[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Dinis Cruz dinis.cruz at owasp.org
Fri Aug 14 10:36:32 UTC 2015

Sorry if I gave the impression that this is urgent, it is not

I'm just trying to raise a concern that was raised to me
On 14 Aug 2015 10:36, "Jim Manico" <jim.manico at owasp.org> wrote:

> Dinis,
> Two points.
> 1) Mr Rook is on vacation. I do not agree with your sense of urgency. We
> hired a full time staff, lets please use them first as opposed to heated
> conversations over Twitter.
> 2) Dinis, I am just one of several board members. Please just email the
> board list if you think this is a board level issue (as opposed to just
> calling me out over Twitter, I am just one board member).
> So Dinis, I asked you politely to first talk to staff about this, and if
> you did not find that satisfactory, then to email the board list so the
> full board can weigh in.
> And I suggested these things to minimize stress and get more leadership to
> look at this - as opposed to having a Twitter argument over this.
> Dinis, I am trying to take the adult and calm path here. Please join me in
> that pursuit.
> Aloha,
> Jim
> On 8/13/15 10:04 PM, Dinis Cruz wrote:
> CCing owasp leaders list in order to get 'feedback' from the community
> And Jim come on, owasp is not a Fortune 100 company with high levels of
> processes and bureaucracy, the problem is pretty obvious on the
> https://twitter.com/davidrook/status/631699570603462656 thread (and a
> couple other similar threads)
> This is a case of common sense.
> The focus of owasp needs to be on application security (for example
> sharing knowledge), not in blindly following rules
> Yes we need to have rules in place to prevent abuse (in this case vendor
> pitches), but if those rules start to affect high value owasp contributors,
> then there is something wrong with the rules
> On 13 Aug 2015 21:11, "Jim Manico" <jim.manico at owasp.org> wrote:
>> > So what happens when the content is not from a 'vendor'
>> Our guidelines do not differentiate that right now. So what Paul is doing
>> is following the current policy that was created by input from a large
>> number of people from our community.
>> Dinis, if you think this needs to be changed then I believe your next
>> step is to petition the board to change policy. Even better, before talking
>> to the board, consider taking this conversation to the governance list and
>> get feedback from those members of our community.
>> Aloha,
>> Jim
>> On 8/13/15 9:42 AM, Dinis Cruz wrote:
>> So what happens when the content is not from a 'vendor'?
>> Which is David's case
>> On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org> wrote:
>>> Hi Dinis:    I wanted to follow up on your email from yesterday as well
>>> as your posting of a "case" or customer service ticket #  06774.   Long
>>> answer.....explaining the OWASP position and our actions, and we have
>>> communicated this a couple times to the community, but obviously need to do
>>> more......
>>> *Big Issue* is our effort from the Foundation to "remind and encourage"
>>> Chapter leaders to follow the Branding Guidelines, Code of Ethics and
>>> Speaker Agreement as defined in the Chapter Leaders Handbook.    The more
>>> support we can get from leaders like you and Jim and BoD, then the less
>>> 'pushback' we will see from individuals who are uncomfortable being
>>> reminded of the policy.
>>> 1.  We noticed the adherence to the policy was getting a little weak,
>>> based on several examples where policy wasn't followed.  Examples included
>>> leaders and past BoD members too.
>>> 2.  Once we pointed out the policy, several of the key leaders, like
>>> Eoin & now David were "surprised" that we were serious, and actually gave
>>> us some push back.
>>> 3.  Bottom line, I understand the pushback, but we really "must" ask
>>> OWASP Leaders to follow the policy.
>>> 4.  As a Charitable, nonprofit organization,* we have an obligation to
>>> follow our Code of Conduct* concerning vendor neutrality and
>>> non-endorsement of commercial products or services.
>>> Our Code of Conduct policies are* well documented and were created by
>>> our community*, to provide clarity as we grow globally.  They apply to
>>> many areas including Trade organizations, Government bodies, Standards
>>> groups and Certifying Bodies.
>>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>> 5.  Also, For speakers at events AND at Chapter Meetings, the Speakers
>>> agreement does apply, and it is noted in the Chapters Leaders Handbook.
>>> Speakers Agreement
>>> *CONTENT - Speakers are encouraged to include their contact information
>>> when introducing themselves, but may NOT include their logo on any visual
>>> and handout materials. Speakers are to avoid any appearance of
>>> commercialism in their session and presentations are to be of a technical
>>> or solutions emphasis. Further, I understand that the program tracks of the
>>> conference/event/chapter are an educational event, not a sales or marketing
>>> platform. I agree that my presentation(s) will be an objective review of
>>> the topic on which I am presenting, and will not contain any content that
>>> is a sales or promotional pitch for any specific product(s) or
>>> company(ies). My materials will also be reflective of the current status of
>>> the topic(s) I am addressing.*
>>> 6.  So, Net, net.   We are reaching out to a number of chapters who
>>> have posted presentations to the OWASP wiki that appear to violate our
>>> branding rules. All presentations given at chapter meetings or at
>>> conferences when representing OWASP, and those posted to wiki pages must be
>>> vendor neutral. This includes the content of the presentation as well as
>>> the graphics used in the presentation layout.
>>> Any non-OWASP branded material, such as a speaker's corporate logo,
>>> must be removed from the presentation. Exceptions may exist such as
>>> when the context of a slide calls for a logo as an illustration. And, we am
>>> happy to review anything that might be questionable.
>>> So, @Jim and @Dinis - Is there something we need to do to reach out
>>> directly to any individuals like David Rook?
>>> Best Regards, Paul Ritchie
>>> OWASP Executive Director
>>> paul.ritchie at owasp.org
>> --
>> Jim Manico
>> Global Board Member
>> OWASP Foundationhttps://www.owasp.org
>> Join me at AppSecUSA 2015!
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150814/e5f1e549/attachment-0001.html>

More information about the OWASP-Leaders mailing list