[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Tom Brennan tomb at proactiverisk.com
Fri Aug 14 11:25:16 UTC 2015

AppSecUSA should have sessions for collaboration of people on top issues of projects, chapters and events.  in addition to fantastic presentations as always.  Blog posts like this should be reviewed as they have merit and I support covering a honorarium for speakers as they are the product.


As well as top community issues that are bubbling up not always addressed at the monthly board meetings.

I submitted my recommendations for  several sessions for the community evolution aspect of the global event including these and by who... I hope some of these suggestions are incorporated and resonate with leaders to attend.

 #1 OWASP State of the Union (30)
* Paul CEO / Board of Directors
- State of the Union address and kickoff - Annual report and YTD update
- Mission, Metrics and Finances
- kick off the event hand off to conference staffer (Laura) and conference chair (Michael) 

AppSecUSA leader workshops - join us for a important updates, debate and collaboration for FUTURE and current leadership of OWASP members. If you want to unlock valuable information don't miss these (3) sessions

** record these sessions video and get them online for the world to see and listen to just like any other session.

How to start or grow a OWASP Chapter in your region (45 mins)
* Paul, Noreen, Kelly
- metrics that matter 
- requirements defined 15 mins
- tips form out chapter leaders (panel) 30 mins
-- growing attendance
-- vendor relationships/sponsors
-- regional events
-- how OWASP employees help
-- money in/out other
-- secrets to success
-- WASPY awards

2016 services and resources for OWASP chapter and project leaders (45mins)
* Paul, Noreen, Claudia
-- metrics that matter
-- annual report review
-- general membership
-- projects
-- chapters
--WASPY awards
-- what can we do better discussion

2016 + Summits Conferences Events (45 mins)
** Laura, Noreen, Claudia, Kelly
-- metrics that matter
-- motivation why do it?
-- the new definition(s), money splits etc.
-- expectations and current policy
-- resources (budgets, templates, process) review of successful and failure events
-- WASPY awards

The organization is an interesting position for evolution.  With professional discussion and debate we can set the agenda moving forward with swift adjustments where needed by rough consensus.

Tom Brennan

Need to book a meeting for a new or existing project? http://www.proactiverisk.com/book-meeting/

