<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">My vote is: Yes. OWASP shall terminate
      the co-marketing agreement with RSA for RSA 2014. <br>
      <br>
      <div>My reasons are: <br>
      </div>
      <div><br>
      </div>
      <div>1. community feedback and discussion (there seems to be a
        significant part of the community concerned about this) Note: I
        would have loved to see an OWASP community poll on this before
        making this decision to get a better feel for the wishes of our
        community, but acknowledge Michael's request that we need to
        decide this urgently. <br>
      </div>
      <div><br>
      </div>
      <div>2. we have an alternative (as outlined in Sarah's email,
        BSides) that can fulfil the goal equally. <br>
      </div>
      <div><br>
      </div>
      3. I understand that there is a lot of uncertainty about RSA's
      level of involvement. And I don't feel in a position to make a
      final judgement about this. And as often with secrecy, we possibly
      never will be. <br>
      But in this case we don't have to have final judgement. The
      co-marketing agreement is quite extensive and could be seen as
      active endorsement. To follow such an agreement we would need to
      have a very high level of confidence and trust in the other party.
      So already a reasonable shadow of doubt is sufficient grounds, to
      distance OWASP in this case from a very active co-marketing
      agreement with the company RSA, to avoid being interpreted as an
      active endorsement of a commercial entity currently under review.
      And we should abstain from actively endorsing RSA for the time
      being, until all facts of the case have been properly examined
      (note: not by us, as we are not an investigative body). <br>
      <br>
      In addition to that: <br>
      I propose that OWASP should prepare and release a press release or
      public statement that OWASP thinks weakening or undermining crypto
      is a really bad idea. (I will be happy to assist with the
      preparation of the text.) This press release shall advocate our
      general OWASP principles and shall _not_ mention RSA, the RSA
      conference or any other company by name. (personal note: btw. RSA
      should have no problem with such a press release, as they
      officially deny any such activities...)<br>
      <br>
      All the best, Tobias<br>
      <br>
      <br>
      Tobias Gondrom<br>
      Owasp Global Board<br>
      <br>
      <br>
      <br>
      <br>
      <br>
      On 06/01/14 23:51, Michael Coates wrote:<br>
    </div>
    <blockquote
cite="mid:CAKA9LHzmj8ztA6Xi1yCCEK4+3a7GTySRsiAE1fQnU0n11NSC1w@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>"OWASP will terminate the co-marketing agreement with
                RSA for RSA 2014. <br>
                This may place our training at risk, but if permitted we
                will still provide the free training at RSA and the
                OWASP speaking slot."<br>
                <br>
              </div>
              Michael - Yes<br>
              Tom -<br>
              Tobias -<br>
              Fabio -<br>
              Josh - Yes<br>
            </div>
            Jim - abstain<br>
          </div>
          Eoin - abstain<br>
          <br>
          <br>
          <br>
        </div>
        <div class="gmail_extra">
          <br clear="all">
          <div>
            <div dir="ltr"><br>
              --<br>
              Michael Coates<br>
              <br>
              <br>
            </div>
          </div>
          <br>
          <br>
          <div class="gmail_quote">On Mon, Jan 6, 2014 at 3:47 PM, Eoin
            Keary <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">
              <div dir="auto">
                <div>Same here, I can't vote, I believe as the class
                  delivery and material is mine and it would be a
                  conflict.</div>
                <div>I would be a "no" if I could.</div>
                <div><br>
                </div>
                <div>Not sure why participation in an event requires a
                  vote given other events did not require such....</div>
                <div><br>
                </div>
                <div>My view is based on </div>
                <div><br>
                </div>
                <div>1. community feeling, (it has split the community
                  very strongly).</div>
                <div><br>
                </div>
                <div>2. logic (we have somewhere else), and </div>
                <div><br>
                </div>
                <div>
                  3. the goal (I don't care which roof the class is
                  delivered under as long as we teach many people and
                  serve our mission). </div>
                <span class=""><font color="#888888">
                    <div><br>
                      <br>
                      Eoin Keary
                      <div>Owasp Global Board</div>
                      <div><a moz-do-not-send="true"
                          href="tel:%2B353%2087%20977%202988"
                          value="+353879772988" target="_blank">+353 87
                          977 2988</a></div>
                      <div><br>
                      </div>
                    </div>
                  </font></span>
                <div>
                  <div class="h5">
                    <div><br>
                      On 6 Jan 2014, at 23:23, Jim Manico <<a
                        moz-do-not-send="true"
                        href="mailto:jim.manico@owasp.org"
                        target="_blank">jim.manico@owasp.org</a>>
                      wrote:<br>
                      <br>
                    </div>
                    <blockquote type="cite">
                      <div>
                        <div>I state conflict of interest here and
