[Owasp-leaders] OWASP American? [was: OWASP and WikiLeaks]

Mark Bristow mark.bristow at owasp.org
Tue Dec 7 15:15:23 EST 2010


I think you bring up some critical points.  OWASP is an international
organization, but the legal entity only exists in the United States.  As GCC
Chair, I'm mostly concerned with items 1 and 4 (not much I can do to change
people's behavior in point 3, for what it's worth, I correct people who
truncate the US from AppSec US).  I believe our new registration system can
handle internationalized characters, so #1 will be fixed soon :)  #4 IMO
this is a huge problem that needs to be resolved.  There are many, many
non-profit organizations who exist in many countries throughout the world,
there has to be some knowledge/experience out there to solve this issue, I
just know I don't have it.


On Tue, Dec 7, 2010 at 3:09 PM, John Wilander <john.wilander at owasp.org>wrote:

> Hi Daniel and all other leaders!
> (Arturo, I decide to continue this discussion but change to the much more
> interesting subject of OWASP and internationalization)
> 2010/12/7 daniel cuthbert <daniel.cuthbert at owasp.org>
>> "OWASP is American"
>> Excuse me????, I take offense at that remark. Many foreign people like
>> myself have been around since the start to make this project what it is
>> today and to class this project as American is both technically incorrect
>> and also offensive to the likes of us.
> Sorry if I offended you, Daniel. I of course meant the *foundation* is
> American since my thoughts were around liability and the US discussion
> around the WikiLeaks non-profit organization. This is exactly what Jason
> wrote. The wiki about OWASP: "The OWASP Foundation came online on December
> 1st 2001 it was established as a not-for-profit charitable organization in
> the United States on April 21, 2004"
> The *project* is much more international but still suffers from several
> issues of internationalization. I'm Swedish myself and lead the Swedish
> chapter so I notice how important things in the project remain
> English/American.
> Examples:
>    - You can't register for an OWASP AppSec conference with non-ASCII
>    letters. Loads of Swedish, Spanish, German, Norwegian, Danish etc attendees
>    got their names crippled during registration for this summer's AppSec ... in
>    Sweden. Kate was really considerate and tried hard to minimize the problems
>    though.
>    - The OWASP jobs page has been discussed at length and I constantly
>    fail to convey that moving 500 km in Europe often means moving to another
>    country, another culture, another language, another tax system, another
>    currency etc. That is totally different to moving 500 km in the US.
>    Therefore "The single OWASP jobs page to rule them all" only serves people
>    who want to find work in the US in my opinion. We need to serve regions and
>    countries. Just look at the current list of offerings.
>    - "OWASP AppSec USA" is often shortened "OWASP AppSec" as if all the
>    other AppSecs are minor. I definitely don't think this is done to harm
>    anyone. But still, AppSec EU, AppSec Brasil or AppSec Asia would never skip
>    their national/regional names. Not that I know at least :).
>    - All money transfers go through the US which for instance meant we
>    couldn't benefit from being a non-profit organization when renting a
>    conference venue in Sweden. We had to pay 25 % VAT since the European and
>    American systems have not agreed on how to handle tax exempts. Should OWASP
>    exist as a European non-profit organization a lot of money could be saved
>    and used for better things.
> Just to be clear: 1) *I'm impressed and deeply respect all the work
> Americans have put into OWASP*, 2) I'm not against anyone or any part of
> the world. I just want to help make OWASP *more* internationally
> compatible.
> So, while my statement "OWASP is American" was about the foundation and
> legal issues, I still think there's much of an American flavor to our
> project. For better or worse ;).
>    Med vänliga hälsningar, John
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>  <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
> http://www.owasp.org/index.php/Summit_2011
> <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
> http://www.owasp.org/index.php/Global_Conferences_Committee
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101207/f7a6f7a5/attachment-0001.html 

More information about the OWASP-Leaders mailing list