[Owasp-board] [Owasp-leaders] AppSec EU

Tom Brennan - OWASP tomb at owasp.org
Thu Jan 18 01:50:07 UTC 2018


touche.

I defer to the 2018 Chairman Martin Knobloch (and Board) and our Executive
Director Karen Staley.


On Wed, Jan 17, 2018 at 5:46 PM, Bjoern Kimminich <
bjoern.kimminich at owasp.org> wrote:

> Hi Tom,
>
> I understand that sensitive topics like this cannot be discussed
> publicly/openly. I for my part would have been happy with just a "push
> notification" that the topic is still being worked on and in a
> collaborative way.
>
> Especially when the facts (like conference website, CfP emails etc.) don't
> give away the final decision because they seem inconsistent.
>
> Cheers,
> Björn
>
>
> Am 18. Januar 2018 04:46:12 GMT+08:00 schrieb Tom Brennan - OWASP <
> tomb at owasp.org>:
>>
>> FWIW in prior years (about 10 of them..) , OWASP Board has used the OWASP
>> List <owasp-board at lists.owasp.org> for communications and for public
>> documentation.
>>
>> <http://goog_1182357559>
>> http://lists.owasp.org/pipermail/owasp-board/
>>
>> However note, any legal issues or human resources issues are not put on
>> the open mailing list.
>>
>> Since I am NOT on the board of directors anymore and now retired ;) and
>> not part of the current discussions etc.. the issue does have both HR and
>> Legal items associated with it.   So, stay tuned for the NEXT Public and
>> OPEN Board of Directors meeting to be posted here: https://www.owasp.org/
>> index.php/Board
>>
>> Just like your local town holding a public meeting, anyone can show up,
>> anyone can talk and tell elected officials how they feel and it is
>> encouraged that is a community. P.S. I also highly recommend whomever you
>> voted for in the last election to represent you by proxy, contact them
>> directly and give them your input.  Ultimately they represent who voted
>> them into office.
>>
>> If you're planning on attending the regional event, AppSec California
>> https://2018.appseccalifornia.org/  catch up with Karen who will be in
>> attendance and say hello.
>>
>> </Brennan>
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Jan 17, 2018 at 3:00 PM, Frank Catucci <frank.catucci at owasp.org>
>> wrote:
>>
>>> I am with Rory on this perspective and mail list use and the lack of
>>> communications.
>>>
>>> On Wed, Jan 17, 2018 at 2:33 PM, Rory McCune <rory.mccune at owasp.org>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> So I'll add one point here, to provide some perspective of where people
>>>> may be feeling a lack of messaging from the board.  I (and perhaps others)
>>>> tend to use the mailing lists as a means to periodically catch up with
>>>> what's happening with various parts of OWASP.
>>>>
>>>> So I'll look at the OWASP board mailing list if I want to get
>>>> information about the board's deliberations on a particular topic.
>>>>
>>>> At the moment (and I'm not sure if this is a technical issue or perhaps
>>>> a decision to deprecate its use) there don't appear to be any messages on
>>>> the OWASP board mailing list for this year?  Lacking that windows into the
>>>> board's operations could lead to people feeling somewhat more out of the
>>>> loop than in previous years, so it might be an idea to make more of use of
>>>> that.
>>>>
>>>> Cheers
>>>>
>>>> Rory
>>>>
>>>>
>>>> On Wed, Jan 17, 2018 at 6:22 PM, Sherif Mansour <
>>>> sherif.mansour at owasp.org> wrote:
>>>>
>>>>> Thanks Bjoern,
>>>>>
>>>>> I hear you loud and clear.
>>>>>
>>>>> I think the foundation is learning about managing the message with the
>>>>> community & that its a conversation.
>>>>> I have made a note of it here
>>>>> <https://docs.google.com/document/d/1HZFGkLBbbLRhhVh0DAcSS8flWOKSu0gJOui9J_PdSn4/edit?usp=sharing>
