[Owasp-board] Code of conduct freshen up

Paul Ritchie paul.ritchie at owasp.org
Tue Jan 5 19:17:30 UTC 2016

Hi Andrew & Board List:
I didn't see any other comments on this yet, but I do want to comment on
our Code of Conduct & procedures here at OWASP Foundation.

The good news, we have a defined OWASP Code of conduct, as well as many
other defined policy statements found here on our Wiki.

In addition, we have a* defined process for 'Whistle-blowers'* who might
want to report harassment or mis-conduct by community, leaders or staff.
It covers both an 'informal' complaint process as well as the more formal
complaint process.
Under the Formal process *we also have a 'Compliance Officer' position* who
can address these issues with the necessary level of experience, discretion
and privacy.
And, during 2015 *all Board members and Executive Director took a refresher
course on 'Anti-harassment for Managers*', as recommended during our Audit
the prior year.

Where OWASP has been weak, Paul's opinion.
1.  We too frequently have NOT responded to individuals or community in a
timely manner on status or outcome of our investigations.
Martin, our compliance officer has done a great job on several past issues,
but I noticed our Board stalled occasionally trying to reach consensus on
content & timing of a community response.  In my role as Executive
Director, I will help drive these topics to more prompt action.

2.  Board leadership needs to be more aware of "when" they are making
'individual' comments/opinions via email, and "when" their comments might
be viewed as the OWASP Board 'point of view'.    I think the community does
not separate the two, so Board members should strive to clarify that
whenever possible.
Again, in my role as Executive Director....when some of these comments
start to drift into personal attacks or demeaning language.....I plan to
jump in and 'mediate' so we don't have community volunteers who feel they
need to 'leave' because others challenge their opinions.

My view on my personal management of the situation going forward.

Cheers, Paul

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie at owasp.org

On Sun, Jan 3, 2016 at 8:27 PM, Andrew van der Stock <vanderaj at owasp.org>

> Please have a read of this, and compare to our own experience,
> particularly over the last couple of years.
> http://blog.randi.io/2015/12/31/the-developer-formerly-known-as-freebsdgirl/
> Please look at Randi's list, and let's talk about freshening up our CoC to
> include some if not all of these points to avert similar problems in the
> future.
> thanks,
> Andrew
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160105/89765ea8/attachment.html>

More information about the Owasp-board mailing list