[Owasp-leaders] OWASP Core Values

Yiannis Pavlosoglou yiannis at owasp.org
Sat Jan 15 22:14:05 EST 2011

Hi all,

I would like to discuss this idea of "open" a bit more; maybe this
list is not the right forum and perhaps we can talk about it in the

Here is a simple example: Does "open" justify my address and how many
kids I have being out on a media wiki, because I am part of owasp?

Now there isn't anything to hide in my inbox or voicemails or skype
conversations; quite sad industry reach out information is mostly what
you will find.

But at the same time we have a strong requirement (in industry at
least) to work with not so open organisations. Consequently the case
of signing an NDA as an individual comes up every so often. Now under
this facade of "openness", I have no way of sharing that with even
other industry members.

Ergo, we are pushing for an NDA in industry to have the ability to
communicate openly among ourselves. Not to mention an NDA is pretty
much standard practice in information security.

Just to clarify, this is not an attempt to make owasp "closed"; all
source code I have ever written is under GPL and all outputs in
industry are available to all. Still, if you call me for, say, Tobias
number from the IETF, I will check with them before passing that
information out.

Thus the request becomes, can we please be open about what we deliver
in web application security. Not minutes and meeting mp3s of catch-up
calls and itinerary information. Might even assist in raising quality
of output as well!

Is that too much to ask for?

Thank you,


On 15 January 2011 19:19, Michael Coates <michael.coates at owasp.org> wrote:
> If you haven't already done so I would really encourage everyone to take a
> look and submit feedback.
> http://www.owasp.org/index.php/Core_Values_and_Definitions
> We are at a point where we really need to define our core values and decide
> on the direction of OWASP.  This is a major step in that direction. Let's
> make sure we capture the right values and are heading the right way.
> From the link (which has a feedback submission form you should use)
> Everything OWASP is radically transparent from finances to code.
> OWASP encourages and supports experiments for solutions to software security
> challenges.
> Anyone around the world can participate in the OWASP community.
> OWASP is an honest and truthful, vendor agnostic, global community.
> Michael Coates
> On Jan 14, 2011, at 9:53 AM, Thomas Brennan wrote:
> Just one of the many internal OWASP Foundation projects underway has been to
> work with a 3rd party management company to unify the update mission of
> OWASP 4.0
> Details of the project:
> http://www.owasp.org/index.php/Tesauro_Management_Counselors
> As a result of PHASE I, I share a milestone, pay close attention to the
> wording.
> http://www.owasp.org/index.php/Core_Values_and_Definitions
> This is now in RFC to the owasp-leaders with ratification at the OWASP
> Summit at the kick off session. If you have comments suggestions please use
> the feedback provided on the wiki page.
> Thank you in advance for your valuable time.
> ** If you have not looked recently at the working sessions take the time to
> review hundreds of volunteer man hours have been invested in the summit so
> far for YOU the community  http://www.owasp.org/index.php/Summit_2011 its
> going to be amazing!
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Dr. Yiannis Pavlosoglou
OWASP Global Industry Committee

More information about the OWASP-Leaders mailing list