<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Sarah, <br>
      <br>
      will be my pleasure. <br>
      Please give me one or two days to write it up and let my PA check
      my spelling.<br>
      And will upload it as Google Doc. <br>
      Then you and the board need to have some time (3-7 days?) to
      review, edit and finalise it. <br>
      Then my recommendation would be to put it for 3-5 days towards the
      leaders and governance list to confirm, though by then we should
      have done our very best so that no more edits are needed. <br>
      <br>
      So I would expect a release in maybe 20 days. Unless you see the
      need for a hurry? <br>
      <br>
      What do you think? <br>
      <br>
      Thanks and all the best, Tobias<br>
      <br>
      <br>
      On 07/01/14 23:39, Sarah Baso wrote:<br>
    </div>
    <blockquote
cite="mid:CAA_HhVLtzqCvTHukSJ3=kSWQdsFcbMCLtD=Efm0edyPS9H-2Hw@mail.gmail.com"
      type="cite">
      <div dir="ltr">Tobias -
        <div>Thanks for your offer to prepare a press release with a
          public statement regarding OWASP principles & that we
          think weakening or undermining crypto is a bad idea....</div>
        <div><br>
        </div>
        <div>
          Would you start preparing something as a google doc and share
          it with the rest of the board and myself for review?</div>
        <div><br>
        </div>
        <div>Also, what is our timeline/goal for release?  Next week?  I
          can do this through our OR newswire account when we are ready.</div>
        <div><br>
        </div>
        <div>Thanks,</div>
        <div><br>
        </div>
        <div>Sarah</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Mon, Jan 6, 2014 at 6:42 PM, Tobias
          <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>My vote is: Yes. OWASP shall terminate the
                co-marketing agreement with RSA for RSA 2014. <br>
                <br>
                <div>My reasons are: <br>
                </div>
                <div><br>
                </div>
                <div>1. community feedback and discussion (there seems
                  to be a significant part of the community concerned
                  about this) Note: I would have loved to see an OWASP
                  community poll on this before making this decision to
                  get a better feel for the wishes of our community, but
                  acknowledge Michael's request that we need to decide
                  this urgently. <br>
                </div>
                <div><br>
                </div>
                <div>2. we have an alternative (as outlined in Sarah's
                  email, BSides) that can fulfil the goal equally. <br>
                </div>
                <div><br>
                </div>
                3. I understand that there is a lot of uncertainty about
                RSA's level of involvement. And I don't feel in a
                position to make a final judgement about this. And as
                often with secrecy, we possibly never will be. <br>
                But in this case we don't have to have final judgement.
                The co-marketing agreement is quite extensive and could
                be seen as active endorsement. To follow such an
                agreement we would need to have a very high level of
                confidence and trust in the other party. So already a
                reasonable shadow of doubt is sufficient grounds, to
                distance OWASP in this case from a very active
                co-marketing agreement with the company RSA, to avoid
                being interpreted as an active endorsement of a
                commercial entity currently under review. And we should
                abstain from actively endorsing RSA for the time being,
                until all facts of the case have been properly examined
                (note: not by us, as we are not an investigative body).
                <br>
                <br>
                In addition to that: <br>
                I propose that OWASP should prepare and release a press
                release or public statement that OWASP thinks weakening
                or undermining crypto is a really bad idea. (I will be
                happy to assist with the preparation of the text.) This
                press release shall advocate our general OWASP
                principles and shall _not_ mention RSA, the RSA
                conference or any other company by name. (personal note:
                btw. RSA should have no problem with such a press
                release, as they officially deny any such activities...)<br>
                <br>
                All the best, Tobias<br>
                <br>
                <br>
                Tobias Gondrom<br>
                Owasp Global Board
                <div>
                  <div class="h5"><br>
                    <br>
                    <br>
                    <br>
                    <br>
                    <br>
                    On 06/01/14 23:51, Michael Coates wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div>
                          <div>
                            <div>"OWASP will terminate the co-marketing
                              agreement with RSA for RSA 2014. <br>
                              This may place our training at risk, but
                              if permitted we will still provide the
                              free training at RSA and the OWASP
                              speaking slot."<br>
                              <br>
                            </div>
                            Michael - Yes<br>
                            Tom -<br>
                            Tobias -<br>
                            Fabio -<br>
                            Josh - Yes<br>
                          </div>
                          Jim - abstain<br>
                        </div>
                        Eoin - abstain<br>
                        <br>
                        <br>
                        <br>
                      </div>
                      <div class="gmail_extra"> <br clear="all">
                        <div>
                          <div dir="ltr"><br>
                            --<br>
                            Michael Coates<br>
                            <br>
                            <br>
                          </div>
                        </div>
                        <br>
                        <br>
                        <div class="gmail_quote">On Mon, Jan 6, 2014 at
                          3:47 PM, Eoin Keary <span dir="ltr"><<a
                              moz-do-not-send="true"
                              href="mailto:eoin.keary@owasp.org"
                              target="_blank">eoin.keary@owasp.org</a>></span>
                          wrote:<br>
                          <blockquote class="gmail_quote"
                            style="margin:0px 0px 0px
                            0.8ex;border-left:1px solid
                            rgb(204,204,204);padding-left:1ex">
                            <div dir="auto">
                              <div>Same here, I can't vote, I believe as
                                the class delivery and material is mine
                                and it would be a conflict.</div>
                              <div>I would be a "no" if I could.</div>
                              <div><br>
                              </div>
                              <div>Not sure why participation in an
                                event requires a vote given other events
                                did not require such....</div>
                              <div><br>
                              </div>
                              <div>My view is based on </div>
                              <div><br>
                              </div>
                              <div>1. community feeling, (it has split
                                the community very strongly).</div>
                              <div><br>
                              </div>
                              <div>2. logic (we have somewhere else),
                                and </div>
                              <div><br>
                              </div>
                              <div> 3. the goal (I don't care which roof
                                the class is delivered under as long as
                                we teach many people and serve our
                                mission). </div>
                              <span><font color="#888888">
                                  <div><br>
                                    <br>
                                    Eoin Keary
                                    <div>Owasp Global Board</div>
                                    <div><a moz-do-not-send="true"
                                        href="tel:%2B353%2087%20977%202988"
                                        value="+353879772988"
                                        target="_blank">+353 87 977 2988</a></div>
                                    <div><br>
                                    </div>
                                  </div>
                                </font></span>
                              <div>
                                <div>
                                  <div><br>
