[Owasp-leaders] [Owasp-board] OWASP Board decision that I don't agree with

daniel cuthbert daniel.cuthbert at owasp.org
Mon Jan 6 10:00:44 UTC 2014

As one of the older names in OWASP, I rarely speak up these days but feel
this is enough to bring me to respond. To say 'we don't get involved in
politics' is no longer a valid argument. At the end of the day, the last
twelve months has shown that the Internet we all use, love and abuse, has
been under serious threat.

Yes, for the meantime, we cannot be 100% sure that RSA stands true of what
they have been accused of, but the evidence does paint a good picture. As
Dinis aptly said 'In fact the irony is that in our 'politically charged
world' even 'not having an option' is 'playing politics' , since that is an
tacit acceptance of the status quo' it does look like OWASP sends out a
message saying that we don't care and want to be involved anyway.

>From a European perspective, I find it incredibly disturbing what has been
going on stateside and this for me makes me feel that OWASP is supporting,
in an indirect way, that policy. OWASP has always had a heavy US-centric
approach and this might be one step too far for me to to support.

I strongly urge the board to reconsider the support for the conference.

On 6 January 2014 09:51, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Really well described Tobias, that is a spot on analysis
> Nobody here is saying that owasp should support candidate X Y or Z. What
> some of us believe is that OWASP should encourage the debate of political
> issues (ie issues that affect government policies) and have public opinions
> on key issues that affect Application Security
> In fact the irony is that in our 'politically charged world' even 'not
> having an option' is 'playing politics' , since that is an tacit acceptance
> of the status quo
> On 5 Jan 2014 23:23, "Tobias" <tobias.gondrom at owasp.org> wrote:
>>  Jim,
>> reading your link, *our non-profit status does in fact _not_ forbid us
>> from getting involved in politics as in advocating our mission and making
>> public statements about it. *
>> There is a huge difference between political campaigning on behalf of any
>> candidate for elective public office (which is forbidden for non-profit)
>> and general advocacy and politics aka an organisation making a public
>> statement or advocating that certain things are in line with our OWASP
>> mission and a really good idea and others are against the OWASP mission aka
>> a really bad idea.
>> For anyone interested, I recommend to follow and read the link that you
>> sent, it specifies that a political campaign in the sense of the IRS is:
>> "What is a political campaign? In general, the IRS rule refers to campaigns
>> between people who are running for offices in public elections. These can
>> include: candidates running for president of the U.S.; candidates running
>> for governor; candidates running for mayor; and also candidates for lower
>> elected offices such as school board officials, city supervisors, and
>> county trustees."
>> And in fact your article explicitly states that: *"Your organization can
>> engage in legislative advocacy and issue-related advocacy, as long as it
>> follows certain rules and steers clear of political campaigning. "* (for
>> those interested in what these certain rules are: that a non-profit does
>> not have “substantial part” of its overall activities relates to
>> influencing legislation or carrying on propaganda. Roughly anything under
>> 5% of the overall budget is considered not substantial, while expenditures
>> of above 15% would probably be considered substantial - e.g. 5% would be
>> with our current budget size spending of more than USD 100.000(!) on
>> lobbying....)
>> We are free and safe to advocate our mission and to make public
>> statements to communicate our mission. (And nobody would want for OWASP to
>> politically campaign for the next candidate for presidency, governor, mayor
>> or political party of any country.)
>> All the best, Tobias
>> On 05/01/14 21:02, Jim Manico wrote:
>>  OWASP _should_ get involved in politics -
>>  Our non profit status strictly forbids us from being involved in
>> political campaigns and more. This is a requirement of getting huge
>> tax breaks. If we do want to be more involved in politics we would
>> need to change the organizational structure and drop the non-profit
>> status.
>> http://www.nolo.com/legal-encyclopedia/limits-political-campaigning-501c3-nonprofits-29982.html
>> --
>> Jim Manico
>> @Manicode(808) 652-3805
>>  On Jan 5, 2014, at 1:05 AM, psiinon <psiinon at gmail.com> <psiinon at gmail.com> wrote:
>> OWASP _should_ get involved in politics -
>>  _______________________________________________
>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140106/f531fbd3/attachment.html>

More information about the OWASP-Leaders mailing list