[Owasp-board] RSA

Michael Coates michael.coates at owasp.org
Mon Jun 1 00:10:37 UTC 2015


Thanks! Helpful additional points for the conversation.

Appreciate your ideas on this.


--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!




On Sun, May 31, 2015 at 4:22 PM, Bev Corwin <bev.corwin at owasp.org> wrote:

> Hi Micheal,
>
> Ok, Just a few quick thoughts:
>
> Without an overall strategic approach for relationships and relationship
> models, and without their legal frameworks reviewed and approved by legal
> advisors, this case by case basis may work for a while, but I can see
> potential conflicts with this approach longer term. If OWASP is currently
> receiving public funds for existing projects, especially, this may put
> OWASP in more of a "PPP - public private partnership" space, rather than
> purely "public charity" space, and, therefore, could be held to much higher
> legal standards. Something that I would want to review with legal advisors
> to assure appropriate frameworks with any external relationship models.
>
> I also think that Jim is right about partnering directly with commercial
> entities, especially since OWASP already has defined appropriate
> relationships with commercial entities through sponsorships, for example.
> Partnering on an event in a direct co-marketing relationship may be more
> appropriate as a media event partner basis, rather than co-producing /
> profit sharing, etc., events. As Jim also mentioned, another non profit or
> public private consortium may be better suited for implementing any
> co-production partnerships. Therefore, I tend to support media partners for
> events as opposed to co-production partnerships with events. Also,
> commercial entities might be better suited as an OWASP event sponsors,
> based on what I've read here in previous posts.
>
> However, I often go back to OWASP's Purpose Statement: "Be the thriving
> global community that drives visibility and evolution in the safety and
> security of the world’s software." and also from OWASP's Values: "
> *INNOVATION* OWASP encourages and supports innovation and experiments for
> solutions to software security challenges." Therefore, If OWASP drives
> visibility and evolution, and encourages and supports innovation, perhaps
> there are broader and more flexible relationship innovations that OWASP
> could explore, for some of these relationships in the future, but this is a
> conversation that needs to happen so that the appropriate relationship
> models can be better defined, and approved by legal advisors, etc.
>
> Just my two cents for now. I'll put some more thought into these matters
> and may have more to say later. In the meantime, I believe that having
> these conversations is important, IMHO. Best wishes, Bev
>
> On Sun, May 31, 2015 at 5:56 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
>> Bev,
>>
>> Can you elaborate more on why we need to better define this? Is there a
>> particular concern you're noticing?
>>
>> In general the operations team evaluates partnership opportunities in a
>> case by case basis and seems to be doing a great job.
>>
>> I'm just looking to understand your view better.
>>
>> Thanks!
>>
>>
>>
>> On May 31, 2015, at 2:50 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>
>> It sounds like OWASP needs to better define "appropriate" collaboration
>> models for External Development and external relationships. is there an
>> External Development Committee?
>>
>> Bev
>>
>> On Sun, May 31, 2015 at 5:38 PM, Michael Coates <michael.coates at owasp.org
>> > wrote:
>>
>>> Oh, definitely not.  Not intending to minimize at all. I want us to be
>>> open to discussions about the various areas to determine if it provides
>>> value to Owasp. That's why I mention our mission doesn't preclude us from
>>> evaluating the situation.
>>>
>>>
>>>
>>> On May 31, 2015, at 1:06 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> > I wouldn't say that our mission circles around not endorsing
>>> commercial endeavors.
>>>
>>> Fair wordsmithing, but it's still a critical aspect to our organization
>>> and is a critical factor in motivating our volunteer corps. I suggest you
>>> take it seriously and do not minimize it, Michael.
>>>
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On May 31, 2015, at 12:40 PM, Michael Coates <michael.coates at owasp.org>
>>> wrote:
>>>
>>> A good item for discussion on the board call. I wouldn't say that our
>>> mission circles around not endorsing commercial endeavors. The two snippets
>>> below point at the primary goal of software security visibility and the
>>> second quote points about freedom from commercial pressure but also
>>> acknowledgement that inforaed use of commercial technology is fine.
>>>
>>> My point is that from a mission perspective I don't believe we have to
>>> actively avoid a more commercial conference. Of course, it it provides no
>>> value then that's another thing.
>>>
>>> Food for thought, good item to discuss on the board call.
>>>
>>>
>>>
>>> "Our mission is to make software security visible, so that individuals
>>> and organizations worldwide can make informed decisions about true software
>>> security risks."
>>>
>>> and
>>>
>>>
>>> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
>>>
>>> "Our freedom from commercial pressures allows us to provide unbiased,
>>> practical, cost-effective information about application security. OWASP is
>>> not affiliated with any technology company, although we support the
>>> informed use of commercial security technology."
>>>
>>>
>>>
>>>
>>> --
>>> Michael Coates | @_mwc
>>> <https://twitter.com/intent/user?screen_name=_mwc>
>>> OWASP Global Board
>>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>>
>>>
>>>
>>>
>>> On Sun, May 31, 2015 at 10:43 AM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>>
>>>> Part of our mission is not to endorse commercial endeavors. I feel that
>>>> must be a part of the conversation with RSA or any OWASP partnership.
>>>>
>>>> Thanks all,
>>>> --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On May 31, 2015, at 10:20 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>>>
>>>> Hi Matt,
>>>>
>>>> thanks for bringing this on the board list.
>>>>
>>>> I agree with Matt in that I see no problem at this point to have a
>>>> conversation with RSA on potential cooperation. To my knowledge we have in
>>>> the past not spend a lot of money on that, and I see no reason to change
>>>> that.
>>>>
>>>> I also agree that we should prioritise our activities to maximise our
>>>> outreach and strategic goals.
>>>>
>>>> Therefore, I would like to encourage reopening communication with RSA
>>>> to explore opportunities that are of interest for OWASP to spread our
>>>> mission.
>>>>
>>>> I suggest that we put this item for discussion and conclusion at our
>>>> next board meeting on June-14.
>>>> https://owasp.org/index.php/June_14,_2015
>>>>
>>>> Best regards, Tobias
>>>>
>>>>
>>>>
>>>> On 28/05/15 16:00, Matt Konda wrote:
>>>>
>>>> Hi.
>>>>
>>>>  Building on an interesting question Fabio raised around talking with
>>>> the RSA conference organizing committee to explore potential collaboration,
>>>> here are my thoughts:
>>>>
>>>>    1. I have no problem with having a conversation.
>>>>    2. I don't see RSA as strategically aligned with our objectives so
>>>>    I wouldn't necessarily be inclined to invest a lot of money or time.
>>>>    3. I would tend to favor targeting active efforts and investments
>>>>    toward developer conferences and cross pollination.
>>>>    4. Of course, RSA is a huge, vendor friendly conference so to the
>>>>    extent that we can achieve mutually beneficial results that advance our
>>>>    objectives (raise membership, increase involvement, etc.) without a very
>>>>    significant investment I would be open to it.
>>>>
>>>> I just think we have to weigh the pros / cons of the setup and make
>>>> sure we don't lose sight of our key goals.
>>>>
>>>>  I hope this makes sense.
>>>> Matt
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150531/24d70adb/attachment.html>


More information about the Owasp-board mailing list