[Owasp-leaders] Seeking Your Feedback on OWASP Participation

Josh Sokol josh.sokol at owasp.org
Thu Feb 20 17:22:02 UTC 2014

I appreciate your feedback Steven.  For those who haven't read it, the
OWASP Code of Ethics that Steven is referring to can be found here:


I most certainly agree that this document dictates expectations on how
those in our community should behave.  The real questions are how do we
respond to those who do not follow this code.  You bring up an interesting
point as well about the member vs non-member aspect of this.  I'd guess
that the majority of non-members who attend meetings haven't read that Code
of Ethics.  Heck, I'd guess that the majority of members haven't.  Is this
equivalent to "you didn't read the fine print" or do we have an obligation
to be more explicit here?

As you can imagine, this is far from a purely hypothetical situation and
I'm very interested to hear what our leaders think particularly about
preaching "openness" while at the same time closing the door on those who
don't conform to our Ethics.  Thank you.


On Thu, Feb 20, 2014 at 11:03 AM, Steven van der Baan <
steven.van.der.baan at owasp.org> wrote:

>  Hi Josh,
> this is a big problem.
> I personally would refuse that person entrance to the meetings based on
> the code of conduct, even if he/she is not a (paying) member.
> I believe that anybody who is attending an OWASP meeting is bound by our
> principles and code of ethics  And the behaviour that you described is in
> clear violation of that.
> However, there should be a possibility for the person to demonstrate the
> willingness of abiding to the principles and be able to attend the meetings
> again.
> But that is just my point of view.
> Good luck with it,
> Steven.
> On 20/02/14 16:34, Josh Sokol wrote:
>    OWASP Leaders,
>  Let's say that there is an individual in your local security community
> who is routinely feuding with other security professionals in the area.  No
> physical violence, but fairly frequent name calling, negative insinuations,
> etc.  Their attendance at your OWASP functions (metings, happy hours,
> conferences, etc) makes other people uncomfortable due to their tendency to
> cause problems and perhaps these people have even said that they will not
> attend these events if this individual is also in attendance.  Attempts to
> seek peace with the individual have failed and the behavior will not
> change.  What do you do?  Is it acceptable to ban them from these events?
> Do you allow this one rotten apple to spoil the bunch because OWASP policy
> says that we are free and open to all?  Is there a point where an
> individual becomes enough of a distraction that we should consider banning
> them from OWASP altogether?
>  A couple of points of reference:
> Our mission statement says "everyone is free to participate in OWASP" (
> http://www.owasp.org).
>  Our Chapter Handbook says "Local chapter meetings must be free for
> everyone to attend, regardless of whether the attendee is a paid member,
> and open to anyone." (
> https://www.owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules#Organize_free_and_open_meetings<https://www.owasp.org/index.php/Chapter_Handbook/Chapter_4:_Chapter_Administration#Mailing_Lists>
> )
>  Your feedback is greatly appreciated.
>  ~josh
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140220/574d23d2/attachment.html>

More information about the OWASP-Leaders mailing list