[Owasp-board] RSA

Josh Sokol josh.sokol at owasp.org
Thu May 28 21:29:10 UTC 2015


I agree as well.  With revelations coming forth last year that RSA
intentionally subverted it's cryptography for a payment by the NSA, I think
it's fair to say that the goals of OWASP to "make software security
visible, so that individuals and organizations worldwide can make informed
decisions about true software security risks" and those of RSA may not be
in alignment.  I would prefer, in this situation, for OWASP to either
support BSides or one of the other non-vendor-oriented events taking place
during this time or for us to host our own event (competing or
complementary TBD) like we did last year.

~josh

On Thu, May 28, 2015 at 9:23 AM, Jim Manico <jim.manico at owasp.org> wrote:

>  +1 Matt.
>
> We have a mission to steer clear of endorsing commercial companies. This
> is a very important factor in keeping our volunteers motivated and willing
> to help us meet the OWASP goals of "everything free and open" around
> spreading AppSec awareness.
>
> I question the whole program around co-marketing with commercial
> conferences since it's pretty much an endorsement of their conference.
>
> So while we should be sending folks to developer conference to spread
> awareness, I would prefer to limit "conference marketing partnerships" with
> conferences that are open source and largely non-commercial.
>
> But make no mistake, I think Matt's take on the RSA issue is pretty spot
> on.
>
> So to board members who are actively doing things like making partnerships
> with commercial companies, or trying to steer us in the direction of
> delivering commercial services, I ask you to please re-focus on free and
> open as well as vendor neutrality.
>
> Aloha,
> Jim Manico
>
>
>
>
>
> On 5/28/15 4:00 PM, Matt Konda wrote:
>
> Hi.
>
>  Building on an interesting question Fabio raised around talking with the
> RSA conference organizing committee to explore potential collaboration,
> here are my thoughts:
>
>    1. I have no problem with having a conversation.
>    2. I don't see RSA as strategically aligned with our objectives so I
>    wouldn't necessarily be inclined to invest a lot of money or time.
>    3. I would tend to favor targeting active efforts and investments
>    toward developer conferences and cross pollination.
>    4. Of course, RSA is a huge, vendor friendly conference so to the
>    extent that we can achieve mutually beneficial results that advance our
>    objectives (raise membership, increase involvement, etc.) without a very
>    significant investment I would be open to it.
>
> I just think we have to weigh the pros / cons of the setup and make sure
> we don't lose sight of our key goals.
>
>  I hope this makes sense.
> Matt
>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150528/a294f6a2/attachment.html>


More information about the Owasp-board mailing list