[Owasp-leaders] OWASP Board decision that I don't agree with

Abbas Naderi abbas.naderi at owasp.org
Sat Jan 4 18:46:35 UTC 2014


I don’t see any names here either, but still would appreciate you guys to prevent any doubts.
I mean keeping it like “a bunch of OWASP people presenting a talk” and not “the OWASP directive presenting something on RSAC”.
Thanks
-A
On Jan 4, 2014, at 1:42 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> we are participating as OWASP.
> OWASP was asked to do this initially by RSA.
> Our material has no personal or company branding but OWASP branding.
> Thanks for feedback.
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> 
> On 4 Jan 2014, at 18:24, Abbas Naderi <abbas.naderi at owasp.org> wrote:
> 
>> I strongly support Sastry on this one.
>> 
>> You might be participating as individuals, but people see you guys as the OWASP Board, and that’s something that many of us don’t like to be the image of OWASP.
>> 
>> Thanks
>> -Abbas
>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> 
>>> To be clear, there was no recorded vote on this but a debate.
>>> 
>>> I started the debate after reading about Mikko. (Even though I was delivering the training with Jim and it is my material).
>>> 
>>> The majority of board of OWASP feels getting involved in politics is wrong and wanted to push ahead with the training.
>>> 
>>> So if feelings are strong we need to vote on this ASAP? as leaders of OWASP. A formal board vote? Executive decision from Sarah, our executive director. 
>>> 
>>> 
>>> 
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>> 
>>> 
>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org> wrote:
>>> 
>>>> Friends,
>>>> 
>>>> Please see the following full conversation on twitter: 
>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>> 
>>>> Eoin Keary and Jim Manico (both OWASP board members) will be presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said to be present. Apparently, this was discussed at the OWASP board level; and the board has decided to go ahead, keeping in mind the benefit to the attending developers.
>>>> 
>>>> As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm afraid) of being complicit with NSA in enabling fatal weakening of crypto products. RSA has issued a sort of a denial that only deepens the mistrust. As a protest, many leading speakers are cancelling their talks at the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>> 
>>>> At such a time, I am saddened by the OWASP board decision to support RSAC by their presence. At a time when they had the opportunity to let the world know how much they care for the Information Security profession (esp., against weakening crypto); and how much they care about the privacy of people (against NSA's unabashed spying on Americans & non-Americans alike), the board has copped out using a flimsy rationalization ("benefit of (a few) developers", many of who would rethink their attendance had OWASP and more organizations didn't blink!"). 
>>>> 
>>>> I'm sure there was a heated debate. I'm sure all angles were considered. However, this goes too deep for me to take it as "better men than me have considered and decided". As a matter of my personal values, if the situation doesn't change, I would no longer wish to continue as the OWASP Chapter Lead. Please let me know if any of you would like to take over from me. 
>>>> 
>>>> I will also share my feelings with fellow chapter members at our next chapter meeting on Jan 21st. Needless to say, no matter how things go, I remain committed to the principles of our open and open-source infosec community.
>>>> 
>>>> Best regards,
>>>> 
>>>> ==Sas3==
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140104/b78e99fa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4893 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140104/b78e99fa/attachment-0001.bin>


More information about the OWASP-Leaders mailing list