[Owasp-leaders] OWASP Board decision that I don't agree with

Tobias tobias.gondrom at owasp.org
Sun Jan 5 00:16:05 UTC 2014


Jim,

I am not speaking about "enacting punishment". So far I am mostly
talking about not actively supporting some companies with our OWASP
brand name and our OWASP money if they have actively worked against the
OWASP mission.

Tobias


Ps.: It is indeed a complicated world. (did you choose the blue or the
red pill? ;-) )
Pss.: on that note: good night and have a great day in Hawaii. ;-)


On 05/01/14 00:01, Jim Manico wrote:
> The point I am trying to make is that very few companies, countries and agencies are innocent when it comes to the Snowden affair. If we want to start enacting punishment on one without taking a more substantial position on this topic, then we are enacting punishment in a very unfair way.
>
> I am no fan of the recent revelations, but the network of folks involved is quite extensive. RSA is just one piece in a very complicated and extensive international intelligence gathering puzzle.
>
> - Jim
>
>
>> Agree with Abbas, your tangent is quite weak. IMHO you try to twist
>> things too far. As written on the OWASP board mailing-list: "relax and
>> calm down a bit and take a step back. Polemic is not exactly helping the
>> discussion. The world is not only black or white." ;-)
>>
>> However, I do agree that we should develop some framework on how to
>> re-act when someone is actively acting against the core principles of
>> the OWASP community.
>>
>> All the best, Tobias
>>
>>
>> On 04/01/14 23:40, Abbas Naderi wrote:
>>> Its a different story, it seems like you're trying to twist the reality here.
>>> -A
>>> On Jan 4, 2014, at 6:36 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> Another issue that is tangential.
>>>>
>>>> We are applying for several big money DHS grants. These help keep the foundation running.
>>>>
>>>> Should be reject all of these grants because of the Snowden affair? It we abort RSA but continue to take DHS money, then we send a mixed message.
>>>>
>>>> Aloha,
>>>> Jim
>>>>
>>>>> I strongly support Sastry on this one.
>>>>>
>>>>> You might be participating as individuals, but people see you guys as the OWASP Board, and that's something that many of us don't like to be the image of OWASP.
>>>>>
>>>>> Thanks
>>>>> -Abbas
>>>>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>>>>
>>>>>> To be clear, there was no recorded vote on this but a debate.
>>>>>>
>>>>>> I started the debate after reading about Mikko. (Even though I was delivering the training with Jim and it is my material).
>>>>>>
>>>>>> The majority of board of OWASP feels getting involved in politics is wrong and wanted to push ahead with the training.
>>>>>>
>>>>>> So if feelings are strong we need to vote on this ASAP? as leaders of OWASP. A formal board vote? Executive decision from Sarah, our executive director. 
>>>>>>
>>>>>>
>>>>>>
>>>>>> Eoin Keary
>>>>>> Owasp Global Board
>>>>>> +353 87 977 2988
>>>>>>
>>>>>>
>>>>>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org> wrote:
>>>>>>
>>>>>>> Friends,
>>>>>>>
>>>>>>> Please see the following full conversation on twitter: 
>>>>>>> https://twitter.com/EoinKeary/status/419111748424454145
>>>>>>>
>>>>>>> Eoin Keary and Jim Manico (both OWASP board members) will be presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said to be present. Apparently, this was discussed at the OWASP board level; and the board has decided to go ahead, keeping in mind the benefit to the attending developers.
>>>>>>>
>>>>>>> As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm afraid) of being complicit with NSA in enabling fatal weakening of crypto products. RSA has issued a sort of a denial that only deepens the mistrust. As a protest, many leading speakers are cancelling their talks at the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen, Jeffrey Carr and Josh Thomas.
>>>>>>>
>>>>>>> At such a time, I am saddened by the OWASP board decision to support RSAC by their presence. At a time when they had the opportunity to let the world know how much they care for the Information Security profession (esp., against weakening crypto); and how much they care about the privacy of people (against NSA's unabashed spying on Americans & non-Americans alike), the board has copped out using a flimsy rationalization ("benefit of (a few) developers", many of who would rethink their attendance had OWASP and more organizations didn't blink!"). 
>>>>>>>
>>>>>>> I'm sure there was a heated debate. I'm sure all angles were considered. However, this goes too deep for me to take it as "better men than me have considered and decided". As a matter of my personal values, if the situation doesn't change, I would no longer wish to continue as the OWASP Chapter Lead. Please let me know if any of you would like to take over from me. 
>>>>>>>
>>>>>>> I will also share my feelings with fellow chapter members at our next chapter meeting on Jan 21st. Needless to say, no matter how things go, I remain committed to the principles of our open and open-source infosec community.
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> ==Sas3==
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>



More information about the OWASP-Leaders mailing list