[Owasp-leaders] OWASP American? [was: OWASP and WikiLeaks]

John Wilander john.wilander at owasp.org
Tue Dec 7 15:09:07 EST 2010

Hi Daniel and all other leaders!

(Arturo, I decide to continue this discussion but change to the much more
interesting subject of OWASP and internationalization)

2010/12/7 daniel cuthbert <daniel.cuthbert at owasp.org>

> "OWASP is American"
> Excuse me????, I take offense at that remark. Many foreign people like
> myself have been around since the start to make this project what it is
> today and to class this project as American is both technically incorrect
> and also offensive to the likes of us.

Sorry if I offended you, Daniel. I of course meant the *foundation* is
American since my thoughts were around liability and the US discussion
around the WikiLeaks non-profit organization. This is exactly what Jason
wrote. The wiki about OWASP: "The OWASP Foundation came online on December
1st 2001 it was established as a not-for-profit charitable organization in
the United States on April 21, 2004"

The *project* is much more international but still suffers from several
issues of internationalization. I'm Swedish myself and lead the Swedish
chapter so I notice how important things in the project remain


   - You can't register for an OWASP AppSec conference with non-ASCII
   letters. Loads of Swedish, Spanish, German, Norwegian, Danish etc attendees
   got their names crippled during registration for this summer's AppSec ... in
   Sweden. Kate was really considerate and tried hard to minimize the problems
   - The OWASP jobs page has been discussed at length and I constantly fail
   to convey that moving 500 km in Europe often means moving to another
   country, another culture, another language, another tax system, another
   currency etc. That is totally different to moving 500 km in the US.
   Therefore "The single OWASP jobs page to rule them all" only serves people
   who want to find work in the US in my opinion. We need to serve regions and
   countries. Just look at the current list of offerings.
   - "OWASP AppSec USA" is often shortened "OWASP AppSec" as if all the
   other AppSecs are minor. I definitely don't think this is done to harm
   anyone. But still, AppSec EU, AppSec Brasil or AppSec Asia would never skip
   their national/regional names. Not that I know at least :).
   - All money transfers go through the US which for instance meant we
   couldn't benefit from being a non-profit organization when renting a
   conference venue in Sweden. We had to pay 25 % VAT since the European and
   American systems have not agreed on how to handle tax exempts. Should OWASP
   exist as a European non-profit organization a lot of money could be saved
   and used for better things.

Just to be clear: 1) *I'm impressed and deeply respect all the work
Americans have put into OWASP*, 2) I'm not against anyone or any part of the
world. I just want to help make OWASP *more* internationally compatible.

So, while my statement "OWASP is American" was about the foundation and
legal issues, I still think there's much of an American flavor to our
project. For better or worse ;).

   Med vänliga hälsningar, John

John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
 <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
<http://www.owasp.org/index.php/Summit_2011>Conf Comm,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101207/00757413/attachment.html 

More information about the OWASP-Leaders mailing list