[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sat Jan 4 22:55:03 UTC 2014

Michael is giving the training, too?
I thought it's only Jim and you (Eoin)?

*Scratch my head* about the conflict of interest: You are probably
right. :-(
Which is very unfortunate as this decision can have a dimension that may
imply an "OWASP statement" about RSA's actions - far beyond the simple
scope of whether OWASP is paying for someone's trip to RSA.
It seems, if we do it, x people will read this as support for RSA's
actions; and if we cancel, y people will read this as a statement of
disapproval of RSA's actions.

Best regards, Tobias

Tobias Gondrom
OWASP Global Board Member

On 04/01/14 22:24, Eoin Keary wrote:
> Problem is, 3 of the board are actually delivering the class. So
> conflict of interest is there? So if vote is the way to go, id suggest
> we (3) abstain from the vote.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 4 Jan 2014, at 21:59, Tobias <tobias.gondrom at owasp.org
> <mailto:tobias.gondrom at owasp.org>> wrote:
>> On 04/01/14 18:18, Eoin Keary wrote:
>>> To be clear, there was no recorded vote on this but a debate.
>>> I started the debate after reading about Mikko. (Even though I was
>>> delivering the training with Jim and it is my material).
>>> The majority of board of OWASP feels getting involved in politics is
>>> wrong and wanted to push ahead with the training.
>>> So if feelings are strong we need to vote on this ASAP? as leaders
>>> of OWASP. A formal board vote? Executive decision from Sarah, our
>>> executive director. 
>> If we have to make a decision about this as a community, I expect
>> this to be voted on by the board following the guidance and input
>> from all community members.
>> - Tobias
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org
>>> <mailto:sastry.tumuluri at owasp.org>> wrote:
>>>> Friends,
>>>> Please see the following full conversation on twitter: 
>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>> Eoin Keary and Jim Manico (both OWASP board members) will be
>>>> presenting/conducting 4 hrs of free-of-cost AppSec training at the
>>>> RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board
>>>> is also said to be present. Apparently, this was discussed at the
>>>> OWASP board level; and the board has decided to go ahead, keeping
>>>> in mind the benefit to the attending developers.
>>>> As you are aware, RSA is strongly suspected (we'll never be 100%
>>>> sure, I'm afraid) of being complicit with NSA in enabling fatal
>>>> weakening of crypto products. RSA has issued a sort of a denial
>>>> that only deepens the mistrust. As a protest, many leading speakers
>>>> are cancelling their talks at the upcoming RSAC 2014. Among them
>>>> are (to my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>> At such a time, I am saddened by the OWASP board decision to
>>>> support RSAC by their presence. At a time when they had the
>>>> opportunity to let the world know how much they care for the
>>>> Information Security profession (esp., against weakening crypto);
>>>> and how much they care about the privacy of people (against NSA's
>>>> unabashed spying on Americans & non-Americans alike), the board has
>>>> copped out using a flimsy rationalization ("benefit of (a few)
>>>> developers", many of who would rethink their attendance had OWASP
>>>> and more organizations didn't blink!"). 
>>>> I'm sure there was a heated debate. I'm sure all angles were
>>>> considered. However, this goes too deep for me to take it as
>>>> "better men than me have considered and decided". As a matter of my
>>>> personal values, if the situation doesn't change, I would no longer
>>>> wish to continue as the OWASP Chapter Lead. Please let me know if
>>>> any of you would like to take over from me. 
>>>> I will also share my feelings with fellow chapter members at our
>>>> next chapter meeting on Jan 21st. Needless to say, no matter how
>>>> things go, I remain committed to the principles of our open and
>>>> open-source infosec community.
>>>> Best regards,
>>>> ==Sas3==
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140104/a63a5d5d/attachment-0001.html>

More information about the OWASP-Leaders mailing list