> On Aug 14, 2015, at 6:36 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> Sorry if I gave the impression that this is urgent, it is not
> I'm just trying to raise a concern that was raised to me
>> On 14 Aug 2015 10:36, "Jim Manico" <jim.manico at owasp.org> wrote:
>> Dinis,
>> Two points.
>> 1) Mr Rook is on vacation. I do not agree with your sense of urgency. We hired a full time staff, lets please use them first as opposed to heated conversations over Twitter.
>> 2) Dinis, I am just one of several board members. Please just email the board list if you think this is a board level issue (as opposed to just calling me out over Twitter, I am just one board member).
>> So Dinis, I asked you politely to first talk to staff about this, and if you did not find that satisfactory, then to email the board list so the full board can weigh in.
>> And I suggested these things to minimize stress and get more leadership to look at this - as opposed to having a Twitter argument over this.
>> Dinis, I am trying to take the adult and calm path here. Please join me in that pursuit.
>> Aloha,
>> Jim
>>> On 8/13/15 10:04 PM, Dinis Cruz wrote:
>>> CCing owasp leaders list in order to get 'feedback' from the community
>>> And Jim come on, owasp is not a Fortune 100 company with high levels of processes and bureaucracy, the problem is pretty obvious on the https://twitter.com/davidrook/status/631699570603462656 thread (and a couple other similar threads)
>>> This is a case of common sense.
>>> The focus of owasp needs to be on application security (for example sharing knowledge), not in blindly following rules
>>> Yes we need to have rules in place to prevent abuse (in this case vendor pitches), but if those rules start to affect high value owasp contributors, then there is something wrong with the rules
>>>> On 13 Aug 2015 21:11, "Jim Manico" <jim.manico at owasp.org> wrote:
>>>> > So what happens when the content is not from a 'vendor'
>>>> Our guidelines do not differentiate that right now. So what Paul is doing is following the current policy that was created by input from a large number of people from our community.
>>>> Dinis, if you think this needs to be changed then I believe your next step is to petition the board to change policy. Even better, before talking to the board, consider taking this conversation to the governance list and get feedback from those members of our community.
>>>> Aloha,
>>>> Jim
>>>>> On 8/13/15 9:42 AM, Dinis Cruz wrote:
>>>>> So what happens when the content is not from a 'vendor'?
>>>>> Which is David's case
>>>>>> On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org> wrote:
>>>>>> Hi Dinis:    I wanted to follow up on your email from yesterday as well as your posting of a "case" or customer service ticket #  06774.   Long answer.....explaining the OWASP position and our actions, and we have communicated this a couple                       times to the community, but obviously need to do more......
>>>>>> Big Issue is our effort from the Foundation to "remind and encourage" Chapter leaders to follow the Branding Guidelines, Code of Ethics and Speaker Agreement as defined in the                       Chapter Leaders Handbook.    The more support we can get from leaders like you and Jim and BoD, then the less 'pushback' we will see from individuals who are uncomfortable being reminded of the policy.
>>>>>> 1.  We noticed the adherence to the policy was                       getting a little weak, based on several examples where policy wasn't followed.  Examples included leaders and past BoD members too.
>>>>>> 2.  Once we pointed out the policy, several of the key leaders, like Eoin & now David were "surprised" that we were serious, and actually gave us some push back.
>>>>>> 3.  Bottom line, I understand the pushback, but we really "must" ask OWASP Leaders to follow the policy.
>>>>>> 4.  As a Charitable, nonprofit organization, we have an obligation to follow our Code of Conduct concerning vendor neutrality and non-endorsement of commercial products or services.
>>>>>> Our Code of Conduct policies are well documented and were created by our community, to provide clarity as we grow globally.  They apply to many areas including Trade organizations, Government bodies, Standards groups and Certifying Bodies. 
>>>>>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>>>>> 5.  Also, For speakers at events AND at Chapter Meetings, the Speakers agreement does apply, and it is noted in the Chapters Leaders Handbook.
>>>>>> Speakers Agreement
>>>>>> CONTENT - Speakers are encouraged to include their contact information when introducing themselves, but may NOT include their logo on any visual and handout materials. Speakers are to avoid any appearance of commercialism in their session and presentations are to be of a technical or solutions emphasis. Further, I understand that the program tracks of the conference/event/chapter are an educational event, not a sales or marketing platform. I agree that my presentation(s) will be an objective review of the topic on which I am presenting, and will not contain any content that is a sales or promotional pitch for any specific product(s) or company(ies). My materials will also be reflective of the current status of the topic(s) I am addressing.
>>>>>> 6.  So, Net, net.   We are reaching out to a number of chapters who have posted presentations to the OWASP wiki that appear to violate our branding rules. All presentations given at chapter meetings or at conferences when representing OWASP, and those posted to wiki pages must be vendor neutral. This includes the content of the presentation as well as the graphics used in the presentation layout. 
>>>>>> Any non-OWASP branded material, such as a speaker's corporate logo, must be removed from the presentation. Exceptions may exist such as when the context of a slide calls for a logo as an illustration. And, we am happy to review anything that might be questionable.
>>>>>> So, @Jim and @Dinis - Is there something we need to do to reach out directly to any individuals like David Rook?
>>>>>> Best Regards, Paul Ritchie
>>>>>> OWASP Executive Director
>>>>>> paul.ritchie at owasp.org
>>>> -- 
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundation
>>>> https://www.owasp.org
>>>> Join me at AppSecUSA 2015!
>> -- 
>> Jim Manico
>> Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>> Join me at AppSecUSA 2015!
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

WARNING: E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. No employee or 
agent is authorized to conclude any binding agreement on behalf of 
ProactiveRISK with another party by email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150814/f89321d3/attachment-0001.html>

More information about the OWASP-Leaders mailing list