[Owasp-board] RSA

Jim Manico jim.manico at owasp.org
Sun May 31 20:11:20 UTC 2015


... And I think it's a very good idea to back standards like WAFEC because it describes how to evaluate commercial products without actually endorsing any commercial product. 

That kind of bridge between open-source/open-content and commercial products is something that I think is in step with our mission and are activities I participate in.

The moment you start to mention specific commercial companies I feel more in breach of what I feel are core aspects to our mission. 

These discussions are great on the board list so we can have a more transparent discussion. Board meeting are time boxed and not the best place for philosophical conversation, IMO.

Respectfully,
--
Jim Manico
@Manicode
(808) 652-3805

> On May 31, 2015, at 12:40 PM, Michael Coates <michael.coates at owasp.org> wrote:
> 
> A good item for discussion on the board call. I wouldn't say that our mission circles around not endorsing commercial endeavors. The two snippets below point at the primary goal of software security visibility and the second quote points about freedom from commercial pressure but also acknowledgement that inforaed use of commercial technology is fine.
> 
> My point is that from a mission perspective I don't believe we have to actively avoid a more commercial conference. Of course, it it provides no value then that's another thing.
> 
> Food for thought, good item to discuss on the board call.
> 
> 
> 
> "Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks."
> 
> and
> 
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
> 
> "Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology."
> 
> 
> 
> 
> --
> Michael Coates | @_mwc
> OWASP Global Board
> Join me at AppSecUSA 2015 in San Francisco!
> 
> 
> 
> 
>> On Sun, May 31, 2015 at 10:43 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> Part of our mission is not to endorse commercial endeavors. I feel that must be a part of the conversation with RSA or any OWASP partnership.
>> 
>> Thanks all,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On May 31, 2015, at 10:20 AM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> 
>>> Hi Matt, 
>>> 
>>> thanks for bringing this on the board list. 
>>> 
>>> I agree with Matt in that I see no problem at this point to have a conversation with RSA on potential cooperation. To my knowledge we have in the past not spend a lot of money on that, and I see no reason to change that. 
>>> 
>>> I also agree that we should prioritise our activities to maximise our outreach and strategic goals. 
>>> 
>>> Therefore, I would like to encourage reopening communication with RSA to explore opportunities that are of interest for OWASP to spread our mission. 
>>> 
>>> I suggest that we put this item for discussion and conclusion at our next board meeting on June-14. 
>>> https://owasp.org/index.php/June_14,_2015
>>> 
>>> Best regards, Tobias
>>> 
>>> 
>>> 
>>>> On 28/05/15 16:00, Matt Konda wrote:
>>>> Hi.
>>>> 
>>>> Building on an interesting question Fabio raised around talking with the RSA conference organizing committee to explore potential collaboration, here are my thoughts: 
>>>> I have no problem with having a conversation.
>>>> I don't see RSA as strategically aligned with our objectives so I wouldn't necessarily be inclined to invest a lot of money or time.
>>>> I would tend to favor targeting active efforts and investments toward developer conferences and cross pollination.
>>>> Of course, RSA is a huge, vendor friendly conference so to the extent that we can achieve mutually beneficial results that advance our objectives (raise membership, increase involvement, etc.) without a very significant investment I would be open to it.
>>>> I just think we have to weigh the pros / cons of the setup and make sure we don't lose sight of our key goals.
>>>> 
>>>> I hope this makes sense.
>>>> Matt
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> 
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150531/e55552ba/attachment.html>


More information about the Owasp-board mailing list