to get them to encourage
>> submissions from women. If a conference gets zero CFP submissions by women,
>> you will have zero talks by women. I do not believe for a second there are
>> zero women in our industry. We need to stop being passive about this, and
>> start recruiting women to submit talks.
>> * Require conference committees to send out invitations to as many women
>> speakers as possible there is diversity in submissions.
>> * We should also help with helping folks create solid CFPs that are more
>> likely to succeed if submissions are to be chosen solely by merit. I don't
>> think this should be restricted to just women, but should also include
>> first time speakers, who often struggle to get their first speaking gig at
>> a large conference.
>> I would like to get us to talk about the best way to achieve a desired
>> outcome - what is the desired percentage of talks that should be given by
>> women, how we will achieve that goal, and when shall we achieve that goal?
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
Helen Gao, CISSP
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board