[Owasp-leaders] Seeking Your Feedback on OWASP Participation

Jason Johnson jason.johnson at owasp.org
Mon Feb 24 20:31:39 UTC 2014


I agree to this. Should the individual get a chance to appeal the removal?
Or is the standing that this has happened already and this was what was
decided? I for it either way.

Jason Johnson
OWASP
Oklahoma City, OK
 On Feb 24, 2014 2:28 PM, "Josh Sokol" <josh.sokol at owasp.org> wrote:

> Thank you to everyone who has provided their feedback here.  It seems that
> the overwhelming majority support the ability for a leader to remove an
> individual who is behaving in a manner not aligned with the OWASP Code of
> Ethics.  The Board discussed this during our meeting today and came up with
> a potential change to the OWASP Bylaws in order to address this:
>
> Participation in OWASP activities (conferences, meetings, mailings lists,
>> projects, etc) is subject to adherence to the OWASP Code of Ethics and
>> OWASP leaders may revoke the privilege of participation to those who choose
>> not to abide by that code.
>>
>
> Leaders, before we vote on whether to approve this, the Board wanted to
> see what you all think.  Does this statement accurately reflect the
> sentiment reflected by those who responded?  Do you have other
> suggestions?  Thank you.
>
> Sincerely,
>
> Josh Sokol
>
>
> On Thu, Feb 20, 2014 at 1:17 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>
>> IMHO - I think that it would be wise to explore this issue more, and to
>> discuss possible dynamic frameworks, in general, to accommodate as many
>> members' participation as possible, while protecting the community's
>> positive momentum. These types of issues are often complex, and not so
>> simple, so well worth some serious conversation, discussions, and research.
>> Diverse perceptions are important. Perhaps assign a committee to put some
>> time into researching possibilities?
>>
>> Bev
>>
>>
>>
>> On Thu, Feb 20, 2014 at 2:05 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> Jerry,
>>>
>>> Fortunately, we haven't had this issue with the OWASP Austin chapter and
>>> our community tends to be very positive and cooperative overall.  I count
>>> us lucky in that regard, but there are more than one chapters out there
>>> where I know this issue strikes very close to home.  In both cases that I
>>> am aware of, said individual has been counseled to cease their activities,
>>> but to no avail.  The chapters have taken steps, as suggested by others, to
>>> keep these individuals away, but in hearing this it did force me to
>>> re-evaluate what we mean when we say that OWASP is free and open to all.
>>> Hence, my bringing it to the leaders to see what you all think about the
>>> topic.  So far, the majority who have contacted me both in public and in
>>> private seem to favor the approach of NOT letting one rotten apple spoil
>>> the bunch.  I tend to agree with this, but wanted to seek advice on what
>>> the impact of such an action was on OWASP's overall ideology of openness.
>>> Is there anyone out there who disagrees and feels that even in the face of
>>> this adversity we should strictly adhere to the standard of openness and
>>> allow this individual access despite their behavior?
>>>
>>> ~josh
>>>
>>>
>>> On Thu, Feb 20, 2014 at 12:53 PM, Jerry Hoff <jerry at owasp.org> wrote:
>>>
>>>> Josh,
>>>>
>>>> Apologies in advance if you have already done this - but have you told
>>>> to the offending individual to chill?  When I used to do martial arts, lots
>>>> of people would come in super amp'd and wild.
>>>>
>>>> Sometimes just bringing it to their attention and letting them know,
>>>> Texas style, that they need to get with the program, not interrupt other
>>>> people's presentations or spoil the mood of the event is enough.  I
>>>> wouldn't consider banning them from an event until they've had a fair
>>>> warning or two to cut it out.
>>>>
>>>> Jerry
>>>>
>>>>  --
>>>> Jerry Hoff
>>>> @jerryhoff
>>>> jerry at owasp.org
>>>>
>>>>
>>>>
>>>> On Feb 20, 2014, at 1:45 PM, Steven van der Baan <
>>>> steven.van.der.Baan at owasp.org> wrote:
>>>>
>>>> Hi Josh,
>>>> Even though that non-members don't know our 'code', that doesn't free