>>>>> .
>>>>>
>>>>> Equally if anyone has other improvements they would like to see from
>>>>> OWASP I (personally) added the following google document to discuss.
>>>>> <https://docs.google.com/document/d/16z59SKXbNEwDi1bLobswye1QxryNNdjOdGHdqZ4t-wQ/edit?usp=sharing>
>>>>>
>>>>> On Wed, Jan 17, 2018 at 5:35 PM, Bjoern Kimminich <
>>>>> bjoern.kimminich at owasp.org> wrote:
>>>>>
>>>>>> Hi Sherif,
>>>>>>
>>>>>> I think the major point is, that exactly this "we are working on it
>>>>>> together, please be patient" note should simply have been supplied from the
>>>>>> board to the community much earlier and deliberately.
>>>>>>
>>>>>> Instead, some of us had to keep asking - at least on the mailing list
>>>>>> and on Slack #appseceu - continously and effortlessly for quite a while
>>>>>> until this information was "passed down to the people".
>>>>>>
>>>>>> That was just an unnecessary delay of information (or at least status
>>>>>> update) flow for an organization that considers itself open and transparent.
>>>>>>
>>>>>> Cheers,
>>>>>> Björn
>>>>>>
>>>>>> Am 18. Januar 2018 00:30:35 GMT+08:00 schrieb Sherif Mansour <
>>>>>> sherif.mansour at owasp.org>:
>>>>>>>
>>>>>>> Hi Patrick,
>>>>>>>
>>>>>>> We are close to a way forward, one of the reasons why we haven't
>>>>>>> responded to individual points is that it's the foundation and the chapters
>>>>>>> genuinely want to resolve this issue and work as one.
>>>>>>> Some of the communication (and lack there of) wasn't helpful, but we
>>>>>>> are choosing to work together on this and have something out fairly soon
>>>>>>> (this month).
>>>>>>>
>>>>>>> -Sherif
>>>>>>>
>>>>>>> On Wed, Jan 17, 2018 at 2:18 PM, Patrick Laverty <
>>>>>>> patrick.laverty at owasp.org> wrote:
>>>>>>>
>>>>>>>> Thank you for a response Sherif, but it isn't answering the
>>>>>>>> important questions. The Israel chapter of OWASP leveled some pretty big
>>>>>>>> accusations at the board and the executive director. There has been no
>>>>>>>> response to those accusations. Why? Back on December 26th, Andrew van der
>>>>>>>> Stock said that the board would likely be meeting within the next day, and
>>>>>>>> have a response after that. I don't think there has been anything from the
>>>>>>>> board about this matter.
>>>>>>>>
>>>>>>>> In case there is confusion, the accusations are here:
>>>>>>>> https://www.peerlyst.com/posts/owasp-you-keep-saying-t
>>>>>>>> hat-word-i-do-not-think-it-means-what-you-think-it-means-avid  I
>>>>>>>> also see that the http://2018.appsec.eu site still shows the
>>>>>>>> conference happening in Israel, but the upcoming events page (
>>>>>>>> https://www.owasp.org/index.php/OWASP_Events/upcoming_events) says
>>>>>>>> the location is TBA.
>>>>>>>>
>>>>>>>> Will there be a response to the statements made in the blog post
>>>>>>>> linked above?
>>>>>>>>
>>>>>>>> Thank you.
>>>>>>>>
>>>>>>>> Patrick Laverty
>>>>>>>> OWASP Rhode Island
>>>>>>>>
>>>>>>>> On Wed, Jan 17, 2018 at 1:02 AM, Sherif Mansour <
>>>>>>>> sherif.mansour at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Hi Everyone,
>>>>>>>>>
>>>>>>>>> The foundation and the board has been regularly communicating with
>>>>>>>>> the chapters and the summit team through out this period, and the new board
>>>>>>>>> will have their first session at the end of January which is as always open
>>>>>>>>> to everyone and the recording is made public. In the meantime the
>>>>>>>>> foundation and our new executive director are working to present 2017
>>>>>>>>> Year End in Review and a strategy for 2018 during that board
>>>>>>>>> meeting at the end of January (a couple of weeks away).
>>>>>>>>>
>>>>>>>>> Kind regards
>>>>>>>>>
