[Owasp-leaders] OWASP Branding & Twitter thread from Dinis

Dinis Cruz dinis.cruz at owasp.org
Fri Aug 14 12:28:54 UTC 2015

Couldn't agree more, spot on Johanna

Specially for 'non vendor' cases like David
On 14 Aug 2015 13:14, "johanna curiel curiel" <johanna.curiel at owasp.org>

> I just think the whole logo and branding rule are hypocritical rules.
> When OWASP does a conference, logos from sponsors can be placed loud and
> clear on the APPSEC page. Is that vendor neutral?
> When a speaker that gets no money and no coverage for his/her traveling
> cost does the same on their slides then 'we are non-profit' and cannot be
> done.,,
>  The sole purpose of OWASP events is to pay operations but operations is
> not the mission of owasp right?
> Keep the core mission insight. I don't care which logo is displaying or
> not on those slides as long as the content is valuable and the speaker is
> worth of listening.
> If OWASP wants no logos and has all these rules then I think , pay the
> speaker & his time to set that presentation in that format.
> Sometimes volunteers are treated like we should be happy we work for
> nothing.
> We should be happy to have Dave Rook present for free and not the other
> way around and explain that awesome experience implementing security where
> he is working. Love those slides they rock & they are cool.A lot of time
> when into making those slides and we should respect that.
> Volunteers have bills to pay and mouths too feed too.
> Regards
> Johanna
> On Fri, Aug 14, 2015 at 7:25 AM, Tom Brennan <tomb at proactiverisk.com>
> wrote:
>> AppSecUSA should have sessions for collaboration of people on top issues
>> of projects, chapters and events.  in addition to fantastic presentations
>> as always.  Blog posts like this should be reviewed as they have merit and
>> I support covering a honorarium for speakers as they are the product.
>> http://www.alba13.com/2014/10/free-its-just-costing-too-much.html?m=1
>> As well as top community issues that are bubbling up not always addressed
>> at the monthly board meetings.
>> I submitted my recommendations for  several sessions for the community
>> evolution aspect of the global event including these and by who... I hope
>> some of these suggestions are incorporated and resonate with leaders to
>> attend.
>>  *#1 OWASP State of the Union (30)*
>> * Paul CEO / Board of Directors
>> - State of the Union address and kickoff - Annual report and YTD update
>> - Mission, Metrics and Finances
>> - kick off the event hand off to conference staffer (Laura) and
>> conference chair (Michael)
>> *AppSecUSA leader workshops *- join us for a important updates, debate
>> and collaboration for FUTURE and current leadership of OWASP members. If
>> you want to unlock valuable information don't miss these (3) sessions
>> ** record these sessions video and get them online for the world to see
>> and listen to just like any other session.
>> *How to start or grow a OWASP Chapter in your region (45 mins)*
>> * Paul, Noreen, Kelly
>> - metrics that matter
>> - requirements defined 15 mins
>> - tips form out chapter leaders (panel) 30 mins
>> -- growing attendance
>> -- vendor relationships/sponsors
>> -- regional events
>> -- how OWASP employees help
>> -- money in/out other
>> -- secrets to success
>> -- WASPY awards
>> *2016 services and resources for OWASP chapter and project leaders
>> (45mins)*
>> * Paul, Noreen, Claudia
>> -- metrics that matter
>> -- annual report review
>> -- general membership
>> -- projects
>> -- chapters
>> --WASPY awards
>> -- what can we do better discussion
>> *2016 + Summits Conferences Events (45 mins)*
>> ** Laura, Noreen, Claudia, Kelly
>> -- metrics that matter
>> -- motivation why do it?
>> -- the new definition(s), money splits etc.
>> -- expectations and current policy
>> -- resources (budgets, templates, process) review of successful and
>> failure events
>> -- WASPY awards
>> The organization is an interesting position for evolution.  With
>> professional discussion and debate we can set the agenda moving forward
>> with swift adjustments where needed by rough consensus.
>> Tom Brennan
>> 9732020122
>> Need to book a meeting for a new or existing project?
>> http://www.proactiverisk.com/book-meeting/
>> On Aug 14, 2015, at 6:36 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>> Sorry if I gave the impression that this is urgent, it is not
>> I'm just trying to raise a concern that was raised to me
>> On 14 Aug 2015 10:36, "Jim Manico" <jim.manico at owasp.org> wrote:
>>> Dinis,
>>> Two points.
>>> 1) Mr Rook is on vacation. I do not agree with your sense of urgency. We
>>> hired a full time staff, lets please use them first as opposed to heated
>>> conversations over Twitter.
>>> 2) Dinis, I am just one of several board members. Please just email the
>>> board list if you think this is a board level issue (as opposed to just
>>> calling me out over Twitter, I am just one board member).
>>> So Dinis, I asked you politely to first talk to staff about this, and if
>>> you did not find that satisfactory, then to email the board list so the
>>> full board can weigh in.
>>> And I suggested these things to minimize stress and get more leadership
>>> to look at this - as opposed to having a Twitter argument over this.
>>> Dinis, I am trying to take the adult and calm path here. Please join me
>>> in that pursuit.
>>> Aloha,
>>> Jim
>>> On 8/13/15 10:04 PM, Dinis Cruz wrote:
>>> CCing owasp leaders list in order to get 'feedback' from the community
>>> And Jim come on, owasp is not a Fortune 100 company with high levels of
>>> processes and bureaucracy, the problem is pretty obvious on the
>>> https://twitter.com/davidrook/status/631699570603462656 thread (and a
>>> couple other similar threads)
>>> This is a case of common sense.
