<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Eoin, <br>
      <br>
      I made three observations which you answered with a general "this
      is not correct". <br>
      Could you please specify which of the three you claim to be not
      correct? <br>
      a) that there was a short exchange of about 12 emails exchanged on
      the topic<br>
      b) there was no vote and no agreement recorded in favour of OWASP
      as an org doing this. <br>
      c) that I stated my understanding was that Jim and Eoin are making
      the decision to go to RSA as individuals.<br>
      <br>
      And on a personal question out of curiosity: <br>
      You mentioned that "training material is freely available on the
      web donated by him and myself". <br>
      Would you mind to point me to where it is. Would love to take a
      look. And potentially in which form it was donated? Is it a free
      license so it could be incorporated into other OWASP training
      material projects? <br>
      <br>
      Best regards, Tobias<br>
      <br>
      <br>
      On 04/01/14 20:11, Eoin Keary wrote:<br>
    </div>
    <blockquote
      cite="mid:5791FD67-0753-4637-8691-83DEE6B2978B@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div>Tobias, this is not correct. The original request was to
        OWASP, Sarah/Kelly can clarify.</div>
      <div><br>
      </div>
      <div>Our material is OWASP branded with no commercial reference
        and is not part of any OWASP project such as the top 10.</div>
      <div><br>
      </div>
      <div>There was no vote but the consensus was to stay away from
        politics after I mentioned mikkos cancellation and proceed with
        the training.</div>
      <div><br>
      </div>
      <div>The training material is not the result of a project but our
        own work. The training material is freely available on the web
        donated by him and myself. </div>
      <div><br>
      </div>
      <div> </div>
      <div><br>
        <br>
        Eoin Keary
        <div>Owasp Global Board</div>
        <div>+353 87 977 2988</div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 4 Jan 2014, at 19:01, Tobias <<a moz-do-not-send="true"
          href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <meta content="text/html; charset=UTF-8"
            http-equiv="Content-Type">
          <div class="moz-cite-prefix">Eoin, <br>
            <br>
            to be clear on a few details: <br>
            - to my attention there was a short exchange of about 12
            emails (some off and some on the board mailing-list). <br>
            - there was no vote and no agreement recorded in favour of
            OWASP as an org doing this. <br>
            - in fact, in the email exchange (unfortunately offlist,
            following someone else move the thread offlist), I clearly
            stated my understanding was that Jim and Eoin are making the
            decision to go to RSA as individuals. (my email was on
            Dec-29). And that therefore it was their decision whether
            they want to go there or not. And I can not recall that this
            was contradicted at any time. <br>
            <br>
            Best regards, Tobias<br>
            <br>
            <br>
            Ps.: The branding of the material is not relevant for this.
            In principle all OWASP material can be used freely by
            anybody. That does not imply that our organisation as a
            whole does sanction or support any specific company. <br>
            E.g. anyone can use the OWASP Top-10 presentation (with the
            OWASP branding) and present it at RSA or the next NSA
            conference for that matter. <br>
            <br>
            <br>
            <br>
            <br>
            On 04/01/14 18:10, Eoin Keary wrote:<br>
          </div>
          <blockquote
            cite="mid:51CEB984-D6EE-4601-8FAC-ECF8EA31810A@owasp.org"
            type="cite">
            <meta http-equiv="content-type" content="text/html;
              charset=UTF-8">
            <div><span></span></div>
            <div>
              <meta http-equiv="content-type" content="text/html;
                charset=UTF-8">
              <div>Sorry tobias,</div>
              <div><br>
              </div>
              <div>But we are delivering the training as OWASP.</div>
              <div>OWASP was approached by RSA.</div>
              <div>Our material is non commercial branded and branded
                with OWASP, donated by Jim and Myself.</div>
              <div><br>
              </div>
              <div>There was no vote but a debate started by myself
                which landed firmly in favour of going ahead with it.</div>
              <div><br>
              </div>
              <div><br>
                <br>
                Eoin Keary
                <div>Owasp Global Board</div>
                <div>+353 87 977 2988</div>
                <div><br>
                </div>
              </div>
              <div><br>
                On 4 Jan 2014, at 17:53, Tobias <<a
                  moz-do-not-send="true"
                  href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>>

                wrote:<br>
                <br>
              </div>
              <blockquote type="cite">
                <div>
                  <meta content="text/html; charset=UTF-8"
                    http-equiv="Content-Type">
                  <div class="moz-cite-prefix">No. There was no vote. <br>
                    <br>
                    And to be clear, my understanding was that everyone
                    would be attending as individuals and not as
                    representatives of the board or OWASP. <br>
                    <br>
                    I am not quite sure how this perception came about.
                    But we may have to take clarifying action. <br>
                    If other board members would concur, I would propose
                    to make a simple statement that OWASP leaders and
                    members speaking at the RSA conference do so as
                    individuals and not in their function as
                    representatives of OWASP. <br>
                    <br>
                    Best regards, Tobias<br>
                    <br>
                    <br>
                    OWASP Global Board Member and Secretary of the Board<br>
                    <br>
                    <br>
                    <br>
                    <br>
                    On 04/01/14 17:39, Tom Brennan - OWASP wrote:<br>
                  </div>
                  <blockquote
                    cite="mid:5F14393E-5EDE-47D9-9225-C7C193A5A8F0@owasp.org"
                    type="cite">
                    <meta http-equiv="content-type" content="text/html;
                      charset=UTF-8">
                    <div>There was a vote ?</div>
                    <div><br>
                      On Jan 4, 2014, at 12:31 PM, Eoin Keary <<a
                        moz-do-not-send="true"
                        href="mailto:eoin.keary@owasp.org">eoin.keary@owasp.org</a>>


