[Owasp-board] Board meeting on Oct - 14 - list of topics

psiinon psiinon at gmail.com
Fri Oct 9 13:16:39 UTC 2015


I completely agree with that :)

On Fri, Oct 9, 2015 at 2:15 PM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Simon,
>
> We have been discussing this behind closed doors and your thoughts are
> vital to our interests. One of the additional points that I personally
> believe should be encouraged for this specific project (but any
> certification style project as well) is the actuality and appearance of
> independence is paramount if it is to have OWASP's name on it.
>
> IMHO, If there is a lack of perceived independence, it not only harms
> OWASP, it also harms the benchmark. The project should be recruiting far
> and wide to bring more people into the fold.
>
> thanks
> Andrew
>
> On Fri, Oct 9, 2015 at 11:09 PM, psiinon <psiinon at gmail.com> wrote:
>
>> I have already suggested some possible actions on the leaders list, but
>> just to be clear:
>>
>> I would like the board to initiate an ethical review of the Benchmark to
>> be performed by respected and independent OWASP members.
>> It should look at whether the Benchmark project has brought OWASP into
>> disrepute - either intentionally or unintentionally.
>> It should also make recommendations as to remedial actions and proposals
>> to prevent this sort of controversy in the future (both if deemed
>> appropriate).
>>
>> Personally I would like the Benchmark projects to:
>>
>>    - Clearly state that the project is at an early stage and that the
>>    results should not be used for any marketing purposes
>>    - Clearly state which companies have contributed code to date (and in
>>    what proportions)
>>    - Bring on a respected co-leader who is independent of all open and
>>    closed source security tools who would focus on ensuring that the project
>>    is (and is seen to be) as independent as possible
>>
>> I would also like OWASP as an organisation to make a public statement
>> making it clear that the project is at an early stage and that the results
>> should not be used for any marketing purposes.
>>
>> But those are my recommendations and an ethical review (if it happens)
>> could either propose those or propose other actions (or indeed none).
>>
>> Is that clear enough?
>>
>> I'd be very interested to hear of other people suggestions as well :)
>>
>> Simon
>>
>>
>>
>> On Fri, Oct 9, 2015 at 12:43 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Tobias and Simon,
>>>
>>> I am very disappointed at the vendors in question and I think this
>>> situation is leaving a very negative impression on our community at large.
>>> But I too am not sure what the best course of action is. This is a very
>>> tricky situation. :(
>>>
>>> Aloha,
>>> Jim
>>>
>>>
>>>
>>> On 10/9/15 1:26 PM, Tobias wrote:
>>>
>>> Hi Simon,
>>>
>>> thanks a lot for bringing this up and reminding.
>>> Highly appreciated.
>>> It is bad luck you won't be able to join the call, but in addition to
>>> put it on the agenda, if you have a specific proposal or suggestion what
>>> action should be take, please feel free to send beforehand via email,
>>> either in public to the board list or to some board members for
>>> consideration.
>>>
>>> I have been thinking about this project situation for quite a bit now
>>> and am still not sure what is the right answer.
>>>
>>> Best, Tobias
>>>
>>>
>>> On 09/10/15 11:39, psiinon wrote:
>>>
>>> Thanks :)
>>>
>>> If it was at a more reasonable time for me I'd join in, but
>>> unfortunately its not.
>>> Look forward to seeing what's decided...
>>>
>>> On Fri, Oct 9, 2015 at 10:35 AM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>>
>>>> I will add this to the agenda.
>>>>
>>>> - Jim
>>>>
>>>>
>>>> On 10/9/15 11:28 AM, psiinon wrote:
>>>>
>>>> *sigh*
>>>>
>>>> So no discussion about the Benchmark project then?
>>>>
>>>> I think the board _should_ discuss it, and I've explicitly asked for it
>>>> to be discussed.
>>>>
>>>> I dont think I'll be the only OWASP member who will be disappointed it
>>>> its not....
>>>>
>>>> Simon
>>>>
>>>> On Fri, Oct 9, 2015 at 10:23 AM, Tobias < <tobias.gondrom at owasp.org>
>>>> tobias.gondrom at owasp.org> wrote:
>>>>
>>>>> Dear fellow board members,
>>>>>
>>>>> for our meeting on Oct-14 and in general I have the following topics
>>>>> for your consideration:
>>>>>
>>>>> * structuring of meetings:
>>>>> To have a better time management, I like to introduce that we in the
>>>>> future list proposed durations to each point, one duration for you
>>>>> presenting the proposal, second duration for discussion time if a vote is
>>>>> needed - 1min
>>>>>
>>>>> * remove the section on chairman's and role reports and move to a
>>>>> topic based agenda (3min)
>>>>> IMO the different report sections for each board member are not useful
>>>>> to keep us efficient. I would suggest to move to a topic based agenda. Not
>>>>> in the order of roles.
>>>>>
>>>>> * Start of Budgeting for 2016 discussion & timeline (2min)
>>>>> This is just to announce that we initiate our budgeting phase now for
>>>>> 2016. Which needs to close by December.
>>>>>
>>>>> * start of review of Strategic Goals for 2015 and Discussion on
>>>>> Strategic Goals for 2016 - timeline (2min)
>>>>> This is just to announce that we initiate our budgeting phase now for
>>>>> 2016. Which needs to close by December.
>>>>>
>>>>> * evotes procedure: how many days should we wait between second of
>>>>> motion to give all board members time to raise discussion?
>>>>> As we like to be able to conduct evotes, it would be good to have a
>>>>> common understanding on the procedure.
>>>>> making a motion and seconding it via emails is clear. However, for the
>>>>> next step of giving opportunity for discussion before we move to vote, I
>>>>> like to hear from the board how much time we shall give to raise discussion
>>>>> elements before we progress to an evote. This is not to set a time limit on
>>>>> an ongoing discussion, but to understand the timelimit we shall set for
>>>>> silence by board members in case a topic is raised but not questions for
>>>>> discussion are raised by board members before we can progress to an evote.
>>>>>
>>>>> * bylaws: term limits (will raise in seperate email, 5 min, initial
>>>>> discussion, vote could come next month or via evote)
>>>>>
>>>>> Best regards, Tobias
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Owasp-board mailing list
>>>>> Owasp-board at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>>
>>>> --
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundationhttps://www.owasp.org
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>>
>>>
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundationhttps://www.owasp.org
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20151009/6fb8beed/attachment-0001.html>


More information about the Owasp-board mailing list