[Owasp-leaders] OWASP Board decision that I don't agree with

Dinis Cruz dinis.cruz at owasp.org
Sun Jan 5 20:36:27 UTC 2014


I actually think that there are fellow Owasp leaders and contributors that
probably agree with what RSA did, and I think that as an open community we
should accept that. In fact I'll fight for the right of others to have
opinions that I don't agree with

Also let's not put the 'RSA NSA deal' (if it is true) as the benchmark of
bad/unethical behaviour by companies. I've seen much worse in the
Application Security space.
On 5 Jan 2014 19:23, "Justin Searle" <justin at meeas.com> wrote:

> I don't think there are any of us in this community that would condone
> RSA's actions, however we must also remember that we don't all share the
> same ideas on how to make our opinions known and how to fight against this
> sort of behavior to prevent further abuse in the future.  I applaud
> individuals that choose to stand up be canceling their talks.  I think that
> gets the message to the media which amplifies it to the world.  However
> that isn't the only option to fighting back.  Showing up at RSA to give
> your presentation/training and making the audience know your position about
> the need for  openness in security products, wether explicitly mentioning
> the RSA example or not, is another valid way to fight back.
>
> Whatever we do, lets not let disagreement in a particular action tear our
> community apart.  Drama has never helped our cause in the past, and never
> will in the future.  Lets acknowledge we are all on the same page about
> abhorrent mis-steps of RSA decision makers, lets support the decision of
> the OWASP board which was made with all of our opinions in mind, including
> the best path for the organization, and lets stand united.  That doesn't
> stop any of us from making our own statements against RSA, nor canceling
> our own talks if you were accepted.  But lets not fragment a community
> whose whole goal it to provide education and alternative solutions to the
> broken security models that exist elsewhere, like RSA.
>
>
> Justin Searle
> Managing Partner - UtiliSec
> +1 801-784-2052
> justin at utilisec.com
> justin at meeas.com
>
>
> On Sat, Jan 4, 2014 at 11:24 AM, Abbas Naderi <abbas.naderi at owasp.org>wrote:
>
>> I strongly support Sastry on this one.
>>
>> You might be participating as individuals, but people see you guys as the
>> OWASP Board, and that’s something that many of us don’t like to be the
>> image of OWASP.
>>
>> Thanks
>> -Abbas
>> On Jan 4, 2014, at 1:18 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>> To be clear, there was no recorded vote on this but a debate.
>>
>> I started the debate after reading about Mikko. (Even though I was
>> delivering the training with Jim and it is my material).
>>
>> The majority of board of OWASP feels getting involved in politics is
>> wrong and wanted to push ahead with the training.
>>
>> So if feelings are strong we need to vote on this ASAP? as leaders of
>> OWASP. A formal board vote? Executive decision from Sarah, our executive
>> director.
>>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 4 Jan 2014, at 16:48, Sastry Tumuluri <sastry.tumuluri at owasp.org>
>> wrote:
>>
>> Friends,
>>
>> Please see the following full conversation on twitter:
>> https://twitter.com/EoinKeary/status/419111748424454145
>>
>> Eoin Keary and Jim Manico (both OWASP board members) will be
>> presenting/conducting 4 hrs of free-of-cost AppSec training at the RSA
>> Conference, 2014. Michael Coates, Chairman of the OWASP Board is also said
>> to be present. Apparently, this was discussed at the OWASP board level; and
>> the board has decided to go ahead, keeping in mind the benefit to the
>> attending developers.
>>
>> As you are aware, RSA is strongly suspected (we'll never be 100% sure,
>> I'm afraid) of being complicit with NSA in enabling fatal weakening of
>> crypto products. RSA has issued a sort of a denial that only deepens the
>> mistrust. As a protest, many leading speakers are cancelling their talks at
>> the upcoming RSAC 2014. Among them are (to my knowledge) Mikko Hypponen,
>> Jeffrey Carr and Josh Thomas.
>>
>> At such a time, I am saddened by the OWASP board decision to support RSAC
>> by their presence. At a time when they had the opportunity to let the world
>> know how much they care for the Information Security profession (esp.,
>> against weakening crypto); and how much they care about the privacy of
>> people (against NSA's unabashed spying on Americans & non-Americans alike),
>> the board has copped out using a flimsy rationalization ("benefit of (a
>> few) developers", many of who would rethink their attendance had OWASP and
>> more organizations didn't blink!").
>>
>> I'm sure there was a heated debate. I'm sure all angles were considered.
>> However, this goes too deep for me to take it as "better men than me have
>> considered and decided". As a matter of my personal values, if the
>> situation doesn't change, I would no longer wish to continue as the OWASP
>> Chapter Lead. Please let me know if any of you would like to take over from
>> me.
>>
>> I will also share my feelings with fellow chapter members at our next
>> chapter meeting on Jan 21st. Needless to say, no matter how things go, I
>> remain committed to the principles of our open and open-source infosec
>> community.
>>
>> Best regards,
>>
>> ==Sas3==
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/25c2faf7/attachment-0001.html>


More information about the OWASP-Leaders mailing list