[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with

Amro amro at owasp.org
Sat Jan 4 21:29:11 UTC 2014


On 1/5/14, 12:49 AM, Dennis Groves wrote:
> Indeed, everywhere I look on RSA's website it is heavily branded as 
> OWASP. The slides are currently branded as OWASP.  We are sending our 
> board members???
> RSA are no better than criminals at this point; it is obvious why they 
> want the OWASP brand associated with their brand; why in the world do 
> we want our brand sullied by their less that above board reputation?
> I am starting to disagree more and more with this, I just fail to see 
> what good for OWASP can come from lying down with a dog full of fleas.
> Dennis
> On Sat, Jan 4, 2014 at 1:26 PM, Eoin Keary <eoin.keary at owasp.org 
> <mailto:eoin.keary at owasp.org>> wrote:
>     Thanks please keep letting us know your feelings on this.
>     Id like to hear from our executive director and other board
>     members also please?
>     Eoin Keary
>     Owasp Global Board
>     +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>     On 4 Jan 2014, at 19:59, Larry Conklin <larry.conklin at owasp.org
>     <mailto:larry.conklin at owasp.org>> wrote:
>>     I totally support Eoin and Jim with Michael on giving free
>>     training at RSA convetion. Seems we have two very clear-cut
>>     issues at hand. In fact I want to thank then for being willing to
>>     take time away from their work, families in doing this.
>>     First issue is security training. In wake of the Target data
>>     breach, which I am caught up in, this should be OWASP first
>>     mission, " disseminate security principles and information to
>>     everyone, especially software deveopers,CEO's and CIO's". This is
>>     what they are doing. We should all get behind them and thank them
>>     for their willniess to do exactly this.
>>     Second issue is NSA issue. I realize the OWASP is an internation
>>     origazation. But the NSA issue is an American issue. Granted the
>>     resolution with be influenced by internation pressure and our own
>>     (American) political, judicial systems and (American and
>>     Internation) free enterprise capital markets. How that will work
>>     out I am unsure of. I can say with some certainity that the
>>     resolution will not to everyones satisfaction.
>>     The idea that saying something in front of an origanization like
>>     RSA is saying you fully support everything they do and say is
>>     without merit and an over reach. Working for BP Oil does not mean
>>     you favior private enterprise over environmental safety.
>>     Larry Conklin, CISSP
>>     On Sat, Jan 4, 2014 at 1:31 PM, John Wilander
>>     <john.wilander at owasp.org <mailto:john.wilander at owasp.org>> wrote:
>>         My personal view as a longtime community member ...
>>         I would like OWASP to cancel the developer training and any
>>         other official presence at this year's RSA Con.
>>         You might argue the NSA revelations are politics. I disagree.
>>         This is technology, standards, research, business, and
>>         politics in a disastrous cocktail. Global mass surveillance
>>         and weakened crypto are things we used to talk about as worst
>>         case scenarios, remember? Others would call us paranoids.
>>         Now we know. This is earthshakingly bad, at the core of what
>>         OWASP stands for.
>>         Our brand is strong. We're independent, community-driven and
>>         global. This is our chance to show we're better than RSA and
>>         our conference series OWASP AppSec is a better place to give
>>         talks and meet peers.
>>         Don't support RSA until they come clean. Please.
>>         /John
>>         -- 
>>         Twitter https://twitter.com/johnwilander
>>         CV or Résumé http://johnwilander.se
>>         4 jan 2014 kl. 19:42 skrev Eoin Keary <eoin.keary at owasp.org
>>         <mailto:eoin.keary at owasp.org>>:
>>>         we are participating as OWASP.
>>>         OWASP was asked to do this initially by RSA.
>>>         Our material has no personal or company branding but OWASP
>>>         branding.
>>>         Thanks for feedback.
>>>         Eoin Keary
>>>         Owasp Global Board
>>>         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>         On 4 Jan 2014, at 18:24, Abbas Naderi
>>>         <abbas.naderi at owasp.org <mailto:abbas.naderi at owasp.org>> wrote:
>>>>         I strongly support Sastry on this one.
>>>>         You might be participating as individuals, but people see
>>>>         you guys as the OWASP Board, and that's something that many
>>>>         of us don't like to be the image of OWASP.
>>>>         Thanks
>>>>         -Abbas
>>>>         On Jan 4, 2014, at 1:18 PM, Eoin Keary
