[Owasp-board] Fwd: Re: Compliance Officer for 2015

Ahmed Neil ahmed.neil at owasp.org
Sat May 2 22:46:57 UTC 2015


Sorry I did not mean to respond to Yiannis only..it was a mistake.
---------- Forwarded message ----------
From: "Ahmed Neil" <ahmed.neil at owasp.org>
Date: May 3, 2015 1:45 AM
Subject: Re: [Owasp-board] Compliance Officer for 2015
To: "Yiannis Pavlosoglou" <yiannis at seleucus.net>
Cc:

I proposed before in the first announcement for the call for the role, and
someone said that Martin will reconsider the role. I appreciate Martin and
I know he can do the job. I still can work with him if that applicable.
On Apr 30, 2015 11:15 AM, "Yiannis Pavlosoglou" <yiannis at seleucus.net>
wrote:

> Hi all,
>
> I would like to volunteer as the compliance officer and also would like to
> propose a way to address the issue of this thread that Martin correctly
> identified in a 2 year plan.
>
> Thank you,
>
> Yiannis
> On 30 Apr 2015 09:11, "Martin Knobloch" <martin.knobloch at owasp.org> wrote:
>
>> All,
>>
>> Due to the upcomming AppSec-Eu conference, I have not been able to join
>> the last board call.
>>
>> For your remark, Matt, just some thoughts that cam up when reading your
>> comment (and writing this):
>>
>> The regular ongoing cases are not the problem. Indeed, in case of a major
>> compliant case, as last year, I do not scale much as one person. Saying, as
>> I am volunteer in this role, a case of that extend as last year does take
>> quite some resources in time-wise.
>> Also, I have a serious feeling (you never can tell for sure) in person
>> meeting with the involved parties could have prevented  the case to blow up
>> as it did. In the past I have asked if a travel budget during a serious
>> case would be possible, but was rejected by the previous board. I
>> understand the reasoning, we are IT people and know you can meet online,
>> but in such a case in person meetings are very helpful. You just can talk
>> differently in a private space, face to face, than online.
>>
>> As I am involved in OWASP for quite some time, many have become friends.
>> Luckily, until now parties have always accepted and approved my
>> independence and objectiveness.
>> This might be more difficult for a committee, I don't know.
>>
>> To be honest, I have mixed feelings about the idea of a compliant
>> committee, in previous emails I have explained my concerns about creating a
>> compliance committee.
>> Most definitely, it differs from regular committees, as there is a trust
>> factor to be taken in account. It cannot be, as for current committee
>> setup, you register and you are in.
>>
>> As we hopefully will not face to many complaint cases of the extent of
>> the one major case we had so far, a committee is not solving much:
>> - scalability
>> - local presence (could be interesting)
>>
>> As the responsibility of my role is defined, it is to investigate,
>> mediate where possible, report and advice the board.
>> To be honest, in my experience after last year, I rather predict a
>> complaint committee can make communications cumbersome. Therefore, I
>> currently see more problems than than solutions in having a complaint
>> committee.
>>
>> Cheers,
>> -martin
>>
>> On Thu, Apr 30, 2015 at 5:36 AM, Matt Konda <matt.konda at owasp.org> wrote:
>>
>>> Follow up on this discussion about the Compliance Officer role...
>>>
>>> I was surprised to hear that Martin (or others) might need a committee
>>> to help handle compliance issues.
>>>
>>> I certainly appreciate Martin's work and I understand 2014 was a tough
>>> year for this role, but doing a reality check my sense is that it should be
>>> a relatively manageable amount of work in most years.  I'm worried that
>>> without formal training, lines of responsibility and accountability that
>>> the credibility of the people in this role could get eroded.  I think
>>> Martin maintained credibility and that is part of why he was successful in
>>> the role.
>>>
>>> Therefore, I would suggest that for 2016, we define what the time,
>>> experience and process expectations are more formally and then consider how
>>> to fit that need.  It may be that we do need a committee.  I'm just wary of
>>> going that route prematurely.  Reading the current policy, it is written to
>>> a single person filling the role.
>>>
>>> Thanks,
>>> Matt
>>>
>>>
>>> On Tue, Apr 28, 2015 at 11:08 AM, Andrew van der Stock <
>>> vanderaj at owasp.org> wrote:
>>>
>>>> +1 for Martin here.
>>>>
>>>> On Wed, Apr 8, 2015 at 1:02 AM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>>
>>>>>  I'll do it. On it now.
>>>>>
>>>>>
>>>>> On 4/7/15 8:11 AM, Tobias wrote:
>>>>>
>>>>> I agree that Martin has done a great job as our compliance officer in
>>>>> this tough past year.
>>>>>
>>>>> For the transparency, I would still like to do a quick call for
>>>>> volunteers. Ok?
>>>>>
>>>>> Anyone from my fellow board members volunteering to launch that call?
>>>>> ;-)
>>>>>
>>>>> Cheers, Tobias
>>>>>
>>>>>
>>>>> On 06/04/15 01:32, Josh Sokol wrote:
>>>>>
>>>>>  I just realized that we forgot to nominate and vote on a Compliance
>>>>> Officer for 2015.  For simplicity's sake, and because I think he has done a
>>>>> phenomenal job so far, I wanted to propose that we re-affirm Martin
>>>>> Knobloch as our Compliance Officer for 2015.  Hopefully, after last year's
>>>>> issues, he is still willing to do it.
>>>>>
>>>>>  ~josh
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> --
>> Met vriendelijke groet,
>> -martin
>>
>> ___________________
>> Martin Knobloch
>> OWASP AppSec-Eu/Research 2015 Conference Chair
>> OWASP Netherlands Chapter Leader
>>
>> Email: martin.knobloch at owasp.org
>> Mobile: +31623226933
>> Twitter:  @AppsScE
>>             @owasp_NL
>> Web:    http://owasp.nl
>>             http://appsec.eu
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150503/abc328b2/attachment-0001.html>


More information about the Owasp-board mailing list