                                    On 6 Jan 2014, at 23:23, Jim Manico
                                    <<a moz-do-not-send="true"
                                      href="mailto:jim.manico@owasp.org"
                                      target="_blank">jim.manico@owasp.org</a>>

                                    wrote:<br>
                                    <br>
                                  </div>
                                  <blockquote type="cite">
                                    <div>
                                      <div>I state conflict of interest
                                        here and cannot vote. But I
                                        certainly respect the boards
                                        opinion and am leaning towards
                                        "no" if I could vote.<br>
                                        <br>
                                        <div>--</div>
                                        <div>Jim Manico</div>
                                        <div>@Manicode</div>
                                        <div><a moz-do-not-send="true"
                                            href="tel:%28808%29%20652-3805"
                                            value="+18086523805"
                                            target="_blank">(808)
                                            652-3805</a></div>
                                      </div>
                                      <div><br>
                                        On Jan 6, 2014, at 12:31 PM,
                                        Michael Coates <<a
                                          moz-do-not-send="true"
                                          href="mailto:michael.coates@owasp.org"
                                          target="_blank">michael.coates@owasp.org</a>>

                                        wrote:<br>
                                        <br>
                                      </div>
                                      <blockquote type="cite">
                                        <div>
                                          <div dir="ltr">
                                            <div>
                                              <div>
                                                <div>Board,<br>
                                                  <br>
                                                  I'd like to request a
                                                  vote on OWASP's
                                                  participation at RSA.
                                                  I've captured my
                                                  position on the public
                                                  OWASP thread. <a
                                                    moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html"
                                                    target="_blank">http://lists.owasp.org/pipermail/owasp-leaders/2014-January/010647.html</a><br>
                                                  <br>
                                                  Please provide any
                                                  discussion to the vote
                                                  or cast your vote.
                                                  Note that this is a
                                                  time sensitive issue.<br>
                                                  <br>
                                                  <br>
                                                  My vote request is as
                                                  follows:<br>
                                                </div>
                                                <br>
                                              </div>
                                              OWASP will terminate the
                                              co-marketing agreement
                                              with RSA for RSA 2014. <br>
                                              This may place our
                                              training at risk, but if
                                              permitted we will still
                                              provide the free training
                                              at RSA and the OWASP
                                              speaking slot.<br>
                                              <br>
                                            </div>
                                            <div>Board Votes:<br>
                                            </div>
                                            <div>
                                              <div>Michael <br>
                                              </div>
                                              <div>Tom<br>
                                              </div>
                                              <div> Tobias<br>
                                              </div>
                                              <div>Fabio<br>
                                              </div>
                                              <div>Josh<br>
                                              </div>
                                              <div>Jim<br>
                                                Eoin<br>
                                              </div>
                                              <br>
                                              <br>
                                              <br>
                                            </div>
                                            Note: Unrelated to the vote
                                            - we can still provide free
                                            training at BSides too.<br>
                                            <div><br>
                                              <br>
                                              --<br>
                                              <div>
                                                <div>
                                                  <div>
                                                    <div>
                                                      <div>
                                                        <div dir="ltr">Michael
                                                          Coates<br>
                                                          Chair of OWASP
                                                          Board<br>
                                                          @_mwc<br>
                                                          <br>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </blockquote>
                                      <blockquote type="cite">
                                        <div><span>_______________________________________________</span><br>
                                          <span>Owasp-board mailing list</span><br>
                                          <span><a
                                              moz-do-not-send="true"
                                              href="mailto:Owasp-board@lists.owasp.org"
                                              target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                                          <span><a
                                              moz-do-not-send="true"
                                              href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                                              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                                        </div>
                                      </blockquote>
                                    </div>
                                  </blockquote>
                                  <blockquote type="cite">
                                    <div><span>_______________________________________________</span><br>
                                      <span>Owasp-board mailing list</span><br>
                                      <span><a moz-do-not-send="true"
                                          href="mailto:Owasp-board@lists.owasp.org"
                                          target="_blank">Owasp-board@lists.owasp.org</a></span><br>
                                      <span><a moz-do-not-send="true"
                                          href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                                          target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                                    </div>
                                  </blockquote>
                                </div>
                              </div>
                            </div>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            Owasp-board mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-board"
              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div dir="ltr">
          <div>Executive Director</div>
          <div>OWASP Foundation</div>
          <div><br>
          </div>
          <div><a moz-do-not-send="true"
              href="mailto:sarah.baso@owasp.org" target="_blank">sarah.baso@owasp.org</a><br>
            +1.312.869.2779<br>
            <br>
            <br>
            <br>
            <br>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>