[Owasp-leaders] Vendor Neutrality

John Wilander john.wilander at owasp.org
Wed Feb 20 05:48:08 UTC 2013


Two clarifications:

1) I said we would have rejected Tom's email _and_ worked with him to change it. We almost never do reject-and-forget. On the contrary we even go through whole emails changing the language into a suggested one that the sender can use. Changes are targeted to help the sender reach out with his/her message while not offending anyone. 900+ security and privacy-savvy pros are tricky to please. :)

2) Company names are not banned on our list. We always make sure to explicitly thank our chapter meeting sponsors and link to their web sites. But a discount code will not have a company name in capital letters and a training session plug will focus more on the trainer than on his/her company.

   Regards, John

-- 
My music http://www.johnwilander.com
Twitter https://twitter.com/johnwilander
CV or Résumé http://johnwilander.se

19 feb 2013 kl. 13:17 skrev Tony UV <tonyuv at owasp.org>:

> I just had a chance to read this thread.  At first take, I didn’t see anything wrong with Tom’s email.  It didn’t scream ’shameless plug’ in my mind.  Then I read John’s email response about how this would be blocked in Sweden and I had to slowly read the company references that didn’t initially stand out.  It could be that (a) I don’t care about what is referenced or (b) the initial impression that I got was not that I was being solicited to, either consciously or subconsciously.  I think a more likely option is that no clear intent was apparent to me in reading this original email that represented misuse of vendor mentioning, while masquerading as an OWASP email.
>  
> If mailing list moderation is to perform a type of regex on simply company names w/o considering the intent of a volunteer OWASP member who doesn't have time to weigh every choice word on a training announcement where some cost savings were being shared, then we should extend that sort of moderation to other types of non-topical areas.  Now, I’m not naive on the way coupon codes work and presuming that contact info would be required, the email still didn’t spell ’subtle solicitation’ for me, but as we all know, these things are relative, which really undermines this whole back and forth on the thread, b/c it’ll still be a polarizing, although low priority topic.
>  
> Overall, if company names are to be excluded completely from within email posts b/c they are non-germane to the OWASP mission, I’d like to add that we include personal posturing as well b/c just like most of us don’t care where most of us work, I personally don’t care about seeing references to blogs, twitter sites, musical compilations, online CVs, or anything in-between.  This is of course if we want to exclude reason and the ability to decipher context and intent of what is being said, for which I still think is the most reasonable way to approach apparent violations of company plugging.  Where there is pattern, we can question intent and then raise individually and thereafter in small circles, with the offender.
>  
> Tony UV
> Atlanta Chapter Leader
>  
> Sent from tablet device - please excuse any typos
>  
> From: John Wilander <john.wilander at owasp.org>
> Sent: February 15, 2013 11:14 AM
> To: Jim Manico <jim.manico at owasp.org>
> CC: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] Vendor Neutrality
>  
> Tom's email in its form below would have been rejected by the moderators of the OWASP Sweden mailing list. We would have suggested a rephrasing to make it more about OWASP and the class, and less about SpiderLabs and Trustwave.
> 
> I suggest OWASP leaders refrain from emailing about our own businesses or employers to lists that we moderate ourselves. Instead we should ask a co-moderator to review the text and send it. Simple.
> 
>    Regards, John
> 
> --
> My music http://www.johnwilander.com
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
> 
> 14 feb 2013 kl. 02:37 skrev Jim Manico <jim.manico at owasp.org>:
> 
> > Hey folks,
> >
> > Please see the email at the bottom of this message.
> >
> > This email hit the NYC chapter list today and we discussed it through the board list earlier. I feel this is an abuse of the OWASP brand and vendor neutrality rules to some degree, but other board members politely disagreed with me. That's fair.
> >
> > Can you please chime in here? Am I off-base or do you feel this is OWASP brand or vendor neutrality abuse?
> >
> > I know this is a specific example, but I think it's very important to the organization. So far, I feel like I stand alone when complaining about these situations and I'd appreciate your feedback. If you have the time, please click deeper into the email below and investigate a bit.
> >
> > I am happy to back away from the issue of vendor neutrality if you think I am off base.
> >
> > Thanks all,
> > Jim Manico
> > @Manicode
> > (808) 652-3805
> >
> > ***********
> >
> >
> > From: Tom Brennan <tomb at owasp.org>
> > Date: Tuesday, February 12, 2013 6:56 PM
> > To: "OWASPNYCMETRO-announce at meetup.com" <OWASPNYCMETRO-announce at meetup.com>
> > Subject: [OWASPNYCMETRO] NYC March 13th Training
> >
> > Its coming....INSTRUCTOR LED TRAINING IN NYC
> >
> > Details: https://www.owasp.org/index.php/NYC
> >
> > As a special introduction to the SpiderLabs instructor led course I would like to extend to you a $500 discount code “TRUSTWAVE_500OFF” to be used during check-out.
> >
> > Hack Your Own Code: Advanced Training for Developers (2 Day Training Course)
> > This class provides security developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities.
> >
> > For more information on the (3) training classes available visit:
> >
> > https://www.owasp.org/index.php/NYC
> >
> >
> > Have additional questions?
> >
> > Call 973-202-0122 to discuss
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130220/02356b51/attachment-0001.html>


More information about the OWASP-Leaders mailing list