[Owasp-board] Fwd: FW: Circling Back

Tom Brennan tomb at owasp.org
Sat Nov 12 15:04:04 UTC 2016

FYI  @ Board / Staff we should status this effort at the next board
meeting.  On background below.  I will add it to the agenda. Please review
prior to the meeting and bring with you related updates and 2017 plans.

---------- Forwarded message ----------
From: Cliff Perlman <Cliff at perlmanandperlman.com>
Date: Mon, Jun 6, 2016 at 12:06 PM
Subject: FW: Circling Back
To: "Tom Brennan - OWASP (tomb at owasp.org)" <tomb at owasp.org>

*From:* Jon Dartley
*Sent:* Friday, February 05, 2016 12:29 AM
*To:* tomb at proactiverisk.com; paul.ritchie at owasp.org;
claudia.aviles-casanovas at owasp.org
*Subject:* Circling Back

Hi Paul, Claudia and Tom -

I took some time to familiarize myself with the OWASP website and
accompanying materials, including reading through the Project Handbook.
Unquestionably, the website offers a wealth of resources and tools.  But I
agree that from a legal and policy perspective, there is some work to be
done to make sure you are appropriately elucidating standards to be
followed and binding users to certain obligations.  With that in mind, my
initial recommendation - subject to your feedback and any further
discussions, is detailed below.  I have also provided some time estimates
to accomplish the below - which is always more of an art than a science -
and in the case for 1 and 2 they are broader in range than might typically
be the case because of the complexity of the OWASP website, and a number of
questions and assumptions that will need to be addressed and that,
depending upon the answers/feedback, will effect what needs to be drafted
or addressed.

1) Revise the Project Handbook (there is a good portion that should be
rephrased or reworded to avoid making promises that may not be met in every
circumstance, as an example) and integrate with a separate, new Project
Leader (and team members) Terms and Conditions - basically trying to
establish certain standards and "terms and conditions" that Project Leaders
must follow when undertaking a project under the OWASP banner. 8-12 hours,
+ or - 3.

2) Draft a Terms of Use for OWASP website visitors/users - currently just
have disclaimers, which is not sufficient.   In addition to disclaimers -
which will need to be redrafted - I recommend having end users agree to a
variety of terms and conditions as well, governing their use of the website
and resources, establishing expectations, and providing OWASP with
additional protections and enforcement options. 8-12 hours, + or -3.

3) Consider additional terms and conditions (or at least standards) for
Project Reviewers (those passing judgment and ensuring quality of Projects)
- this is certainly not a priority, but something to consider, at some
point. 4-6 hours, + or - 2.

4) Review and revise privacy policy - the current privacy policy link
redirects to the Wikipedia's PP, which has not been updated since 2014.
Highly unlikely that the 2 organizations have the exact same, backend
data-gathering practices.  The most important aspect to any privacy policy
is transparency as to online data-gathering practices, so I suggest we take
an updated look at what is currently being collected, and how shared.  I
have a questionnaire that can help start the conversation.  6 hours - + or
- 2.

Hope this helps.  As always, happy to discuss.


*Jon Dartley*
*Attorney At Law – Of Counsel*
jon at perlmanandperlman.com

41 Madison Avenue, Suite 4000
New York, NY 10010-2202
P: (212) 889-0575 | F: (212) 743-8120

 Please consider the environment before printing this e-mail.

This e-mail message may contain legally privileged and/or confidential
information. Email messages to non-clients are normally confidential and
may also be legally privileged. If you are not the intended recipient(s),
or the employee or agent responsible for delivery of this message to the
intended recipient(s), you are hereby notified that any dissemination,
distribution or copying of this e-mail message is strictly prohibited. If
you have received this message in error, please immediately notify the
sender and delete this e-mail message from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161112/172b4949/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Tree_2654d3b4-9686-4ecb-a23a-140d0531ad61.jpg
Type: image/jpeg
Size: 13314 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161112/172b4949/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PerlmanLogo_f69e15e7-e87a-49c9-926a-5352e1ab3473.jpg
Type: image/jpeg
Size: 4528 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161112/172b4949/attachment-0003.jpg>

More information about the Owasp-board mailing list