<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi Michael, </div><div>Man, this board member stuff can be difficult!!</div><div><br></div><div>The email thread or peoples views do not distinguish between contract or presence at the event IMHO.</div><div><br></div><div>I think the argument, be it right or wrong is; "should OWASP be involved with the RSA event or not."</div><div><br></div><div>That's just my interpretation of the discussion.</div><div><br></div><div>Again, id like to present the class to 200 developers regardless of venue which is the important aspect of this discussion for me.</div><div><br></div><div><br></div><div><br>Eoin Keary<div>Owasp Global Board</div><div>+353 87 977 2988</div><div><br></div></div><div><br>On 7 Jan 2014, at 16:25, Michael Coates <<a href="mailto:michael.coates@owasp.org">michael.coates@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div><div>Eoin,<br><br>Correct. Some people see participating as the right choice, some people see canceling as the right choice, and we have the element of co-marketing in the mix too.<br><br></div>The vote that I proposed is to cancel the co-marketing and participate if possible. I support participating. I don't support co-marketing at this time until the details of the accusations are cleared up.<br>
<br></div><div>-Michael<br></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><br><br><br></div></div>
<br><br><div class="gmail_quote">On Tue, Jan 7, 2014 at 2:08 AM, Eoin <span dir="ltr"><<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>I am not voting but the topic that is up for vote is wrong in my opinion.</div><div><br></div><div>Some media, people in general will see OWASP participation in RSA as negative, hence the debate.</div>
<div>
Cancelling a contract does not really cut it. its "window dressing."</div><div><br></div><div>Either we  (OWASP) are engaging with RSAC or not, its that simple.</div><div><br></div><div>Delivering anything at RSAC shall be interpreted as a sign of support, this is the root cause of the debate: <b>Are we to support RSAC this year given the allegations?</b> (contract is circumstantial).</div>

<div><br></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On 7 January 2014 00:42, Tobias <span dir="ltr"><<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>My vote is: Yes. OWASP shall terminate
      the co-marketing agreement with RSA for RSA 2014. <br>
      <br>
      <div>My reasons are: <br>
      </div>
      <div><br>
      </div>
      <div>1. community feedback and discussion (there seems to be a
        significant part of the community concerned about this) Note: I
        would have loved to see an OWASP community poll on this before
        making this decision to get a better feel for the wishes of our
        community, but acknowledge Michael's request that we need to
        decide this urgently. <br>
      </div>
      <div><br>
      </div>
      <div>2. we have an alternative (as outlined in Sarah's email,
        BSides) that can fulfil the goal equally. <br>
      </div>
      <div><br>
      </div>
      3. I understand that there is a lot of uncertainty about RSA's
      level of involvement. And I don't feel in a position to make a
      final judgement about this. And as often with secrecy, we possibly
      never will be. <br>
      But in this case we don't have to have final judgement. The
      co-marketing agreement is quite extensive and could be seen as
      active endorsement. To follow such an agreement we would need to
      have a very high level of confidence and trust in the other party.
      So already a reasonable shadow of doubt is sufficient grounds, to
      distance OWASP in this case from a very active co-marketing
      agreement with the company RSA, to avoid being interpreted as an
      active endorsement of a commercial entity currently under review.
