[Owasp-leaders] In Samantha's words: "Why I resigned my role at OWASP"

Dinis Cruz dinis.cruz at owasp.org
Mon Jun 16 14:18:25 UTC 2014

for the record, I wanted Samantha's story and views to be known, since that
is the least she deserves. That is why I supported the sharing of her story.

Yes this is a mess, but it is not something that happened in the last
couple weeks.

I think we need to use this as an opportunity to learn and make sure we
don't repeat the mistakes done in the past

some more comments below.....

On 16 June 2014 14:51, johanna curiel curiel <johanna.curiel at owasp.org>

> So Did Sarah lied when she said she was leaving because of the baby?

I think 'lied' is a very strong word in this case and not correct. The rest
I can't comment.

> Why didn't Samantha mentioned this before? Why now after she quit?

I think Samantha's story explains why she didn't (or couldn't)

I actually think that this was one of the (few) mistakes Samantha did. She
started working at OWASP in an environment that was defaulting to *'not
share information*' vs '*share by default, and only what really,really,
really needs to be private, should not be shared*', so it was hard for her
to break the '*behind the scenes*' model

And if you think my analysis above is wrong, just ask how many OWASP
leaders are surprised by hearing Samantha's story (which again, even it is
a bit bias, it is still quite shocking, at least in an organisation like

> What are the proofs that all these accusations are true until the case
> resolves?

I believe in Samantha's words, and some explanations are due. That said, we
should be careful in not digging to much, and in fact, I think there is an
olive branch currently at play, which could help on the healing process.

> What kind of conclusions, as a volunteer and member of OWASP do I have to
> make out of this conflict between the Board vs Samantha?

First, this should not affect the volunteer and existing efforts. OWASP's
community is alive and well, and it would be a major problem if we stopped
or slowed it down.

For me this episode shows the problems that exist with the current OWASP
Board structure (and perceived/expected/abused powers), and I hope that we
can change it for the better

>  I have too many questions and I don't see how this helps to build a
> community of volunteers.

well, worse is having this kind of issues going on without major awareness
of it

> I think if you all wanted to wash the dirty laundry, Samantha and the
> board should have spoken a way to do this in front of the community.

They tried, but since that was done behind close doors, we don't know what
was said (which is again part of the problem here)

> This all seems very low to me.

Well, ideally, we can start a new era of transparency where cases like this
don't brew in the background until one day they see the light of day in a
big bang

When they say that ‘Sunlight Is the Best Disinfectant’, it is implied that
sometimes it is not very positive experience all round


> On Mon, Jun 16, 2014 at 9:35 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> well the email Martin mentions below is not the one I re posted on behalf
>> of Samantha. The email Martin talks about is the one Samantha sent to the
>> board and contains the original charges (of which the main ones have been
>> dropped).
>> I didn't shared that email since I was not involved in that thread and
>> did not have direct approval do so also (so I respected the parties wishes
>> involved (including Martin's)).
>> That email was posted on direct request by Samantha, which again she
>> would had done herself if she still had access to her email (and btw, that
>> is something that should be changed, since I don't see why shouldn't
>> Samantha still have access to her OWASP email account (and I would trust
>> her to be sensible in using it)).
>> Finally, if the board takes the 'very dangerous' step of removing this
>> thread from the OWASP Leaders archive (which would be quite a step on the
>> wrong direction), I also posted a copy of it on my blog (
>> http://blog.diniscruz.com/2014/06/in-samanthas-words-why-i-resigned-my.html
>> ).
>> Dinis
>> On 16 June 2014 14:12, <martin.knobloch at owasp.org> wrote:
>>> All,
>>> As Compliant officer, following the OWASP policy, this is what I think
>>> of it:
>>> The wording in the email from Samantha, made public by Dinis, accusing.
>>> To make public accusations is conflicting with the OWASP policy. Even
>>> more, one point of Samantha's accusation as the policy has been broken
>>> against her. Whereby this a at least evenly if not more serious accusations.
>>> Furthermore, the case filed by Samantha is ongoing. This means to be
>>> proven right or wrong. This email can harm the interest of Samantha in this
>>> case, as can been seen as publicly harassment of members of the board.
>>> As Dinis is forwarding this as email from Samantha, there is no chance
>>> to probably response to this, as the board is in contact with Samantha via
>>> delegates.
>>> Last week I have asked Dinis, as friend, not to post anything regarding
>>> this case as this is not helping Samantha, OWASP nor the case.
>>>  I am sorry Dinis to fail following my friendly advice.
>>> Being personally against all sort of censure, I cannot do other than
>>> advice the board to file this email and remove it from the public list.
>>> Last not least, I ask all not to reply to this email. The case is under
>>> investigation via me as compliance officer and the responsible government
>>> instance. At conclusion of this case, an official report and statement will
>>> be made public.
>>> With kind regards,
>>> -martin
>>> Sent from my BlackBerry® smartphone
>>> -----Original Message-----
>>> From: Dinis Cruz <dinis.cruz at owasp.org>
>>> Sender: owasp-leaders-bounces at lists.owasp.org
>>> Date: Mon, 16 Jun 2014 13:53:58
>>> To: Eoin Keary<eoin.keary at owasp.org>
>>> Cc: owasp-leaders at lists.owasp.org<owasp-leaders at lists.owasp.org>
>>> Subject: Re: [Owasp-leaders] In Samantha's words: "Why I resigned my
>>> role at
>>>         OWASP"
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140616/5218c6ad/attachment.html>

More information about the OWASP-Leaders mailing list