>>>>>>>>> On Tue, Jan 16, 2018 at 11:55 PM, Brett Gravois <
>>>>>>>>> brett.gravois at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Just to follow up on this, we as leaders and OWASP have been
>>>>>>>>>> asked about "our response".
>>>>>>>>>> The post is now almost a month old (since Dec 24th) and it seems
>>>>>>>>>> like leadership has remained silent on this.
>>>>>>>>>>
>>>>>>>>>> Has one been issued and I am not seeing it?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jan 5, 2018 at 3:53 PM, Patrick Laverty <
>>>>>>>>>> patrick.laverty at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> Have there been any updates about this? Does the board have an
>>>>>>>>>>> approximate idea on when a response may be available?
>>>>>>>>>>>
>>>>>>>>>>> Thank you.
>>>>>>>>>>>
>>>>>>>>>>> Patrick Laverty
>>>>>>>>>>> OWASP Rhode Island
>>>>>>>>>>>
>>>>>>>>>>> On Dec 26, 2017 5:52 PM, "Andrew van der Stock" <
>>>>>>>>>>> vanderaj at owasp.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> As a Board member, we have to speak with one voice, and we are
>>>>>>>>>>>> about to transition Boards. It would be wrong for us to have 7 or 11
>>>>>>>>>>>> different positions as it would be very confusing to all.
>>>>>>>>>>>>
>>>>>>>>>>>> We are likely to have a call tomorrow (time zones are hard) and
>>>>>>>>>>>> will likely make a statement after that.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Andrew
>>>>>>>>>>>>
>>>>>>>>>>>> On Dec 26, 2017, at 12:46, Patrick Laverty <
>>>>>>>>>>>> patrick.laverty at owasp.org> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> I ask this in the literal sense, not in they "why haven't you
>>>>>>>>>>>> done it already" sense. Will there be an official response from OWASP board
>>>>>>>>>>>> about the allegations made here:
>>>>>>>>>>>>
>>>>>>>>>>>> https://www.peerlyst.com/posts/owasp-you-keep-saying-that-wo
>>>>>>>>>>>> rd-i-do-not-think-it-means-what-you-think-it-means-avid
>>>>>>>>>>>>
>>>>>>>>>>>> It seems some strong allegations are made and I personally
>>>>>>>>>>>> never like to make a judgement without hearing from at least both sides.
>>>>>>>>>>>>
>>>>>>>>>>>> I understand we're in the midst of a holiday season, so there
>>>>>>>>>>>> may not have been an opportunity for the board to officially respond just
>>>>>>>>>>>> yet, so I just wanted to inquire as to whether the board does plan to.
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you.
>>>>>>>>>>>>
>>>>>>>>>>>> Patrick Laverty
>>>>>>>>>>>> OWASP Rhode Island
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Sherif Mansour
>>>>>>>>> OWASP Global Board Member & OWASP London Chapter Leader
>>>>>>>>> Site: https://www.owasp.org/index.php/London
>>>>>>>>> Email: sherif.mansour at owasp.org
>>>>>>>>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
>>>>>>>>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>>>>>>>>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Sherif Mansour
>>>>>>> OWASP Global Board Member & OWASP London Chapter Leader
>>>>>>> Site: https://www.owasp.org/index.php/London
>>>>>>> Email: sherif.mansour at owasp.org
>>>>>>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
>>>>>>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>>>>>>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Sherif Mansour
>>>>> OWASP Global Board Member & OWASP London Chapter Leader
>>>>> Site: https://www.owasp.org/index.php/London
>>>>> Email: sherif.mansour at owasp.org
>>>>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
>>>>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>>>>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20180117/a9a688b9/attachment-0001.html>


More information about the Owasp-board mailing list