      And we should abstain from actively endorsing RSA for the time
      being, until all facts of the case have been properly examined
      (note: not by us, as we are not an investigative body). <br>
      <br>
      In addition to that: <br>
      I propose that OWASP should prepare and release a press release or
      public statement that OWASP thinks weakening or undermining crypto
      is a really bad idea. (I will be happy to assist with the
      preparation of the text.) This press release shall advocate our
      general OWASP principles and shall _not_ mention RSA, the RSA
      conference or any other company by name. (personal note: btw. RSA
      should have no problem with such a press release, as they
      officially deny any such activities...)<br>
      <br>
      All the best, Tobias<br>
      <br>
      <br>
      Tobias Gondrom<br>
      Owasp Global Board<div><div><br>
      <br>
      <br>
      <br>
      <br>
      <br>
      On 06/01/14 23:51, Michael Coates wrote:<br>
    </div></div></div><div><div>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>"OWASP will terminate the co-marketing agreement with
                RSA for RSA 2014. <br>
                This may place our training at risk, but if permitted we
                will still provide the free training at RSA and the
                OWASP speaking slot."<br>
                <br>
              </div>
              Michael - Yes<br>
              Tom -<br>
              Tobias -<br>
              Fabio -<br>
              Josh - Yes<br>
            </div>
            Jim - abstain<br>
          </div>
          Eoin - abstain<br>
          <br>
          <br>
          <br>
        </div>
        <div class="gmail_extra">
          <br clear="all">
          <div>
            <div dir="ltr"><br>
              --<br>
              Michael Coates<br>
              <br>
              <br>
            </div>
          </div>
          <br>
          <br>
          <div class="gmail_quote">On Mon, Jan 6, 2014 at 3:47 PM, Eoin
            Keary <span dir="ltr"><<a href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
              <div dir="auto">
                <div>Same here, I can't vote, I believe as the class
                  delivery and material is mine and it would be a
                  conflict.</div>
                <div>I would be a "no" if I could.</div>
                <div><br>
                </div>
                <div>Not sure why participation in an event requires a
                  vote given other events did not require such....</div>
                <div><br>
                </div>
                <div>My view is based on </div>
                <div><br>
                </div>
                <div>1. community feeling, (it has split the community
                  very strongly).</div>
                <div><br>
                </div>
                <div>2. logic (we have somewhere else), and </div>
                <div><br>
                </div>
                <div>
                  3. the goal (I don't care which roof the class is
                  delivered under as long as we teach many people and
                  serve our mission). </div>
                <span><font color="#888888">
                    <div><br>
                      <br>
                      Eoin Keary
                      <div>Owasp Global Board</div>
                      <div><a href="tel:%2B353%2087%20977%202988" value="+353879772988" target="_blank">+353 87
                          977 2988</a></div>
                      <div><br>
                      </div>
                    </div>
                  </font></span>
                <div>
                  <div>
                    <div><br>
                      On 6 Jan 2014, at 23:23, Jim Manico <<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>
                      wrote:<br>
                      <br>
                    </div>
                    <blockquote type="cite">
                      <div>
                        <div>I state conflict of interest here and
                          cannot vote. But I certainly respect the
                          boards opinion and am leaning towards "no" if
                          I could vote.<br>
                          <br>
                          <div>--</div>
                          <div>Jim Manico</div>
                          <div>@Manicode</div>
                          <div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808)
                              652-3805</a></div>
                        </div>
                        <div><br>
                          On Jan 6, 2014, at 12:31 PM, Michael Coates
                          <<a href="mailto:michael.coates@owasp.org" target="_blank">michael.coates@owasp.org</a>>
                          wrote:<br>
                          <br>
                        </div>
                        <blockquote type="cite">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div>
                                  <div>Board,<br>
                                    <br>
                                    I'd like to request a vote on
                                    OWASP's participation at RSA. I've
                                    captured my position on the public
                                    OWASP thread. <a href="http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html" target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html</a><br>


                                    <br>
                                    Please provide any discussion to the
                                    vote or cast your vote. Note that
                                    this is a time sensitive issue.<br>
                                    <br>
                                    <br>
                                    My vote request is as follows:<br>
                                  </div>
                                  <br>
                                </div>
                                OWASP will terminate the co-marketing
                                agreement with RSA for RSA 2014. <br>
                                This may place our training at risk, but
                                if permitted we will still provide the
                                free training at RSA and the OWASP
                                speaking slot.<br>
                                <br>
                              </div>
                              <div>Board Votes:<br>
                              </div>
                              <div>
                                <div>Michael <br>
                                </div>
                                <div>Tom<br>
                                </div>
                                <div>
                                  Tobias<br>
                                </div>
                                <div>Fabio<br>
                                </div>
                                <div>Josh<br>
                                </div>
                                <div>Jim<br>
                                  Eoin<br>
                                </div>
                                <br>
                                <br>
                                <br>
                              </div>
                              Note: Unrelated to the vote - we can still
                              provide free training at BSides too.<br>
                              <div><br>
                                <br>
                                --<br>
                                <div>
                                  <div>
                                    <div>
                                      <div>
                                        <div>
                                          <div dir="ltr">Michael Coates<br>
                                            Chair of OWASP Board<br>
                                            @_mwc<br>
                                            <br>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <blockquote type="cite">
                          <div><span>_______________________________________________</span><br>
                            <span>Owasp-board mailing list</span><br>
                            <span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                            <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                          </div>
                        </blockquote>
                      </div>
                    </blockquote>
                    <blockquote type="cite">
                      <div><span>_______________________________________________</span><br>
                        <span>Owasp-board mailing list</span><br>
                        <span><a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                        <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                      </div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br>Eoin Keary<br>OWASP Member<br><a href="https://twitter.com/EoinKeary" target="_blank">https://twitter.com/EoinKeary</a><div>
<br></div>
</font></span></div>
<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div></div>
</div></blockquote></body></html>