[Owasp-leaders] [Owasp-community] IAB Statement on the Trade in Security Technologies

Jim Manico jim.manico at owasp.org
Tue Jun 23 17:49:21 UTC 2015


Lucas,

Check out this thread on the board list.

http://lists.owasp.org/pipermail/owasp-board/2015-June/015608.html

Lobbying is actually ok within reasonable limits. The US Tax Service 
(IRS) sets clear financial limits for that activity which we are very 
unlikely to get even close to, something Tobias pointed out to me.

/In short: OWASP can engage in legislative advocacy and issue-related 
advocacy, as long as it follows certain rules and steers clear of 
political campaigning. A non-profit may not have a "substantial part" of 
its overall activities relates to influencing legislation or carrying on 
propaganda. Roughly anything under 5% of the overall budget is 
considered not substantial, while expenditures of above 15% would 
probably be considered substantial - e.g. 5% would be with our current 
budget size spending of more than USD 100.000(!) on lobbying..../

So rock on!

I again wanted to state that something Jeff Williams said on this thread 
was very spot and I heard him clearly. The board should not be getting 
in the way of Application Security awareness experimentation; we should 
be helping set a better platform for just that kind of experimentation. 
I agree with his sentiment here and will use that idea as one of my 
primary directives as a board member moving forward.

Aloha,
Jim

> Jim,
>
> thanks for you kind words. I have almost no knowledge of US 
> legislation, so I cannot comment about specifics. But I know 
> legislators need help in understanding more technical and specialized 
> topics and we need to find a way to educate them.
>
> Unfortunately the line between educating and lobbying can be blurry...
>
> Regards,
>
> Lucas
>
> On Tue, Jun 23, 2015 at 1:16 PM Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Lucas,
>
>     This is very well done and I'm glad you are taking such a sensible
>     and education-centric position here.
>
>     Lucas, the more I think about this and research this topic the
>     more I realize my position was wrong.
>
>     1) There is plenty of room for us to influence legislation up to a
>     certain point
>     2) The board should be very accommodating in encouraging
>     experimentation
>
>     A little warning is reasonable, but this thread got out of hand.
>
>     I get it now and will be certain to encourage more of these
>     activities in the future.
>
>     Aloha Lucas,
>
>     --
>     Jim Manico
>     Global Board Member
>     OWASP Foundation
>     https://www.owasp.org <https://www.owasp.org/>
>     Join me at AppSecUSA <http://appsecusa.org/> 2015!
>
>     On Jun 23, 2015, at 3:57 AM, Lucas Ferreira
>     <lucas.ferreira at owasp.org <mailto:lucas.ferreira at owasp.org>> wrote:
>
>>     Jonathan,
>>
>>     not exactly what you are looking for, I guess:
>>     https://www.owasp.org/index.php/OWASP_Brasil_Manifesto
>>
>>     From my understanding of the whole discussion, our manifesto is
>>     Jim's nightmare come true... :-)
>>
>>     Regards,
>>
>>     Lucas
>>
>>     On Mon, Jun 22, 2015 at 4:16 PM Jonathan Carter
>>     <jonathan.carter at owasp.org <mailto:jonathan.carter at owasp.org>> wrote:
>>
>>         On a slightly related note, are there any OWASP projects that
>>         focus on law? It would be interesting to have a project that
>>         focuses on current legislation and makes authoritative
>>         statements on the efficacy / ramifications of law.
>>
>>         On Fri, Jun 19, 2015 at 11:38 PM, Jim Manico
>>         <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
>>
>>             One of the very few ways we can lose our tax exempt
>>             501(c)3 status - the status of a charity - is to engage
>>             in lobbying activities.
>>
>>             These activities are loosely defined, but we have a
>>             responsibility to avoid trying to influence legislation
>>             at OWASP •if• we wish to maintain our tax exempt status.
>>
>>             http://www.irs.gov/Charities-&-Non-Profits/Lobbying
>>
>>             It is a core part of the boards fiduciary duty to protect
>>             the foundation from losing its tax exempt status.
>>
>>             However, we can as a foundation and as a community still
>>             participate in this issue by serving our shared mission
>>             with care. Let our sword be open source solutions that
>>             help achieve these important security goals. Let our
>>             shields be powerful free documentation that helps inform
>>             all about application security.
>>
>>             Aloha,
>>             --
>>             Jim Manico
>>             @Manicode
>>             (808) 652-3805 <tel:%28808%29%20652-3805>
>>
>>             On Jun 19, 2015, at 6:49 PM, Kristian Erik Hermansen
>>             <kristian.hermansen at gmail.com
>>             <mailto:kristian.hermansen at gmail.com>> wrote:
>>
>>>             +1000...with NSA Bullrun and other secret programs known
>>>             to weaken crypto around the world to a similar end, it
>>>             is our responsibility as a community to stand up and say
>>>             no. As many of us have the power to vote in the USA, we
>>>             also have the ability to act as agents for the remainder
>>>             of the world that doesn't have such a privilege to
>>>             influence US policy. So we need to take that role and
>>>             responsibility very seriously and make sure that U.S.
>>>             policymakers understand crypto weakening proposals and
>>>             actions are unacceptable for the greater health of the
>>>             Internet and autonomy of its citizenry.
>>>             On Fri, Jun 19, 2015 at 9:08 PM Jeff Williams
>>>             <jeff.williams at owasp.org
>>>             <mailto:jeff.williams at owasp.org>> wrote:
>>>
>>>                 Thanks for pointing this out.  Totally agree and I
>>>                 wish OWASP had come out with a similar statement of
>>>                 values.
>>>
>>>                 --Jeff
>>>
>>>                 Jeff Williams | CTO
>>>                 Contrast Security
>>>                 @planetlevel @contrastsec
>>>                 _____________________________
>>>                 From: Tobias <tobias.gondrom at owasp.org
>>>                 <mailto:tobias.gondrom at owasp.org>>
>>>                 Sent: Sunday, June 14, 2015 4:44 AM
>>>                 Subject: [Owasp-community] IAB Statement on the
>>>                 Trade in Security Technologies
>>>                 To: <owasp-community at lists.owasp.org
>>>                 <mailto:owasp-community at lists.owasp.org>>
>>>
>>>
>>>
>>>                 I thought this is noteworthy.
>>>
>>>                 *IAB Statement on the Trade in Security Technologies**
>>>                 *
>>>                 https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/
>>>
>>>                 And I am in strong agreement with the above statement.
>>>
>>>                 What do you think?
>>>
>>>                 Best regards,
>>>
>>>                 Tobias
>>>
>>>
>>>
>>>                 _______________________________________________
>>>                 Owasp-community mailing list
>>>                 Owasp-community at lists.owasp.org
>>>                 <mailto:Owasp-community at lists.owasp.org>
>>>                 https://lists.owasp.org/mailman/listinfo/owasp-community
>>>
>>>             _______________________________________________
>>>             Owasp-community mailing list
>>>             Owasp-community at lists.owasp.org
>>>             <mailto:Owasp-community at lists.owasp.org>
>>>             https://lists.owasp.org/mailman/listinfo/owasp-community
>>
>>             _______________________________________________
>>             OWASP-Leaders mailing list
>>             OWASP-Leaders at lists.owasp.org
>>             <mailto:OWASP-Leaders at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>         _______________________________________________
>>         OWASP-Leaders mailing list
>>         OWASP-Leaders at lists.owasp.org
>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>

-- 
Jim Manico
Global Board Member
OWASP Foundation
https://www.owasp.org
Join me at AppSecUSA 2015!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150623/91743cdc/attachment-0001.html>


More information about the OWASP-Leaders mailing list