[Owasp-leaders] OWASP Board decision that I don't agree with

epsylon-owasp roberto.merida at owasp.org
Sat Jan 4 19:38:38 UTC 2014


+1

> Don't support RSA until they come clean. Please.
>
> /John
>
> -- 
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
>
> 4 jan 2014 kl. 19:42 skrev Eoin Keary <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>>:
>
>> we are participating as OWASP.
>> OWASP was asked to do this initially by RSA.
>> Our material has no personal or company branding but OWASP branding.
>> Thanks for feedback.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 18:24, Abbas Naderi <abbas.naderi at owasp.org
>> <mailto:abbas.naderi at owasp.org>> wrote:
>>
>>> I strongly support Sastry on this one.
>>>
>>> You might be participating as individuals, but people see you guys
>>> as the OWASP Board, and that’s something that many of us don’t like
>>> to be the image of OWASP.
>>>
>>> Thanks
>>> -Abbas
>>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org
>>> <mailto:eoin.keary at owasp.org>> wrote:
>>>
>>>> To be clear, there was no recorded vote on this but a debate.
>>>>
>>>> I started the debate after reading about Mikko. (Even though I was
>>>> delivering the training with Jim and it is my material).
>>>>
>>>> The majority of board of OWASP feels getting involved in politics
>>>> is wrong and wanted to push ahead with the training.
>>>>
>>>> So if feelings are strong we need to vote on this ASAP? as leaders
>>>> of OWASP. A formal board vote? Executive decision from Sarah, our
>>>> executive director. 
>>>>
>>>>
>>>>
>>>> Eoin Keary
>>>> Owasp Global Board
>>>> +353 87 977 2988
>>>>
>>>>
>>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org
>>>> <mailto:sastry.tumuluri at owasp.org>> wrote:
>>>>
>>>>> Friends,
>>>>>
>>>>> Please see the following full conversation on twitter: 
>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>
>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at the
>>>>> RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board
>>>>> is also said to be present. Apparently, this was discussed at the
>>>>> OWASP board level; and the board has decided to go ahead, keeping
>>>>> in mind the benefit to the attending developers.
>>>>>
>>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>>> that only deepens the mistrust. As a protest, many leading
>>>>> speakers are cancelling their talks at the upcoming RSAC 2014.
>>>>> Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and
>>>>> Josh Thomas.
>>>>>
>>>>> At such a time, I am saddened by the OWASP board decision to
>>>>> support RSAC by their presence. At a time when they had the
>>>>> opportunity to let the world know how much they care for the
>>>>> Information Security profession (esp., against weakening crypto);
>>>>> and how much they care about the privacy of people (against NSA's
>>>>> unabashed spying on Americans & non-Americans alike), the board
>>>>> has copped out using a flimsy rationalization ("benefit of (a few)
>>>>> developers", many of who would rethink their attendance had OWASP
>>>>> and more organizations didn't blink!"). 
>>>>>
>>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>>> considered. However, this goes too deep for me to take it as
>>>>> "better men than me have considered and decided". As a matter of
>>>>> my personal values, if the situation doesn't change, I would no
>>>>> longer wish to continue as the OWASP Chapter Lead. Please let me
>>>>> know if any of you would like to take over from me. 
>>>>>
>>>>> I will also share my feelings with fellow chapter members at our
>>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>>> things go, I remain committed to the principles of our open and
>>>>> open-source infosec community.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> ==Sas3==
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140104/d4d6e3b5/attachment.html>


More information about the OWASP-Leaders mailing list