[Owasp-leaders] OWASP Board decision that I don't agree with

John Wilander john.wilander at owasp.org
Sun Jan 5 00:44:12 UTC 2014


2014/1/5 Tobias <tobias.gondrom at owasp.org>

> So far I am mostly
> talking about not actively supporting some companies with our OWASP
> brand name and our OWASP money if they have actively worked against the
> OWASP mission.


Exactly my point. RSAC will be back 2015 and by then their connections to
NSA will hopefully be public and scrutinized. But right now we don't know
where this will go. OWASP is taking a great risk, not only the risk of
smudging our brand but also in tearing up things between continents and
countries.

Jim, you mentioned Sweden. I am ashamed of how the Swedish intelligence
agency FRA has acted against its own people and the citizens of other
countries. Although I'm no longer co-leader of our OWASP chapter I would
strongly oppose any joint ventures or invited talks if they involved FRA
directly or any business found to have helped FRA subvert security of
people not suspected of serious crime. I'm member of the liberal party here
(Folkpartiet) and they're part of the government. Therefore I've sent a
detailed email to my party leader, telling him what is wrong with today's
policy and what should change.

Look at what's been revealed on surveillance in Germany, Brazil, Sweden
etc. Is it wise for OWASP to give free training at an event run by an
American company helping the American National Security Agency to subvert
basic security building blocks? We could either lose a lot of credibility
by being associated with RSA in the middle of this global security crisis,
or we could gain credibility by staying away from RSA while this plays out.

To all of you: The fact that we're having this discussion in the open makes
me proud. Imagine RSA doing the same.

   /John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/334e8cd0/attachment-0001.html>


More information about the OWASP-Leaders mailing list