                          cannot vote. But I certainly respect the
                          boards opinion and am leaning towards "no" if
                          I could vote.<br>
                          <br>
                          <div>--</div>
                          <div>Jim Manico</div>
                          <div>@Manicode</div>
                          <div><a moz-do-not-send="true"
                              href="tel:%28808%29%20652-3805"
                              value="+18086523805" target="_blank">(808)
                              652-3805</a></div>
                        </div>
                        <div><br>
                          On Jan 6, 2014, at 12:31 PM, Michael Coates
                          <<a moz-do-not-send="true"
                            href="mailto:michael.coates@owasp.org"
                            target="_blank">michael.coates@owasp.org</a>>
                          wrote:<br>
                          <br>
                        </div>
                        <blockquote type="cite">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div>
                                  <div>Board,<br>
                                    <br>
                                    I'd like to request a vote on
                                    OWASP's participation at RSA. I've
                                    captured my position on the public
                                    OWASP thread. <a
                                      moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html"
                                      target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html</a><br>
                                    <br>
                                    Please provide any discussion to the
                                    vote or cast your vote. Note that
                                    this is a time sensitive issue.<br>
                                    <br>
                                    <br>
                                    My vote request is as follows:<br>
                                  </div>
                                  <br>
                                </div>
                                OWASP will terminate the co-marketing
                                agreement with RSA for RSA 2014. <br>
                                This may place our training at risk, but
                                if permitted we will still provide the
                                free training at RSA and the OWASP
                                speaking slot.<br>
                                <br>
                              </div>
                              <div>Board Votes:<br>
                              </div>
                              <div>
                                <div>Michael <br>
                                </div>
                                <div>Tom<br>
                                </div>
                                <div>
                                  Tobias<br>
                                </div>
                                <div>Fabio<br>
                                </div>
                                <div>Josh<br>
                                </div>
                                <div>Jim<br>
                                  Eoin<br>
                                </div>
                                <br>
                                <br>
                                <br>
                              </div>
                              Note: Unrelated to the vote - we can still
                              provide free training at BSides too.<br>
                              <div><br>
                                <br>
                                --<br>
                                <div>
                                  <div>
                                    <div>
                                      <div>
                                        <div>
                                          <div dir="ltr">Michael Coates<br>
                                            Chair of OWASP Board<br>
                                            @_mwc<br>
                                            <br>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                        <blockquote type="cite">
                          <div><span>_______________________________________________</span><br>
                            <span>Owasp-board mailing list</span><br>
                            <span><a moz-do-not-send="true"
                                href="mailto:Owasp-board@lists.owasp.org"
                                target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                            <span><a moz-do-not-send="true"
                                href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                                target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                          </div>
                        </blockquote>
                      </div>
                    </blockquote>
                    <blockquote type="cite">
                      <div><span>_______________________________________________</span><br>
                        <span>Owasp-board mailing list</span><br>
                        <span><a moz-do-not-send="true"
                            href="mailto:Owasp-board@lists.owasp.org"
                            target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                        <span><a moz-do-not-send="true"
                            href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                            target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                      </div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Owasp-board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>