>>> The focus of owasp needs to be on application security (for example
>>> sharing knowledge), not in blindly following rules
>>> Yes we need to have rules in place to prevent abuse (in this case vendor
>>> pitches), but if those rules start to affect high value owasp contributors,
>>> then there is something wrong with the rules
>>> On 13 Aug 2015 21:11, "Jim Manico" < <jim.manico at owasp.org>
>>> jim.manico at owasp.org> wrote:
>>>> > So what happens when the content is not from a 'vendor'
>>>> Our guidelines do not differentiate that right now. So what Paul is
>>>> doing is following the current policy that was created by input from a
>>>> large number of people from our community.
>>>> Dinis, if you think this needs to be changed then I believe your next
>>>> step is to petition the board to change policy. Even better, before talking
>>>> to the board, consider taking this conversation to the governance list and
>>>> get feedback from those members of our community.
>>>> Aloha,
>>>> Jim
>>>> On 8/13/15 9:42 AM, Dinis Cruz wrote:
>>>> So what happens when the content is not from a 'vendor'?
>>>> Which is David's case
>>>> On 13 Aug 2015 20:26, "Paul Ritchie" <paul.ritchie at owasp.org> wrote:
>>>>> Hi Dinis:    I wanted to follow up on your email from yesterday as
>>>>> well as your posting of a "case" or customer service ticket #  06774.
>>>>> Long answer.....explaining the OWASP position and our actions, and we have
>>>>> communicated this a couple times to the community, but obviously need to do
>>>>> more......
>>>>> *Big Issue* is our effort from the Foundation to "remind and
>>>>> encourage" Chapter leaders to follow the Branding Guidelines, Code of
>>>>> Ethics and Speaker Agreement as defined in the Chapter Leaders Handbook.
>>>>>  The more support we can get from leaders like you and Jim and BoD, then
>>>>> the less 'pushback' we will see from individuals who are uncomfortable
>>>>> being reminded of the policy.
>>>>> 1.  We noticed the adherence to the policy was getting a little weak,
>>>>> based on several examples where policy wasn't followed.  Examples included
>>>>> leaders and past BoD members too.
>>>>> 2.  Once we pointed out the policy, several of the key leaders, like
>>>>> Eoin & now David were "surprised" that we were serious, and actually gave
>>>>> us some push back.
>>>>> 3.  Bottom line, I understand the pushback, but we really "must" ask
>>>>> OWASP Leaders to follow the policy.
>>>>> 4.  As a Charitable, nonprofit organization,* we have an obligation
>>>>> to follow our Code of Conduct* concerning vendor neutrality and
>>>>> non-endorsement of commercial products or services.
>>>>> Our Code of Conduct policies are* well documented and were created by
>>>>> our community*, to provide clarity as we grow globally.  They apply
>>>>> to many areas including Trade organizations, Government bodies, Standards
>>>>> groups and Certifying Bodies.
>>>>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>>>> 5.  Also, For speakers at events AND at Chapter Meetings, the Speakers
>>>>> agreement does apply, and it is noted in the Chapters Leaders Handbook.
>>>>> Speakers Agreement
>>>>> *CONTENT - Speakers are encouraged to include their contact
>>>>> information when introducing themselves, but may NOT include their logo on
>>>>> any visual and handout materials. Speakers are to avoid any appearance of
>>>>> commercialism in their session and presentations are to be of a technical
>>>>> or solutions emphasis. Further, I understand that the program tracks of the
>>>>> conference/event/chapter are an educational event, not a sales or marketing
>>>>> platform. I agree that my presentation(s) will be an objective review of
>>>>> the topic on which I am presenting, and will not contain any content that
>>>>> is a sales or promotional pitch for any specific product(s) or
>>>>> company(ies). My materials will also be reflective of the current status of
>>>>> the topic(s) I am addressing.*
>>>>> 6.  So, Net, net.   We are reaching out to a number of chapters who
>>>>> have posted presentations to the OWASP wiki that appear to violate our
>>>>> branding rules. All presentations given at chapter meetings or at
>>>>> conferences when representing OWASP, and those posted to wiki pages must be
>>>>> vendor neutral. This includes the content of the presentation as well as
>>>>> the graphics used in the presentation layout.
>>>>> Any non-OWASP branded material, such as a speaker's corporate logo,
>>>>> must be removed from the presentation. Exceptions may exist such as
>>>>> when the context of a slide calls for a logo as an illustration. And, we am
>>>>> happy to review anything that might be questionable.
>>>>> So, @Jim and @Dinis - Is there something we need to do to reach out
>>>>> directly to any individuals like David Rook?
>>>>> Best Regards, Paul Ritchie
>>>>> OWASP Executive Director
>>>>> paul.ritchie at owasp.org
>>>> --
>>>> Jim Manico
>>>> Global Board Member
>>>> OWASP Foundationhttps://www.owasp.org
>>>> Join me at AppSecUSA 2015!
>>> --
>>> Jim Manico
>>> Global Board Member
>>> OWASP Foundationhttps://www.owasp.org
>>> Join me at AppSecUSA 2015!
>>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> WARNING: E-mail transmission cannot be guaranteed to be secure or
>> error-free as information could be intercepted, corrupted, lost, destroyed,
>> arrive late or incomplete, or contain viruses. The sender therefore does
>> not accept liability for any errors or omissions in the contents of this
>> message, which arise as a result of e-mail transmission. No employee or
>> agent is authorized to conclude any binding agreement on behalf of
>> ProactiveRISK with another party by email.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150814/1660b197/attachment-0001.html>

More information about the OWASP-Leaders mailing list