[Owasp-leaders] OWASP Board decision that I don't agree with

Justin Searle justin at meeas.com
Sun Jan 5 19:21:49 UTC 2014


I don't think there are any of us in this community that would condone
RSA's actions, however we must also remember that we don't all share the
same ideas on how to make our opinions known and how to fight against this
sort of behavior to prevent further abuse in the future.  I applaud
individuals that choose to stand up be canceling their talks.  I think that
gets the message to the media which amplifies it to the world.  However
that isn't the only option to fighting back.  Showing up at RSA to give
your presentation/training and making the audience know your position about
the need for  openness in security products, wether explicitly mentioning
the RSA example or not, is another valid way to fight back.

Whatever we do, lets not let disagreement in a particular action tear our
community apart.  Drama has never helped our cause in the past, and never
will in the future.  Lets acknowledge we are all on the same page about
abhorrent mis-steps of RSA decision makers, lets support the decision of
the OWASP board which was made with all of our opinions in mind, including
the best path for the organization, and lets stand united.  That doesn't
stop any of us from making our own statements against RSA, nor canceling
our own talks if you were accepted.  But lets not fragment a community
whose whole goal it to provide education and alternative solutions to the
broken security models that exist elsewhere, like RSA.


Justin Searle
Managing Partner - UtiliSec
+1 801-784-2052
justin at utilisec.com
justin at meeas.com


On Sat, Jan 4, 2014 at 11:24 AM, Abbas Naderi <abbas.naderi at owasp.org>wrote:

> I strongly support Sastry on this one.
>
> You might be participating as individuals, but people see you guys as the
> OWASP Board, and that’s something that many of us don’t like to be the
> image of OWASP.
>
> Thanks
> -Abbas
> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
> To be clear, there was no recorded vote on this but a debate.
>
> I started the debate after reading about Mikko. (Even though I was
> delivering the training with Jim and it is my material).
>
> The majority of board of OWASP feels getting involved in politics is wrong
> and wanted to push ahead with the training.
>
> So if feelings are strong we need to vote on this ASAP? as leaders of
> OWASP. A formal board vote? Executive decision from Sarah, our executive
> director.
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org>
> wrote:
>
> Friends,
>
> Please see the following full conversation on twitter:
> https://twitter.com/EoinKeary/status/419111748424454145
>
> Eoin Keary and Jim Manico (both OWASP board members) will be
> presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA
> Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said
> to be present. Apparently, this was discussed at the OWASP board level; and
> the board has decided to go ahead, keeping in mind the benefit to the
> attending developers.
>
> As you are aware, RSA is strongly suspected (we'll never be 100% sure, I'm
> afraid) of being complicit with NSA in enabling fatal weakening of crypto
> products. RSA has issued a sort of a denial that only deepens the mistrust.
> As a protest, many leading speakers are cancelling their talks at the
> upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
> Jeffrey Carr and Josh Thomas.
>
> At such a time, I am saddened by the OWASP board decision to support RSAC
> by their presence. At a time when they had the opportunity to let the world
> know how much they care for the Information Security profession (esp.,
> against weakening crypto); and how much they care about the privacy of
> people (against NSA's unabashed spying on Americans & non-Americans alike),
> the board has copped out using a flimsy rationalization ("benefit of (a
> few) developers", many of who would rethink their attendance had OWASP and
> more organizations didn't blink!").
>
> I'm sure there was a heated debate. I'm sure all angles were considered.
> However, this goes too deep for me to take it as "better men than me have
> considered and decided". As a matter of my personal values, if the
> situation doesn't change, I would no longer wish to continue as the OWASP
> Chapter Lead. Please let me know if any of you would like to take over from
> me.
>
> I will also share my feelings with fellow chapter members at our next
> chapter meeting on Jan 21st. Needless to say, no matter how things go, I
> remain committed to the principles of our open and open-source infosec
> community.
>
> Best regards,
>
> ==Sas3==
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/1c1c0b7b/attachment.html>


More information about the OWASP-Leaders mailing list