[Owasp-leaders] OWASP Board decision that I don't agree with

Mohammed ALDOUB mohammed.aldoub at owasp.org
Sat Jan 4 21:13:55 UTC 2014


I agree with the folks that favor cancelling the RSA con presence. 

We at OWASP might be vendor neutral but we are not ethics neutral. 

The issue of RSA/NSA is an ethical topic closely related to our field of work and focus (unlike the environment for example). It would be in our favor to demonstrate our disapproval of intentional weakening of global security for the purpose of surveillance, it is in fact contrary to our goal. 

We can't participate in a conference that promotes software insecurity (if such thing exists), so why wade into the mud of participating in a conference hosted by a company that deliberately made millions vulnerable for a (relatively) cheap price? 



It's a good chance to avoid making a big mistake. 

======
Mohammed ALDOUB 
Kuwait chapter leader 

Dennis Groves <dennis.groves at owasp.org> wrote:
>+1. This can not be better stated. Also, this is precisely why Richard
>Stallman is right about software freedom.
>
>It's is unfortunately the case you are all on the board, as such you
>represent the community no matter how inconvenient it is to you.
>
>Sent from my mobile device, apologies for the brevity and spelling
>errors.
>On Jan 4, 2014 12:33 PM, "John Wilander" <john.wilander at owasp.org>
>wrote:
>
>> My personal view as a longtime community member …
>>
>> I would like OWASP to cancel the developer training and any other
>official
>> presence at this year's RSA Con.
>>
>> You might argue the NSA revelations are politics. I disagree. This is
>> technology, standards, research, business, and politics in a
>disastrous
>> cocktail. Global mass surveillance and weakened crypto are things we
>used
>> to talk about as worst case scenarios, remember? Others would call us
>> paranoids.
>>
>> Now we know. This is earthshakingly bad, at the core of what OWASP
>stands
>> for.
>>
>> Our brand is strong. We're independent, community-driven and global.
>This
>> is our chance to show we're better than RSA and our conference series
>OWASP
>> AppSec is a better place to give talks and meet peers.
>>
>> Don't support RSA until they come clean. Please.
>>
>> /John
>>
>> --
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>>
>> 4 jan 2014 kl. 19:42 skrev Eoin Keary <eoin.keary at owasp.org>:
>>
>> we are participating as OWASP.
>> OWASP was asked to do this initially by RSA.
>> Our material has no personal or company branding but OWASP branding.
>> Thanks for feedback.
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 18:24, Abbas Naderi <abbas.naderi at owasp.org> wrote:
>>
>> I strongly support Sastry on this one.
>>
>> You might be participating as individuals, but people see you guys as
>the
>> OWASP Board, and that’s something that many of us don’t like to be
>the
>> image of OWASP.
>>
>> Thanks
>> -Abbas
>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>> To be clear, there was no recorded vote on this but a debate.
>>
>> I started the debate after reading about Mikko. (Even though I was
>> delivering the training with Jim and it is my material).
>>
>> The majority of board of OWASP feels getting involved in politics is
>wrong
>> and wanted to push ahead with the training.
>>
>> So if feelings are strong we need to vote on this ASAP? as leaders of
>> OWASP. A formal board vote? Executive decision from Sarah, our
>executive
>> director.
>>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org>
>> wrote:
>>
>> Friends,
>>
>> Please see the following full conversation on twitter:
>> https://twitter.com/EoinKeary/status/419111748424454145
>>
>> Eoin Keary and Jim Manico (both OWASP board members) will be
>> presenting/conducting 4 hrs of free-of-cost AppSec training at the
>RSA
>> Conference, 2014. Michael Coates, Chairman of the OWASP Board is also
>said
>> to be present. Apparently, this was discussed at the OWASP board
>level; and
>> the board has decided to go ahead, keeping in mind the benefit to the
>> attending developers.
>>
>> As you are aware, RSA is strongly suspected (we'll never be 100%
>sure, I'm
>> afraid) of being complicit with NSA in enabling fatal weakening of
>crypto
>> products. RSA has issued a sort of a denial that only deepens the
>mistrust.
>> As a protest, many leading speakers are cancelling their talks at the
>> upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
>> Jeffrey Carr and Josh Thomas.
>>
>> At such a time, I am saddened by the OWASP board decision to support
>RSAC
>> by their presence. At a time when they had the opportunity to let the
>world
>> know how much they care for the Information Security profession
>(esp.,
>> against weakening crypto); and how much they care about the privacy
>of
>> people (against NSA's unabashed spying on Americans & non-Americans
>alike),
>> the board has copped out using a flimsy rationalization ("benefit of
>(a
>> few) developers", many of who would rethink their attendance had
>OWASP and
>> more organizations didn't blink!").
>>
>> I'm sure there was a heated debate. I'm sure all angles were
>considered.
>> However, this goes too deep for me to take it as "better men than me
>have
>> considered and decided". As a matter of my personal values, if the
>> situation doesn't change, I would no longer wish to continue as the
>OWASP
>> Chapter Lead. Please let me know if any of you would like to take
>over from
>> me.
>>
>> I will also share my feelings with fellow chapter members at our next
>> chapter meeting on Jan 21st. Needless to say, no matter how things
>go, I
>> remain committed to the principles of our open and open-source
>infosec
>> community.
>>
>> Best regards,
>>
>> ==Sas3==
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/78d3054b/attachment.html>


More information about the OWASP-Leaders mailing list