[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 19:03:06 UTC 2014


Thank you.
- Tobias


On 04/01/14 19:00, Eoin Keary wrote:
> Yes agreed. We are not talking as OWASP board members but as 2 guys
> who have training to share for free for anyone who wants to attend.
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 18:46, Abbas Naderi <abbas.naderi at owasp.org
> <mailto:abbas.naderi at owasp.org>> wrote:
>
>> I don't see any names here either, but still would appreciate you
>> guys to prevent any doubts.
>> I mean keeping it like "a bunch of OWASP people presenting a talk"
>> and not "the OWASP directive presenting something on RSAC".
>> Thanks
>> -A
>> On Jan 4, 2014, at 1:42 PM, Eoin Keary <eoin.keary at owasp.org
>> <mailto:eoin.keary at owasp.org>> wrote:
>>
>>> we are participating as OWASP.
>>> OWASP was asked to do this initially by RSA.
>>> Our material has no personal or company branding but OWASP branding.
>>> Thanks for feedback.
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 4 Jan 2014, at 18:24, Abbas Naderi <abbas.naderi at owasp.org
>>> <mailto:abbas.naderi at owasp.org>> wrote:
>>>
>>>> I strongly support Sastry on this one.
>>>>
>>>> You might be participating as individuals, but people see you guys
>>>> as the OWASP Board, and that's something that many of us don't like
>>>> to be the image of OWASP.
>>>>
>>>> Thanks
>>>> -Abbas
>>>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org
>>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>>
>>>>> To be clear, there was no recorded vote on this but a debate.
>>>>>
>>>>> I started the debate after reading about Mikko. (Even though I was
>>>>> delivering the training with Jim and it is my material).
>>>>>
>>>>> The majority of board of OWASP feels getting involved in politics
>>>>> is wrong and wanted to push ahead with the training.
>>>>>
>>>>> So if feelings are strong we need to vote on this ASAP? as leaders
>>>>> of OWASP. A formal board vote? Executive decision from Sarah, our
>>>>> executive director. 
>>>>>
>>>>>
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>>
>>>>>
>>>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri
>>>>> <sastry.tumuluri at owasp.org <mailto:sastry.tumuluri at owasp.org>> wrote:
>>>>>
>>>>>> Friends,
>>>>>>
>>>>>> Please see the following full conversation on twitter: 
>>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>
>>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at
>>>>>> the RSA Conference, 2014. Michael Coates, Chairman of the OWASP
>>>>>> Board is also said to be present. Apparently, this was discussed
>>>>>> at the OWASP board level; and the board has decided to go ahead,
>>>>>> keeping in mind the benefit to the attending developers.
>>>>>>
>>>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>>>> that only deepens the mistrust. As a protest, many leading
>>>>>> speakers are cancelling their talks at the upcoming RSAC 2014.
>>>>>> Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and
>>>>>> Josh Thomas.
>>>>>>
>>>>>> At such a time, I am saddened by the OWASP board decision to
>>>>>> support RSAC by their presence. At a time when they had the
>>>>>> opportunity to let the world know how much they care for the
>>>>>> Information Security profession (esp., against weakening crypto);
>>>>>> and how much they care about the privacy of people (against NSA's
>>>>>> unabashed spying on Americans & non-Americans alike), the board
>>>>>> has copped out using a flimsy rationalization ("benefit of (a
>>>>>> few) developers", many of who would rethink their attendance had
>>>>>> OWASP and more organizations didn't blink!"). 
>>>>>>
>>>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>>>> considered. However, this goes too deep for me to take it as
>>>>>> "better men than me have considered and decided". As a matter of
>>>>>> my personal values, if the situation doesn't change, I would no
>>>>>> longer wish to continue as the OWASP Chapter Lead. Please let me
>>>>>> know if any of you would like to take over from me. 
>>>>>>
>>>>>> I will also share my feelings with fellow chapter members at our
>>>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>>>> things go, I remain committed to the principles of our open and
>>>>>> open-source infosec community.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> ==Sas3==
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140104/553c8cdb/attachment.html>


More information about the OWASP-Leaders mailing list