[Owasp-board] [Owasp-community] IAB Statement on the Trade in Security Technologies

Kevin W. Wall kevin.w.wall at gmail.com
Sat Jun 20 19:47:37 UTC 2015


On Sat, Jun 20, 2015 at 2:55 PM, Jim Manico <jim.manico at owasp.org> wrote:
> That is fair Michael.
> But I do want to warn the community that this is a slippery slope, we are
> being watched, and trying to influence legislation is one of the few ways
> OWASP can lose it's charitable status. And if that happens, the debate about
> what to do with our funds will quickly change for the worse.

I don't think that it is impossible for charitable organizations to comment
on public possible without loosing their 501(c)(3) status, but it just has
to be done in the right way. (However, IANAL, so I don't even begin to
know the details of what that "right way" would entail.)

As a case in point, the ACM has a 501(c)(3) not-for-profit status, and
yet their public policy arm--the USACM--has certainly tried to influence
public policy. (Recall the crypto debate from the late 1990s? The USACM
and IEEE wrote a letter to Sen. John McCain to try to influence the US
legislation not to pass laws to mandate weak encryption. E.g., see

So I'm guessing that the devil is in the details of how it is done.  In fact,
according to Spaf's blog at
the USACM is going through this same this this again. Like I said, I am not
a lawyer and maybe this attempt to influence public policy doesn't strictly
qualify as "lobbying" in the eyes of the IRS. But it certainly doesn't seem

Also, we can--and should--all speak out strongly against things that we believe
are against the OWASP mission, but we don't have to do it in a manner as
representing OWASP. Do that on your personal blogs or social media instead
of OWASP mailing lists and there shouldn't be an issue, especially if you add
a short disclaimer as to how your opinion does not necessarily affect the
opinion of OWASP overall (in the cases when there might be some doubt).

So perhaps if we decide that we officially want to speak out on certain
public policy as an organization in order to influence public policy in
accordance with our mission statements, then someone who understands
the nuances of the 501(c)(3) IRS regulations could help OWASP navigate
these waters.

Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.

More information about the Owasp-board mailing list