[Owasp-board] Board meeting on Oct - 14 - list of topics

psiinon psiinon at gmail.com
Fri Oct 9 12:09:26 UTC 2015


I have already suggested some possible actions on the leaders list, but
just to be clear:

I would like the board to initiate an ethical review of the Benchmark to be
performed by respected and independent OWASP members.
It should look at whether the Benchmark project has brought OWASP into
disrepute - either intentionally or unintentionally.
It should also make recommendations as to remedial actions and proposals to
prevent this sort of controversy in the future (both if deemed appropriate).

Personally I would like the Benchmark projects to:

   - Clearly state that the project is at an early stage and that the
   results should not be used for any marketing purposes
   - Clearly state which companies have contributed code to date (and in
   what proportions)
   - Bring on a respected co-leader who is independent of all open and
   closed source security tools who would focus on ensuring that the project
   is (and is seen to be) as independent as possible

I would also like OWASP as an organisation to make a public statement
making it clear that the project is at an early stage and that the results
should not be used for any marketing purposes.

But those are my recommendations and an ethical review (if it happens)
could either propose those or propose other actions (or indeed none).

Is that clear enough?

I'd be very interested to hear of other people suggestions as well :)

Simon



On Fri, Oct 9, 2015 at 12:43 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Tobias and Simon,
>
> I am very disappointed at the vendors in question and I think this
> situation is leaving a very negative impression on our community at large.
> But I too am not sure what the best course of action is. This is a very
> tricky situation. :(
>
> Aloha,
> Jim
>
>
>
> On 10/9/15 1:26 PM, Tobias wrote:
>
> Hi Simon,
>
> thanks a lot for bringing this up and reminding.
> Highly appreciated.
> It is bad luck you won't be able to join the call, but in addition to put
> it on the agenda, if you have a specific proposal or suggestion what action
> should be take, please feel free to send beforehand via email, either in
> public to the board list or to some board members for consideration.
>
> I have been thinking about this project situation for quite a bit now and
> am still not sure what is the right answer.
>
> Best, Tobias
>
>
> On 09/10/15 11:39, psiinon wrote:
>
> Thanks :)
>
> If it was at a more reasonable time for me I'd join in, but unfortunately
> its not.
> Look forward to seeing what's decided...
>
> On Fri, Oct 9, 2015 at 10:35 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> I will add this to the agenda.
>>
>> - Jim
>>
>>
>> On 10/9/15 11:28 AM, psiinon wrote:
>>
>> *sigh*
>>
>> So no discussion about the Benchmark project then?
>>
>> I think the board _should_ discuss it, and I've explicitly asked for it
>> to be discussed.
>>
>> I dont think I'll be the only OWASP member who will be disappointed it
>> its not....
>>
>> Simon
>>
>> On Fri, Oct 9, 2015 at 10:23 AM, Tobias < <tobias.gondrom at owasp.org>
>> tobias.gondrom at owasp.org> wrote:
>>
>>> Dear fellow board members,
>>>
>>> for our meeting on Oct-14 and in general I have the following topics for
>>> your consideration:
>>>
>>> * structuring of meetings:
>>> To have a better time management, I like to introduce that we in the
>>> future list proposed durations to each point, one duration for you
>>> presenting the proposal, second duration for discussion time if a vote is
>>> needed - 1min
>>>
>>> * remove the section on chairman's and role reports and move to a topic
>>> based agenda (3min)
>>> IMO the different report sections for each board member are not useful
>>> to keep us efficient. I would suggest to move to a topic based agenda. Not
>>> in the order of roles.
>>>
>>> * Start of Budgeting for 2016 discussion & timeline (2min)
>>> This is just to announce that we initiate our budgeting phase now for
>>> 2016. Which needs to close by December.
>>>
>>> * start of review of Strategic Goals for 2015 and Discussion on
>>> Strategic Goals for 2016 - timeline (2min)
>>> This is just to announce that we initiate our budgeting phase now for
>>> 2016. Which needs to close by December.
>>>
>>> * evotes procedure: how many days should we wait between second of
>>> motion to give all board members time to raise discussion?
>>> As we like to be able to conduct evotes, it would be good to have a
>>> common understanding on the procedure.
>>> making a motion and seconding it via emails is clear. However, for the
>>> next step of giving opportunity for discussion before we move to vote, I
>>> like to hear from the board how much time we shall give to raise discussion
>>> elements before we progress to an evote. This is not to set a time limit on
>>> an ongoing discussion, but to understand the timelimit we shall set for
>>> silence by board members in case a topic is raised but not questions for
>>> discussion are raised by board members before we can progress to an evote.
>>>
>>> * bylaws: term limits (will raise in seperate email, 5 min, initial
>>> discussion, vote could come next month or via evote)
>>>
>>> Best regards, Tobias
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundationhttps://www.owasp.org
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151009/e0b31893/attachment-0001.html>


More information about the Owasp-board mailing list