[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with
Amro
amro at owasp.org
Sat Jan 4 21:29:11 UTC 2014
+1
On 1/5/14, 12:49 AM, Dennis Groves wrote:
> Indeed, everywhere I look on RSA's website it is heavily branded as
> OWASP. The slides are currently branded as OWASP. We are sending our
> board members???
>
> RSA are no better than criminals at this point; it is obvious why they
> want the OWASP brand associated with their brand; why in the world do
> we want our brand sullied by their less that above board reputation?
>
> I am starting to disagree more and more with this, I just fail to see
> what good for OWASP can come from lying down with a dog full of fleas.
>
> Dennis
>
>
> On Sat, Jan 4, 2014 at 1:26 PM, Eoin Keary <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
> Thanks please keep letting us know your feelings on this.
>
> Id like to hear from our executive director and other board
> members also please?
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>
>
> On 4 Jan 2014, at 19:59, Larry Conklin <larry.conklin at owasp.org
> <mailto:larry.conklin at owasp.org>> wrote:
>
>> I totally support Eoin and Jim with Michael on giving free
>> training at RSA convetion. Seems we have two very clear-cut
>> issues at hand. In fact I want to thank then for being willing to
>> take time away from their work, families in doing this.
>>
>> First issue is security training. In wake of the Target data
>> breach, which I am caught up in, this should be OWASP first
>> mission, " disseminate security principles and information to
>> everyone, especially software deveopers,CEO's and CIO's". This is
>> what they are doing. We should all get behind them and thank them
>> for their willniess to do exactly this.
>>
>> Second issue is NSA issue. I realize the OWASP is an internation
>> origazation. But the NSA issue is an American issue. Granted the
>> resolution with be influenced by internation pressure and our own
>> (American) political, judicial systems and (American and
>> Internation) free enterprise capital markets. How that will work
>> out I am unsure of. I can say with some certainity that the
>> resolution will not to everyones satisfaction.
>>
>> The idea that saying something in front of an origanization like
>> RSA is saying you fully support everything they do and say is
>> without merit and an over reach. Working for BP Oil does not mean
>> you favior private enterprise over environmental safety.
>>
>>
>> Larry Conklin, CISSP
>>
>>
>>
>> On Sat, Jan 4, 2014 at 1:31 PM, John Wilander
>> <john.wilander at owasp.org <mailto:john.wilander at owasp.org>> wrote:
>>
>> My personal view as a longtime community member ...
>>
>> I would like OWASP to cancel the developer training and any
>> other official presence at this year's RSA Con.
>>
>> You might argue the NSA revelations are politics. I disagree.
>> This is technology, standards, research, business, and
>> politics in a disastrous cocktail. Global mass surveillance
>> and weakened crypto are things we used to talk about as worst
>> case scenarios, remember? Others would call us paranoids.
>>
>> Now we know. This is earthshakingly bad, at the core of what
>> OWASP stands for.
>>
>> Our brand is strong. We're independent, community-driven and
>> global. This is our chance to show we're better than RSA and
>> our conference series OWASP AppSec is a better place to give
>> talks and meet peers.
>>
>> Don't support RSA until they come clean. Please.
>>
>> /John
>>
>> --
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>>
>> 4 jan 2014 kl. 19:42 skrev Eoin Keary <eoin.keary at owasp.org
>> <mailto:eoin.keary at owasp.org>>:
>>
>>> we are participating as OWASP.
>>> OWASP was asked to do this initially by RSA.
>>> Our material has no personal or company branding but OWASP
>>> branding.
>>> Thanks for feedback.
>>>
>>>
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>
>>>
>>> On 4 Jan 2014, at 18:24, Abbas Naderi
>>> <abbas.naderi at owasp.org <mailto:abbas.naderi at owasp.org>> wrote:
>>>
>>>> I strongly support Sastry on this one.
>>>>
>>>> You might be participating as individuals, but people see
>>>> you guys as the OWASP Board, and that's something that many
>>>> of us don't like to be the image of OWASP.
>>>>
>>>> Thanks
>>>> -Abbas
>>>> On Jan 4, 2014, at 1:18 PM, Eoin Keary
>>>> <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>> wrote:
>>>>
>>>>> To be clear, there was no recorded vote on this but a debate.
>>>>>
>>>>> I started the debate after reading about Mikko. (Even
>>>>> though I was delivering the training with Jim and it is my
>>>>> material).
>>>>>
>>>>> The majority of board of OWASP feels getting involved in
>>>>> politics is wrong and wanted to push ahead with the training.
>>>>>
>>>>> So if feelings are strong we need to vote on this ASAP? as
>>>>> leaders of OWASP. A formal board vote? Executive decision
>>>>> from Sarah, our executive director.
>>>>>
>>>>>
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>>>>>
>>>>>
>>>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri
>>>>> <sastry.tumuluri at owasp.org
>>>>> <mailto:sastry.tumuluri at owasp.org>> wrote:
>>>>>
>>>>>> Friends,
>>>>>>
>>>>>> Please see the following full conversation on twitter:
>>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>
>>>>>> Eoin Keary and Jim Manico (both OWASP board members) will
>>>>>> be presenting/conducting 4 hrs of free-of-cost AppSec
>>>>>> training at the RSA Conference, 2014. Michael Coates,
>>>>>> Chairman of the OWASP Board is also said to be present.
>>>>>> Apparently, this was discussed at the OWASP board level;
>>>>>> and the board has decided to go ahead, keeping in mind
>>>>>> the benefit to the attending developers.
>>>>>>
>>>>>> As you are aware, RSA is strongly suspected (we'll never
>>>>>> be 100% sure, I'm afraid) of being complicit with NSA in
>>>>>> enabling fatal weakening of crypto products. RSA has
>>>>>> issued a sort of a denial that only deepens the mistrust.
>>>>>> As a protest, many leading speakers are cancelling their
>>>>>> talks at the upcoming RSAC 2014. Among them are (to my
>>>>>> knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>>>>
>>>>>> At such a time, I am saddened by the OWASP board decision
>>>>>> to support RSAC by their presence. At a time when they
>>>>>> had the opportunity to let the world know how much they
>>>>>> care for the Information Security profession (esp.,
>>>>>> against weakening crypto); and how much they care about
>>>>>> the privacy of people (against NSA's unabashed spying on
>>>>>> Americans & non-Americans alike), the board has copped
>>>>>> out using a flimsy rationalization ("benefit of (a few)
>>>>>> developers", many of who would rethink their attendance
>>>>>> had OWASP and more organizations didn't blink!").
>>>>>>
>>>>>> I'm sure there was a heated debate. I'm sure all angles
>>>>>> were considered. However, this goes too deep for me to
>>>>>> take it as "better men than me have considered and
>>>>>> decided". As a matter of my personal values, if the
>>>>>> situation doesn't change, I would no longer wish to
>>>>>> continue as the OWASP Chapter Lead. Please let me know if
>>>>>> any of you would like to take over from me.
>>>>>>
>>>>>> I will also share my feelings with fellow chapter members
>>>>>> at our next chapter meeting on Jan 21st. Needless to say,
>>>>>> no matter how things go, I remain committed to the
>>>>>> principles of our open and open-source infosec community.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> ==Sas3==
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> <mailto:OWASP-Leaders at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> <mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> <mailto:OWASP-Leaders at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
> --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <mailto:dennis.groves at owasp.org> or schedule a meeting
> <http://goo.gl/8sPIy>.
> /This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
> Stand up for your freedom to install free software.
> <http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>
> <http://www.owasp.org/>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/22221147/attachment-0001.html>
More information about the OWASP-Leaders
mailing list