>>>> them from it. Especially if the code is an extension on 'social behaviour'.
>>>> I see a similarity in law, where you as an individual living in a
>>>> country have to live by that law, even if you don't know the exact writing
>>>> of it. This is a universal principle within communities and OWASP should be
>>>> no exception to that.
>>>>
>>>> Steven.
>>>> On 20 Feb 2014 17:22, "Josh Sokol" <josh.sokol at owasp.org> wrote:
>>>>
>>>>> I appreciate your feedback Steven.  For those who haven't read it, the
>>>>> OWASP Code of Ethics that Steven is referring to can be found here:
>>>>>
>>>>>
>>>>> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics
>>>>>
>>>>> I most certainly agree that this document dictates expectations on how
>>>>> those in our community should behave.  The real questions are how do we
>>>>> respond to those who do not follow this code.  You bring up an interesting
>>>>> point as well about the member vs non-member aspect of this.  I'd guess
>>>>> that the majority of non-members who attend meetings haven't read that Code
>>>>> of Ethics.  Heck, I'd guess that the majority of members haven't.  Is this
>>>>> equivalent to "you didn't read the fine print" or do we have an obligation
>>>>> to be more explicit here?
>>>>>
>>>>> As you can imagine, this is far from a purely hypothetical situation
>>>>> and I'm very interested to hear what our leaders think particularly about
>>>>> preaching "openness" while at the same time closing the door on those who
>>>>> don't conform to our Ethics.  Thank you.
>>>>>
>>>>> ~josh
>>>>>
>>>>>
>>>>> On Thu, Feb 20, 2014 at 11:03 AM, Steven van der Baan <
>>>>> steven.van.der.baan at owasp.org> wrote:
>>>>>
>>>>>>  Hi Josh,
>>>>>>
>>>>>> this is a big problem.
>>>>>> I personally would refuse that person entrance to the meetings based
>>>>>> on the code of conduct, even if he/she is not a (paying) member.
>>>>>> I believe that anybody who is attending an OWASP meeting is bound by
>>>>>> our principles and code of ethics  And the behaviour that you described is
>>>>>> in clear violation of that.
>>>>>> However, there should be a possibility for the person to demonstrate
>>>>>> the willingness of abiding to the principles and be able to attend the
>>>>>> meetings again.
>>>>>>
>>>>>> But that is just my point of view.
>>>>>>
>>>>>> Good luck with it,
>>>>>> Steven.
>>>>>>
>>>>>>
>>>>>> On 20/02/14 16:34, Josh Sokol wrote:
>>>>>>
>>>>>>    OWASP Leaders,
>>>>>>
>>>>>>  Let's say that there is an individual in your local security
>>>>>> community who is routinely feuding with other security professionals in the
>>>>>> area.  No physical violence, but fairly frequent name calling, negative
>>>>>> insinuations, etc.  Their attendance at your OWASP functions (metings,
>>>>>> happy hours, conferences, etc) makes other people uncomfortable due to
>>>>>> their tendency to cause problems and perhaps these people have even said
>>>>>> that they will not attend these events if this individual is also in
>>>>>> attendance.  Attempts to seek peace with the individual have failed and the
>>>>>> behavior will not change.  What do you do?  Is it acceptable to ban them
>>>>>> from these events?  Do you allow this one rotten apple to spoil the bunch
>>>>>> because OWASP policy says that we are free and open to all?  Is there a
>>>>>> point where an individual becomes enough of a distraction that we should
>>>>>> consider banning them from OWASP altogether?
>>>>>>
>>>>>>  A couple of points of reference:
>>>>>>
>>>>>> Our mission statement says "everyone is free to participate in OWASP"
>>>>>> (http://www.owasp.org).
>>>>>>
>>>>>>  Our Chapter Handbook says "Local chapter meetings must be free for
>>>>>> everyone to attend, regardless of whether the attendee is a paid member,
>>>>>> and open to anyone." (
>>>>>> https://www.owasp.org/index.php/Chapter_Handbook/Chapter_2:_Mandatory_Chapter_Rules#Organize_free_and_open_meetings<https://www.owasp.org/index.php/Chapter_Handbook/Chapter_4:_Chapter_Administration#Mailing_Lists>
>>>>>> )
>>>>>>
>>>>>>  Your feedback is greatly appreciated.
>>>>>>
>>>>>>  ~josh
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140224/6aa4f887/attachment.html>


More information about the OWASP-Leaders mailing list