[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with

johanna curiel curiel johanna.curiel at owasp.org
Mon Jan 6 03:40:36 UTC 2014


Hi All

I don't think is fair to judge an organization without substantial proof.

All I see are unconfirmed allegations accusing RSA .

I support OWASP assisting to RSA to promote OWASP goals and mission.
That RSA is accused by Snowden who has his issues with NSA, that's another
story

So, are we going to join a group of people that want to sabotage RSA who is
being accused guilty (by Snowden) of something no one knows for sure they
did? This does not sound very fair to me.

I think this is great chance to explain people at the conference what
exactly makes this algorithm weak and why.

"Not only is Dual_EC hilariously slow - which has real performance
implications - it was shown to be a just plain bad random number generator
all the way back in 2006. By 2007, when [cryptographers Dan] Shumow and
[Niels] Ferguson raised the possibility of a backdoor in the specification,
no sensible cryptographer would go near the thing."

Reference

http://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/

http://www.theregister.co.uk/2013/09/23/rsa_crypto_warning/

http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220



regards

Johanna





On Sun, Jan 5, 2014 at 8:24 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Exactly, your analysis is spot-on Tobias.
> - Jim
>
> > Jim,
> >
> > reading your link, *our non-profit status does in fact __not____ forbid
> > us from getting involved in politics as in advocating our mission and
> > making public statements about it. *
> >
> > There is a huge difference between political campaigning on behalf of
> > any candidate for elective public office (which is forbidden for
> > non-profit) and general advocacy and politics aka an organisation making
> > a public statement or advocating that certain things are in line with
> > our OWASP mission and a really good idea and others are against the
> > OWASP mission aka a really bad idea.
> >
> > For anyone interested, I recommend to follow and read the link that you
> > sent, it specifies that a political campaign in the sense of the IRS is:
> > "What is a political campaign? In general, the IRS rule refers to
> > campaigns between people who are running for offices in public
> > elections. These can include: candidates running for president of the
> > U.S.; candidates running for governor; candidates running for mayor; and
> > also candidates for lower elected offices such as school board
> > officials, city supervisors, and county trustees."
> >
> > And in fact your article explicitly states that: *"Your organization can
> > engage in legislative advocacy and issue-related advocacy, as long as it
> > follows certain rules and steers clear of political campaigning. "* (for
> > those interested in what these certain rules are: that a non-profit does
> > not have "substantial part" of its overall activities relates to
> > influencing legislation or carrying on propaganda. Roughly anything
> > under 5% of the overall budget is considered not substantial, while
> > expenditures of above 15% would probably be considered substantial -
> > e.g. 5% would be with our current budget size spending of more than USD
> > 100.000(!) on lobbying....)
> >
> > We are free and safe to advocate our mission and to make public
> > statements to communicate our mission. (And nobody would want for OWASP
> > to politically campaign for the next candidate for presidency, governor,
> > mayor or political party of any country.)
> >
> > All the best, Tobias
> >
> >
> >
> >
> >
> >
> > On 05/01/14 21:02, Jim Manico wrote:
> >>> OWASP _should_ get involved in politics -
> >> Our non profit status strictly forbids us from being involved in
> >> political campaigns and more. This is a requirement of getting huge
> >> tax breaks. If we do want to be more involved in politics we would
> >> need to change the organizational structure and drop the non-profit
> >> status.
> >>
> >>
> http://www.nolo.com/legal-encyclopedia/limits-political-campaigning-501c3-nonprofits-29982.html
> >>
> >> --
> >> Jim Manico
> >> @Manicode
> >> (808) 652-3805
> >>
> >>> On Jan 5, 2014, at 1:05 AM, psiinon <psiinon at gmail.com> wrote:
> >>>
> >>> OWASP _should_ get involved in politics -
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> >
> >
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140105/210883c3/attachment.html>


More information about the OWASP-Leaders mailing list