[Owasp-leaders] Thomas Ryan - OWASP - OccupyWallStreet - Gawker
chris.schmidt at owasp.org
Sun Oct 16 23:48:02 EDT 2011
I have brought this *back* into the open forum of OWASP where it belongs.
Now to pose the question, what, if anything, does anything in your
response have to do with the issue at hand.
Let me just re-paste the quote in question here to eliminate *any*
question whatsoever about what I am referring to:
"Ryan said he knows Loyd through their mutual involvement in the Open
Web Application Security Project, a non-profit computer security group
of which Ryan is a board member."
This is about the outward image of the OWASP organization, not YOU or
whatever it is that you have done/are doing/will do. As such a valuable
contributor who has been around since before *I* even knew about OWASP I
can imagine that you understand my concerns about OWASP as an
organization being associated with either side of this debate or any
other political debate.
So can we please move past the debate of what you did or didn't do and
move on to the topic of what this email was originally talking about,
fixing the quote in an article that could align OWASP as an ORGANIZATION
with the actions described in the article? I am sorry you have recieved
threatening emails. It would be equally unjust if OWASP became the
target of these threats, or even worse - if people within the
organization became targets simply because they are affiliated with this
I simply want to make sure the organization and OWASP brand is protected
from the actions of ANY member, and I brought this up at the board
meeting in MN last month.
Thank you for you response, perhaps we can move on to the real issue now?
Again, this has nothing to do with your OWASP involvement - this is
about misinformation in an article that happens to be about you that is
potentially damaging to the OWASP brand and organization, as well as
potentially other individuals that are part of the organization.
On 10/16/2011 9:23 PM, Thomas Ryan wrote:
> A leader is one that researches the facts before making a decision,
> bothered to contact me? NO.
> Have you done any research on the author? NO
> Have you done any fact checking? NO
> Has a real media outlet dared to research this? NO
> If you make an irrational decision based on a feeble minded attempt at
> Social engineering by members of Anonymous, you are not even worth
> being called a researcher.
> I have been involved with OWASP since before you knew what it was.
> New York Chapter at its Inception in 2004. Back when I was publishing XSS
> vulns and people where like "Those are nothing"
> The only reason why I stepped off the local board was to build out a new
> Just this past week I was talking to Tom Brennan about coming back to help
> the local effort.
> Just a few of Adrien's smears
> Oh Wait, let see how this reporters goal is to destroy people's lives that
> research Anonymous:
> I apologize if I was a bit dramatic, but I have dealt with numerous death
> threats, 10K emails, log floods because they use nikto, autorooter, php
> vulns on a windows 2008 servers for the past 36 hours.
> I have added people that know me and are leaders to research and make the
> appropriate decision.
> If I am a risk, I will bail and not look to be involved on a local chapter
> If you are worried about what to say to the media, say the matter under
> investigation. Since we are an open source organization, we will make all
> the evidence open and allow our members and sponsors to vote to make a
> decision. Members and Sponsor are more powerful than just the board and
> gives confidence in a democratic process. If people want to hear me, I
> bring a videographer for a live stream. But then again, that's how I would
> handle it.
> Thank you for hearing me, if you have any questions, feel free to contact
> Thomas Ryan
> Managing Partner
> Provide Security
> phone: +1(732)207-7916
> e-mail: tom.ryan at providesecurity.com
> LinkedIn: http://www.linkedin.com/in/tommyryan
> This transmission may contain information that is privileged,
> legally privileged, and/or exempt from disclosure under applicable law. If
> you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is STRICTLY PROHIBITED. Although
> this transmission and any attachments are believed to be free of any virus
> or other defect that might affect any computer system into which it is
> received and opened, it is the responsibility of the recipient to ensure
> that it is virus free and no responsibility is accepted by Provide
> its subsidiaries and affiliates, as applicable, for any loss or damage
> arising in any way from its use. If you received this transmission in
> please immediately contact the sender and destroy the material in its
> entirety, whether in electronic or hard copy format. Thank you.
> From: Christian Heinrich <christian.heinrich at owasp.org>
> Date: October 16, 2011 9:14:41 PM EDT
> To: Chris Schmidt <chris.schmidt at owasp.org>
> Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> Subject: Re: [Owasp-leaders] Thomas Ryan - OWASP - OccupyWallStreet -
> On Mon, Oct 17, 2011 at 11:57 AM, Chris Schmidt <chris.schmidt at owasp.org>
> Christian - your points are completely aside from the point of my
> e-mail. I don't care where they got their facts and I don't care what
> Tom did or did not do, this is not the place for such discussions. The
> fact of the matter is that OWASP needs to inform Gawker that he is *not*
> an OWASP board member so they can redact that part of the article for
> sake of people that are *not* Gawker and *not* Tom, and *not* us. This
> is not an attack on Tom, it is a reaction to a statement made in an
> article that is incorrect that needs to be corrected, that is all -
> please do not turn this into something else.
> You haven't considered that Gawker issuing a clarification as "Tom
> Ryan is a former Board Member of the OWASP NYC/NJ Chapter" would make
> this worst for OWASP by naming the OWASP NYC/NJ Chapter?
> In the end, it doesn't matter what your intention is because their
> (i.e. media) agenda is continue this story based on emotive reaction
> (it is Gawker btw) and if this is clarified then their journalists
> would attend https://www.owasp.org/index.php/NYNJMetro and ask the
> attendees for their uninformed comment who then subsequently find
> themselves also as victims as being cited as sources of fact.
> If they contact you it is best to say "no comment" and hang up the phone.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders