[Owasp-board] Update the wiki based on board vote

Josh Sokol josh.sokol at owasp.org
Wed Dec 5 16:47:54 UTC 2018


I mean the response from Fiona where she stated:


   - As per the Whistleblower Policy (
   https://www.owasp.org/index.php/Governance/Whistleblower_Policy ) the
   General powers and authority section (3.01) should include a reference to
   illegal practices as well as violations of adopted policies of the
   organization. Code of ethics violations should be included too.
   - I think there should just be one place for all complaints / issues to
   go otherwise it will get too confusing for the community. So perhaps there
   is a separate 'dispute resolution' committee but they would get direction
   from the Compliance Committee. Compliance committee receive complaints /
   issues, do initial triage, deal with what they can themselves and can pass
   on to other parties as necessary / appropriate:
   - staff issues to ED
      - chapter issues to community manager
      - ED issues to the board
      - Governance issues to governance list
      - Perhaps dispute issues may to a separate committee if necessary
      - Etc..
   - I don’t see anything on complaints and management for the Board of
   Directors in the Bylaws:
   https://www.owasp.org/index.php/OWASP_Foundation_ByLaws although it is
   referenced in the charter. Maybe I am looking in the wrong place but to me
   it is unclear what is being referred to here.
   - There are various references to policies, guidelines, handbooks, etc.
   Links to these in an appendix would be useful for reference
   - Not sure if this is the place but better guidance for the community on
   what constitutes a formal complaint. We often get cc'd on email threads
   which tends to lead to confusion on whether or not a complaint has been
   made, what the next steps are .
   - It looks like going forward this will be a larger committee so there
   should be plenty of room for improving the complaints process

By stripping out the accountability of the Board and ED from the scope of
this committee, you've created a legal liability for the OWASP Foundation.
And by ignoring her feedback, as well as my own, you've proven, yet again,
that the current Board does not want to hear what the OWASP Leadership
community has to say.

~josh

On Wed, Dec 5, 2018 at 7:30 AM Sherif Mansour <sherif.mansour at owasp.org>
wrote:

> Hi Josh,
>
> You mean the feeback from the compliance committee? This is why changes
> were only discussed in the October board meeting and it was voted on after
> their considerations in November.
>
> With regards to your feedback both the community and the board responded,
> we don’t always agree but the focus is on improving the foundation.
>
> Kind regards,
> Sherif Mansour
>
> On Wed, 5 Dec 2018 at 8:22 am, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> After objections from both the community and the current Compliance
>> Committee the Board still approved that?  I'll be sending my complaints
>> about foundational issues directly to the IRS, I guess, going forward.  Way
>> to go, Board.  Definitely working for the good of OWASP.  :-(
>>
>> ~josh
>>
>> On Wed, Dec 5, 2018 at 4:49 AM Sherif Mansour <sherif.mansour at owasp.org>
>> wrote:
>>
>>> Hey Team,
>>>
>>> Please update the OWASP wiki with the appropriate changes based on last
>>> month's board vote. Specifically we have voted on changes to the
>>> compliaince committee so those needs to go on the wiki:
>>> https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing
>>>
>>> Kind regards,
>>>
>>> --
>>>
>>> Sherif Mansour
>>> OWASP Global Board Member & OWASP London Chapter Leader
>>> Site: https://www.owasp.org/index.php/London
>>> Email: sherif.mansour at owasp.org
>>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
>>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>>
>>> Consider giving back, and supporting the open source community by
>>> becoming a member <https://www.owasp.org/index.php/Membership> or
>>> making a donation <https://www.owasp.org/index.php/Donate> today!
>>>
>>>
>>> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October
>>> in San Jose, CA!
>>>
>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>> --
>
> Sherif Mansour
> OWASP Global Board Member & OWASP London Chapter Leader
> Site: https://www.owasp.org/index.php/London
> Email: sherif.mansour at owasp.org
> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>
> Consider giving back, and supporting the open source community by becoming
> a member <https://www.owasp.org/index.php/Membership> or making a donation
> <https://www.owasp.org/index.php/Donate> today!
>
>
> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
> San Jose, CA!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20181205/7781f4ce/attachment.html>


More information about the Owasp-board mailing list