[Owasp-board] Code of conduct for OWASP events

Helen Gao helen.gao at owasp.org
Fri Feb 27 15:23:41 UTC 2015

Hi Andrew, Michael and the board.

I don't know what made me to speak out twice in one day even though I am
not a board member. But I admire Andrew's effort of bring this matter to
the boardroom. The question of the desired percentage reminds me of the 30%
Club <http://30percentclub.org/>. It's launched in the UK in 2010 with a
goal of 30% women corporate boards by end 2015. We shouldn't set a hard
percentage risking the quality of speakers, but the success of 30% Club did
show the effectiveness of goal setting.

BTW, 3 OWASP chapters in the New York metropolitan area are co-organizers
of New York Metro Joint Cyber Security Conference 2015. There was a well
received panel discussion of female CISOs in last year's conference. I
expect to see more female participation this year.



On Fri, Feb 27, 2015 at 1:12 AM, Michael Coates <michael.coates at owasp.org>

> Andrew,
> (To address the policies comments)
> Here are the conference speaker policies. These policies address most of
> your comments already.We just need to make sure the policies are visible on
> the conference website and not just on the owasp wiki and also in our terms
> and contracts.
> https://www.owasp.org/index.php/Governance/Conference_Policies
>  I'll fix AppSecUSA in just a moment.
> (Regarding diversity of speakers)
> Agree that more diversity in submission is better than less.
> * Require conference committees to send out invitations to as many women
> speakers as possible there is diversity in submissions.
> > I'm not sure what this means in practice. We're broadcasting out CFP far
> and wide. Perhaps the community can create a google spreadsheet with lists
> of ideas to advertise AppSec conferences. We can then make it standard
> practice for conferences to advertise CFP to everything on the list.
> * We should also help with helping folks create solid CFPs that are more
> likely to succeed if submissions are to be chosen solely by merit.
> > Certainly not against it. If a group wants to provide tips and
> techniques to make better CFPs then that's great. I don't think this should
> be a requirement or expectation of the conference organizers. They already
> have plenty of items on their plate.
> * what is the desired percentage of talks that should be given by women,
> how we will achieve that goal, and when shall we achieve that goal?
> > Discussion is good. We should always select the best talks for a
> conference. We should also always encourage a wide range of people to
> submit talks and help them submit good talks. In addition OWASP has such a
> range of speaking opportunities from global conferences to regional and
> local events there are numerous ways for people to build their speaking
> skills This however is separate from target percentages which I don't
> believe would have the net effect you're hoping for.
> --
> Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
> OWASP Global Board
> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
> On Thu, Feb 26, 2015 at 7:13 PM, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>> Hi folks,
>> It's way, way, way past time for discussions to start as we are running
>> several global branded events in 2015 and NONE of them have a code of
>> conduct or anti-harrassment policy and already two of our three or four
>> events have either zero or only one woman speakers, despite AppSec EU
>> having over 120 CFP submissions.
>> If you believe things are fine or that is just how our industry is, that
>> ship sailed back in 1950. Let's get to a consensus and work towards fixing
>> this problem.
>> We have almost certainly started to sign up sponsors, vendors, and CFPs
>> are open, so we have to do something now before we can't until 2016.
>> Inaction allows the status quo to thrive, and it's really unacceptable.
>> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
>> https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf
>> LatAm Tour 2015: Instructor agreement: Nothing. No women instructors as
>> far as I can tell
>> https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf
>> LatAm Tour 2015: Sponsor opportunities. Nothing
>> https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf
>> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor information.
>> Just one woman co-speaker selected from 120 submissions. Really? In 2015?
>> http://2015.appsec.eu/wp-content/uploads/2014/12/AppSec-Eu_Research-2015_Amsterdam_Sponsor-document.pdf
>> AppSecUSA 2015 code of conduct: Nothing.
>> AppSecUSA 2015 vendor form: Nothing.
>> https://docs.google.com/forms/d/1Mh7PoELRg1fyc9NHQVrzHrmEh3yEh3qPljKa93oISjc/viewform
>> AppSecUSA 2015 speaker agreement form: Nothing
>> https://2015.appsecusa.org/c/wp-content/uploads/2015/02/AppSec-USA-2015_Speaker-Agreement.pdf
>> Maybe now you can see the problem. It shouldn't be up to the organizers
>> of each year to determine and include these policies, they should be
>> overlays for all our events, like our Code of Ethics is.
>> Despite all this doom and gloom, our anti-harassment policy for OWASP
>> AppSec USA 2014 is okay. It's not surprising that there were women speakers
>> at this event, but only just barely: five women speakers out of 78 (6%),
>> including Kate who talked about starting a chapter. This is actually our
>> best representation for all the events I looked at.
>> AppSecUSA 2014 Code of conduct:
>> https://www.owasp.org/index.php/AppSec_USA_2014/Conference_Policies#Anti_Harassment_Policy
>> It should be linked to in all speaker agreement, the vendor and
>> sponsorship agreements. I am very disappointed that none of the events in
>> 2015 seem to be using it.
>> Other code of conducts you may be interested in:
>> Linux.conf.au is the only global Linux conference Linus attends every
>> year.
>> http://linux.conf.au/cor/code_of_conduct
>> Black Hat did not implode with this code of conduct:
>> https://www.blackhat.com/code-of-conduct.html
>> KiwiCon's Code of Conduct is antipodean direct:
>> https://www.kiwicon.org/faq/code-of-conduct/
>> They kicked out speakers Ben Nagy and the Grugq last year, so it's not
>> just ASCII art.
>> I wanted to share with you BruCon's Code of Conduct as they started with
>> the Ada Initiative in 2013, and then modified it after it was used against
>> them.
>> At the very least, I'm looking for the Board to discuss this issue at our
>> next Board meeting, and I'd like for us to vote on the following as a
>> package:
>> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment policy the
>> de facto starting point for all our conferences, globally.
>> * Adopt a reference in the standard OWASP Speaker's agreement form that
>> points to this policy
>> * Add in a reference to the standard OWASP vendor / sponsor agreement
>> form that points to this policy, as well as prohibiting sexualized staff
>> members (booth babes and the fictitious booth dudes).
>> * Require the LatAm Tour, AppSec EU and AppSec US 2015 organisers to use
>> these updated policies, which will almost certainly entail getting back to
>> the already chosen speakers, sponsors and vendors and getting them to
>> re-agree to it. As it was already policy in 2014, this shouldn't be too
>> much of a stretch as it was most likely overlooked or forgotten.
>> For AppSec USA 2015 and beyond, we really need to get them to encourage
>> submissions from women. If a conference gets zero CFP submissions by women,
>> you will have zero talks by women. I do not believe for a second there are
>> zero women in our industry. We need to stop being passive about this, and
>> start recruiting women to submit talks.
>> * Require conference committees to send out invitations to as many women
>> speakers as possible there is diversity in submissions.
>> * We should also help with helping folks create solid CFPs that are more
>> likely to succeed if submissions are to be chosen solely by merit. I don't
>> think this should be restricted to just women, but should also include
>> first time speakers, who often struggle to get their first speaking gig at
>> a large conference.
>> I would like to get us to talk about the best way to achieve a desired
>> outcome - what is the desired percentage of talks that should be given by
>> women, how we will achieve that goal, and when shall we achieve that goal?
>> thanks,
>> Andrew
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150227/55bf9ac2/attachment-0003.html>

More information about the Owasp-board mailing list