                      wrote:<br>
                      <br>
                    </div>
                    <blockquote type="cite">
                      <div>
                        <meta http-equiv="content-type"
                          content="text/html; charset=UTF-8">
                        <div>Many negative tweets re RSA an OWASP.
                          (below).</div>
                        <div>As I brought this up already, are we sure
                          we are making the right decision by pushing
                          forward with this?</div>
                        <div><br>
                        </div>
                        <div><br>
                        </div>
                        <div><br>
                          <br>
                          Eoin Keary
                          <div>Owasp Global Board</div>
                          <div>+353 87 977 2988</div>
                          <div><br>
                          </div>
                        </div>
                        <div><br>
                          Begin forwarded message:<br>
                          <br>
                        </div>
                        <blockquote type="cite">
                          <div><b>From:</b> Sastry Tumuluri <<a
                              moz-do-not-send="true"
                              href="mailto:sastry.tumuluri@owasp.org">sastry.tumuluri@owasp.org</a>><br>
                            <b>Date:</b> 4 January 2014 16:48:50 GMT<br>
                            <b>To:</b> "Kanwal Singh (WebMentors)" <<a
                              moz-do-not-send="true"
                              href="mailto:kanwalsb@gmail.com">kanwalsb@gmail.com</a>>,


                            Ravdeep Sodhi <<a moz-do-not-send="true"
href="mailto:ravdeep.sodhi@ecoretechnos.com">ravdeep.sodhi@ecoretechnos.com</a>>,


                            "Nishant Johar (EMOBX)" <<a
                              moz-do-not-send="true"
                              href="mailto:nj@emobx.com">nj@emobx.com</a>>,

                            Rochak Chauhan <<a moz-do-not-send="true"
                              href="mailto:rochak.chauhan@owasp.org">rochak.chauhan@owasp.org</a>><br>
                            <b>Cc:</b> "Jim Manico (OWASP)" <<a
                              moz-do-not-send="true"
                              href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>>,


                            "Eoin Keary (OWASP)" <<a
                              moz-do-not-send="true"
                              href="mailto:eoin.keary@owasp.org">eoin.keary@owasp.org</a>><br>
                            <b>Subject:</b> <b>OWASP Board decision
                              that I don't agree with</b><br>
                            <br>
                          </div>
                        </blockquote>
                        <blockquote type="cite">
                          <div>
                            <div dir="ltr">
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">Friends,</div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">
                                Please see the following full
                                conversation on twitter: </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><a
                                  moz-do-not-send="true"
                                  href="https://twitter.com/EoinKeary/status/419111748424454145"
                                  target="_blank">https://twitter.com/EoinKeary/status/419111748424454145</a></div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">Eoin

                                Keary and Jim Manico (both OWASP board
                                members) will be presenting/conducting 4
                                hrs of free-of-cost AppSec training at
                                the RSA Conference, 2014. Michael
                                Coates, Chairman of the OWASP Board is
                                also said to be present. Apparently,
                                this was discussed at the OWASP board
                                level; and the board has decided to go
                                ahead, keeping in mind the benefit to
                                the attending developers.</div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">As
                                you are aware, RSA is strongly suspected
                                (we'll never be 100% sure, I'm afraid)
                                of being complicit with NSA in enabling
                                fatal weakening of crypto products. RSA
                                has issued a sort of a denial that only
                                deepens the mistrust. As a protest, many
                                leading speakers are cancelling their
                                talks at the upcoming RSAC 2014. Among
                                them are (to my knowledge) Mikko
                                Hypponen, Jeffrey Carr and Josh Thomas.</div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">At
                                such a time, I am saddened by the OWASP
                                board decision to support RSAC by their
                                presence. At a time when they had the
                                opportunity to let the world know how
                                much they care for the Information
                                Security profession (esp., against
                                weakening crypto); and how much they
                                care about the privacy of people
                                (against NSA's unabashed spying on
                                Americans & non-Americans alike),
                                the board has copped out using a flimsy
                                rationalization ("benefit of (a few)
                                developers", many of who would rethink
                                their attendance had OWASP and more
                                organizations didn't blink!"). </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">I'm
                                sure there was a heated debate. I'm sure
                                all angles were considered. However,
                                this goes too deep for me to take it as
                                "better men than me have considered and
                                decided". As a matter of my personal
                                values, if the situation doesn't change,
                                I would no longer wish to continue as
                                the OWASP Chapter Lead. Please let me
                                know if any of you would like to take
                                over from me. </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">I
                                will also share my feelings with fellow
                                chapter members at our next chapter
                                meeting on Jan 21st. Needless to say, no
                                matter how things go, I remain committed
                                to the principles of our open and
                                open-source infosec community.</div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"><br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">Best

                                regards,</div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif"> <br>
                              </div>
                              <div class="gmail_default"
                                style="font-family:tahoma,sans-serif">==Sas3==</div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                    </blockquote>
                    <blockquote type="cite">
                      <div><span>_______________________________________________</span><br>
                        <span>Owasp-board mailing list</span><br>
                        <span><a moz-do-not-send="true"
                            href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br>
                        <span><a moz-do-not-send="true"
                            href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                      </div>
                    </blockquote>
                    <br>
                    <fieldset class="mimeAttachmentHeader"></fieldset>
                    <br>
                    <pre wrap="">_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </blockquote>
            </div>
          </blockquote>
          <br>
        </div>
      </blockquote>
    </blockquote>
    <br>
  </body>
</html>