[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Jim Manico jim.manico at owasp.org
Fri Aug 14 09:36:02 UTC 2015


Two points.

1) Mr Rook is on vacation. I do not agree with your sense of urgency. We 
hired a full time staff, lets please use them first as opposed to heated 
conversations over Twitter.

2) Dinis, I am just one of several board members. Please just email the 
board list if you think this is a board level issue (as opposed to just 
calling me out over Twitter, I am just one board member).

So Dinis, I asked you politely to first talk to staff about this, and if 
you did not find that satisfactory, then to email the board list so the 
full board can weigh in.

And I suggested these things to minimize stress and get more leadership 
to look at this - as opposed to having a Twitter argument over this.

Dinis, I am trying to take the adult and calm path here. Please join me 
in that pursuit.


On 8/13/15 10:04 PM, Dinis Cruz wrote:
> CCing owasp leaders list in order to get 'feedback' from the community
> And Jim come on, owasp is not a Fortune 100 company with high levels 
> of processes and bureaucracy, the problem is pretty obvious on the 
> https://twitter.com/davidrook/status/631699570603462656 thread (and a 
> couple other similar threads)
> This is a case of common sense.
> The focus of owasp needs to be on application security (for example 
> sharing knowledge), not in blindly following rules
> Yes we need to have rules in place to prevent abuse (in this case 
> vendor pitches), but if those rules start to affect high value owasp 
> contributors, then there is something wrong with the rules
> On 13 Aug 2015 21:11, "Jim Manico" <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>     > So what happens when the content is not from a 'vendor'
>     Our guidelines do not differentiate that right now. So what Paul
>     is doing is following the current policy that was created by input
>     from a large number of people from our community.
>     Dinis, if you think this needs to be changed then I believe your
>     next step is to petition the board to change policy. Even better,
>     before talking to the board, consider taking this conversation to
>     the governance list and get feedback from those members of our
>     community.
>     Aloha,
>     Jim
>     On 8/13/15 9:42 AM, Dinis Cruz wrote:
>>     So what happens when the content is not from a 'vendor'?
>>     Which is David's case
>>     On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org
>>     <mailto:paul.ritchie at owasp.org>> wrote:
>>         Hi Dinis:    I wanted to follow up on your email from
>>         yesterday as well as your posting of a "case" or customer
>>         service ticket #  06774.   Long answer.....explaining the
>>         OWASP position and our actions, and we have communicated this
>>         a couple times to the community, but obviously need to do
>>         more......
>>         _Big Issue_ is our effort from the Foundation to "remind and
>>         encourage" Chapter leaders to follow the Branding Guidelines,
>>         Code of Ethics and Speaker Agreement as defined in the
>>         Chapter Leaders Handbook.    The more support we can get from
>>         leaders like you and Jim and BoD, then the less 'pushback' we
>>         will see from individuals who are uncomfortable being
>>         reminded of the policy.
>>         1.  We noticed the adherence to the policy was getting a
>>         little weak, based on several examples where policy wasn't
>>         followed.  Examples included leaders and past BoD members too.
>>         2.  Once we pointed out the policy, several of the key
>>         leaders, like Eoin & now David were "surprised" that we were
>>         serious, and actually gave us some push back.
>>         3.  Bottom line, I understand the pushback, but we really
>>         "must" ask OWASP Leaders to follow the policy.
>>         4.  As a Charitable, nonprofit organization,_we have an
>>         obligation to follow our Code of Conduct_ concerning vendor
>>         neutrality and non-endorsement of commercial products or
>>         services.
>>         Our Code of Conduct policies are_well documented and were
>>         created by our community_, to provide clarity as we grow
>>         globally.  They apply to many areas including Trade
>>         organizations, Government bodies, Standards groups and
>>         Certifying Bodies.
>>         https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>         5.  Also, For speakers at events AND at Chapter Meetings, the
>>         Speakers agreement does apply, and it is noted in the
>>         Chapters Leaders Handbook.
>>         Speakers Agreement
>>         /CONTENT - Speakers are encouraged to include their contact
>>         information when introducing themselves,_but may NOT include
>>         their logo on any visual and handout materials._ Speakers are
>>         to _avoid any appearance of commercialism in their session_
>>         and presentations are to be of a technical or solutions
>>         emphasis. Further, I understand that the program tracks of
>>         the conference/event/chapter are an educational event, not a
>>         sales or marketing platform. I agree that my presentation(s)
>>         will be an objective review of the topic on which I am
>>         presenting, and will not contain any content that is a sales
>>         or promotional pitch for any specific product(s) or
>>         company(ies). My materials will also be reflective of the
>>         current status of the topic(s) I am addressing./
>>         6.  So, Net, net. We are reaching out to a number of chapters
>>         who have posted presentations to the OWASP wiki that appear
>>         to violate our branding rules. All presentations given at
>>         chapter meetings or at conferences when representing OWASP,
>>         and those posted to wiki pages must be vendor neutral. This
>>         includes the content of the presentation as well as the
>>         graphics used in the presentation layout.
>>         Any non-OWASP branded material, such as a speaker's corporate
>>         logo, must be removed from the presentation. Exceptions may
>>         exist such as when the context of a slide calls for a logo as
>>         an illustration. And, we am happy to review anything that
>>         might be questionable.
>>         So, @Jim and @Dinis - Is there something we need to do to
>>         reach out directly to any individuals like David Rook?
>>         Best Regards, Paul Ritchie
>>         OWASP Executive Director
>>         paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>     -- 
>     Jim Manico
>     Global Board Member
>     OWASP Foundation
>     https://www.owasp.org
>     Join me at AppSecUSA 2015!

Jim Manico
Global Board Member
OWASP Foundation
Join me at AppSecUSA 2015!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150813/fa2f6fdf/attachment.html>

More information about the OWASP-Leaders mailing list