[Owasp-leaders] [Owasp-board] Please provide a status update to the membership

Andrew Muller andrew.muller at owasp.org
Wed Oct 15 14:50:39 UTC 2014

  I don't think anyone is attacking the actions of the ops team or trying
to interrupt their work. Rather Andrew, myself and others believe that this
isn't just a technical issue. Something has clearly gone wrong during an
election and OWASP should determine whether the integrity of the election
process has been compromised as a result and keep the community informed.
If it has been compromised, then what next? If not, then why not let people

You may think I'm overstating it, but I can't help but think of analogies
of poor communications after security incidents that have damaged the
reputation of organisations. I don't want to see OWASP suffer this fate.


On Thu, Oct 16, 2014 at 1:26 AM, Tobias <tobias.gondrom at owasp.org> wrote:

>  +1 for Josh.
> I can fully support Josh's statements.
> I know things may look calm on the outside, but let me assure you the
> whole team (incl. the board) takes this as the highest priority and there
> is very high activity on the inside by everyone pulling together to get
> this analysed and fixed ASAP.
> As you know the election is still open for another 9 days until Oct-24 (
> https://www.owasp.org/index.php/2014_Board_Elections), so please have a
> little more patience and give our team a chance to fix it. And based on the
> findings we will decide on what to do in addition - hopefully we know more
> in a few hours.
> Best wishes, Tobias
> Tobias Gondrom
> OWASP Global Board Member
> On 15/10/14 15:10, Josh Sokol wrote:
> Andrew,
> I had at least half a dozen emails back and forth yesterday related to my
> issue with not receiving the voting email and Kelly was well engaged with
> me and SimplyVoting.  They tracked my particular issue down to having
> unsubscribed to a SimplyVoting email during the WASPY awards process.  My
> issue was just one of many reported and being worked on.  Kate, who was in
> training this week, was pulled from it in order to work on these issues.
> This is item #1 on the ops team's plate and they are laser focused on
> making sure this process is being handled professionally and without
> missing votes.  Your concerns are very valid and are all being
> investigated.   If there is cause to pause the election process, I assure
> you that it will be done.  I do want to say, however, that this is an
> operations issue and Board involvement beyond supporting the ops team could
> constitute tampering with the election process.  We need to work
> diligently, yet judiciously, in order to ensure the process is fair for
> everyone involved.  There were several emails on this topic yesterday along
> with a TON of ops team activity, and an update is planned for today.  Keep
> in mind that its early morning on day 2 here in the US where the ops team
> is based.  I'm not saying that there isn't a problem, but patience is
> definitely a virtue when you want to make sure that things are handled
> properly.  Please give the ops team a chance to research what happened and
> communicate it out before assuming that the issue is just being ignored.
> Thank you.
> Sincerely,
> Josh Sokol
> On Oct 15, 2014 7:16 AM, "Andrew van der Stock" <vanderaj at owasp.org>
> wrote:
>> Michael and the Board,
>> I write to you formally to request a status update on the global OWASP
>> Board of Directors election process, in particular, I implore the
>> current Board to take affirmative action to investigate and manage a
>> resolution to the technical hitches in membership and balloting, and
>> if necessary delay the election, so that all eligible members can
>> vote. There is no activity on the Board list to address this issue,
>> and this, too, needs to be addressed.
>> Members need to have trust of the integrity of the balloting
>> (enfranchisement) and voting processes. There are rules posted
>> regarding the process and deadlines, and for at least some (and
>> possibly many) members, these deadlines have been missed by the OWASP
>> Foundation. There is no current membership list. Members have expired
>> and not been renewed or processed and have missed out on receiving
>> their vote to the election. It is entirely possible that some of the
>> candidates, through no fault of their own, are not in good standing.
>> We just don't know.
>> The only semi-official message in relation to my queries so far is
>> "please don't be inflammatory". That is simply not good enough. I am
>> not sledging the ops team - that is not my intent - but I am saying
>> there is an critical issue and it is not being managed or communicated
>> properly, and that requires Board oversight.
>> In Australia, we recently had to send an entire state back to re-vote
>> their senate because our electoral commission lost 1300 votes, which
>> was more votes than the winning margin. I don't ever recall any open
>> source project or Foundation ever having this type of problem before.
>> I hope that it's a small issue that can be addressed in a timely and
>> comprehensive fashion.
>> Please as a matter of urgency, please work out and communicate with
>> all the members, (and not just those on the leaders list):
>> * What is the Board's position on challenges to the election,
>> postponing or delaying the vote to get the membership and balloting
>> right, or doing a re-run?
>> * Were renewal notices sent out to expiring and expired members in a
>> timely fashion to make the September 30 renewal eligibility deadline?
>> * If not, will OWASP be e-mailing or making contact with all expired
>> members to see if they wanted to renew and give them a vote in the
>> election? If so, when will this occur? Will it occur by the time
>> voting closes?
>> * Are all current Board candidates in good standing? If not, will the
>> Board reach out to the candidates in question, and offer them back
>> dated honorary membership to comply with the bylaws? Or will they be
>> ineligible to stand?
>> * Are all membership renewals (paid, lifetime, and honorary) submitted
>> prior to September 30 now processed?
>> * If so, is there an up to date membership list that does not date
>> back to April 8, 2014? Can this be added to the OWASP Board 2014
>> elections page?
>> * As the CRM process wasn't working for some time, what steps are the
>> Board putting into place to ensure that it is fixed and monitored for
>> the next election?
>> These questions have to be answered. No answer is simply not an
>> option. I don't mind if you take these on notice and reply in pieces,
>> but please communicate frequently, openly and honestly with us.
>> I know the vote is open until next week, but I feel that even if there
>> are only a handful of members piping up on the Leaders mailing list
>> today, the CRM process has been broken for at least two months, which
>> covers about 15% of members. It may have been broken as far back as
>> April 8 when the membership list was seemingly last generated, which
>> covers around 45-50% of the members.
>> Simply enrolling those who pipe up in one venue misses those who don't
>> hang out on the Leaders list and disenfranchises those who might have
>> wanted a say in OWASP's future. If this is actually a small issue, it
>> should be easy to determine: compare July, August's and September's
>> membership totals with that from the year before. If the totals are
>> reduced, then there is a problem of a known magnitude. But without an
>> accurate and up to date membership list, we cannot determine if there
>> are disenfranchised members or how many have been potentially
>> disenfranchised.
>> I gave the ops team nearly two month's notice that something wasn't
>> right, and stayed in fairly constant communication during that time. I
>> even gave a heads up about my fellow candidates, who I sincerely hope
>> have their membership sorted so OWASP members have a geographically
>> varied and interesting selection of candidates to choose from.
>> I've been here since very nearly the beginning, I don't think I've
>> ever seen such disarray in our internal processes, especially such key
>> processes that directly elect the Board.
>> I implore the Board to take this very seriously. Please communicate
>> clearly and frequently with us on next steps. If the Board or the
>> Foundation needs time - more time than there exists until the end of
>> voting, I am more than willing to give the benefit of the doubt to
>> ensure that we have an open, transparent membership and voting system
>> with integrity for a vote to be open to all members, not just those
>> unaffected by the technical glitches. I can't speak for the other
>> candidates, but please ask them too. I'd rather this be done right.
>> I am reachable on +61 451 057 580 <%2B61%20451%20057%20580> if you want
>> a chat, but I am UTC+11,
>> which makes it tricky during US business hours.
>> thanks,
>> Andrew
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

*Andrew Muller*
Canberra OWASP Chapter Leader
OWASP Testing Guide Co-Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141016/099b9962/attachment.html>

More information about the OWASP-Leaders mailing list