>>>>         <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>>>>>         To be clear, there was no recorded vote on this but a debate.
>>>>>         I started the debate after reading about Mikko. (Even
>>>>>         though I was delivering the training with Jim and it is my
>>>>>         material).
>>>>>         The majority of board of OWASP feels getting involved in
>>>>>         politics is wrong and wanted to push ahead with the training.
>>>>>         So if feelings are strong we need to vote on this ASAP? as
>>>>>         leaders of OWASP. A formal board vote? Executive decision
>>>>>         from Sarah, our executive director.
>>>>>         Eoin Keary
>>>>>         Owasp Global Board
>>>>>         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>>>         On 4 Jan 2014, at 16:48, Sastry Tumuluri
>>>>>         <sastry.tumuluri at owasp.org
>>>>>         <mailto:sastry.tumuluri at owasp.org>> wrote:
>>>>>>         Friends,
>>>>>>         Please see the following full conversation on twitter:
>>>>>>         https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>         Eoin Keary and Jim Manico (both OWASP board members) will
>>>>>>         be presenting/conducting 4 hrs of free-of-cost AppSec
>>>>>>         training at the RSA Conference, 2014. Michael Coates,
>>>>>>         Chairman of the OWASP Board is also said to be present.
>>>>>>         Apparently, this was discussed at the OWASP board level;
>>>>>>         and the board has decided to go ahead, keeping in mind
>>>>>>         the benefit to the attending developers.
>>>>>>         As you are aware, RSA is strongly suspected (we'll never
>>>>>>         be 100% sure, I'm afraid) of being complicit with NSA in
>>>>>>         enabling fatal weakening of crypto products. RSA has
>>>>>>         issued a sort of a denial that only deepens the mistrust.
>>>>>>         As a protest, many leading speakers are cancelling their
>>>>>>         talks at the upcoming RSAC 2014. Among them are (to my
>>>>>>         knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>>>>         At such a time, I am saddened by the OWASP board decision
>>>>>>         to support RSAC by their presence. At a time when they
>>>>>>         had the opportunity to let the world know how much they
>>>>>>         care for the Information Security profession (esp.,
>>>>>>         against weakening crypto); and how much they care about
>>>>>>         the privacy of people (against NSA's unabashed spying on
>>>>>>         Americans & non-Americans alike), the board has copped
>>>>>>         out using a flimsy rationalization ("benefit of (a few)
>>>>>>         developers", many of who would rethink their attendance
>>>>>>         had OWASP and more organizations didn't blink!").
>>>>>>         I'm sure there was a heated debate. I'm sure all angles
>>>>>>         were considered. However, this goes too deep for me to
>>>>>>         take it as "better men than me have considered and
>>>>>>         decided". As a matter of my personal values, if the
>>>>>>         situation doesn't change, I would no longer wish to
>>>>>>         continue as the OWASP Chapter Lead. Please let me know if
>>>>>>         any of you would like to take over from me.
>>>>>>         I will also share my feelings with fellow chapter members
>>>>>>         at our next chapter meeting on Jan 21st. Needless to say,
>>>>>>         no matter how things go, I remain committed to the
>>>>>>         principles of our open and open-source infosec community.
>>>>>>         Best regards,
>>>>>>         ==Sas3==
>>>>>         _______________________________________________
>>>>>         OWASP-Leaders mailing list
>>>>>         OWASP-Leaders at lists.owasp.org
>>>>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>>>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>         _______________________________________________
>>>         OWASP-Leaders mailing list
>>>         OWASP-Leaders at lists.owasp.org
>>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>         _______________________________________________
>>         OWASP-Leaders mailing list
>>         OWASP-Leaders at lists.owasp.org
>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
> -- 
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <mailto:dennis.groves at owasp.org> or schedule a meeting 
> <http://goo.gl/8sPIy>.
> /This email is licensed under a CC BY-ND 3.0 
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
> Stand up for your freedom to install free software. 
> <http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> <http://www.owasp.org/>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/22221147/attachment-0001.html>

More information about the OWASP-Leaders mailing list