[Owasp-leaders] [Owasp-board] [Owasp-community] IAB Statement on the Trade in Security Technologies

Timo Goosen timo.goosen at owasp.org
Thu Jun 25 10:26:04 UTC 2015


"we should be helping set a better platform for just that kind of
experimentation. I agree with his sentiment here and will use that idea as
one of my primary directives as a board member moving forward."
I think instead of trying to influence legislation we can support projects
that focus on technology and not politics.
What we can do though is support projects that are outside of the USA that
strive to develop strong crypto technology and support the use of such
technology. One such project which is based in Canada where exporting
crypto software is not prohibited (not affiliated with OWASP) is the
OpenBSD project which develops: LibreSSL(fork of OpenSSL),OpenSSH etc.
They have very limited funding yet they one of the best Opensource projects
in terms of quality in the world. I'd encourage anyone
with philanthropic tendencies to donate some money to this project.  Funny
enough DARPA use to fund this project, then dropped the funding after the
project leader made a comment about the War in Iraq at the time.

Regards.
Timo

On Tue, Jun 23, 2015 at 7:49 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  Lucas,
>
> Check out this thread on the board list.
>
> http://lists.owasp.org/pipermail/owasp-board/2015-June/015608.html
>
> Lobbying is actually ok within reasonable limits. The US Tax Service (IRS)
> sets clear financial limits for that activity which we are very unlikely to
> get even close to, something Tobias pointed out to me.
>
> *In short:
> OWASP can engage in legislative advocacy and issue-related advocacy, as long as it follows certain rules and steers clear of political campaigning. A non-profit may not have a "substantial part" of its overall activities relates to influencing legislation or carrying on propaganda. Roughly anything under 5% of the overall budget is considered not substantial, while expenditures of above 15% would probably be considered substantial - e.g. 5% would be with our current  budget size spending of more than USD 100.000(!) on lobbying....*
>
> So rock on!
>
> I again wanted to state that something Jeff Williams said on this thread
> was very spot and I heard him clearly. The board should not be getting in
> the way of Application Security awareness experimentation; we should be
> helping set a better platform for just that kind of experimentation. I
> agree with his sentiment here and will use that idea as one of my primary
> directives as a board member moving forward.
>
> Aloha,
> Jim
>
>  Jim,
>
>  thanks for you kind words. I have almost no knowledge of US legislation,
> so I cannot comment about specifics. But I know legislators need help in
> understanding more technical and specialized topics and we need to find a
> way to educate them.
>
>  Unfortunately the line between educating and lobbying can be blurry...
>
>  Regards,
>
>  Lucas
>
>  On Tue, Jun 23, 2015 at 1:16 PM Jim Manico < <jim.manico at owasp.org>
> jim.manico at owasp.org> wrote:
>
>>  Lucas,
>>
>>  This is very well done and I'm glad you are taking such a sensible and
>> education-centric position here.
>>
>>  Lucas, the more I think about this and research this topic the more I
>> realize my position was wrong.
>>
>>  1) There is plenty of room for us to influence legislation up to a
>> certain point
>> 2) The board should be very accommodating in encouraging experimentation
>>
>>  A little warning is reasonable, but this thread got out of hand.
>>
>>  I get it now and will be certain to encourage more of these activities
>> in the future.
>>
>>  Aloha Lucas,
>>
>> --
>> Jim Manico
>>   Global Board Member
>> OWASP Foundation
>> https://www.owasp.org
>>  Join me at AppSecUSA <http://appsecusa.org/> 2015!
>>
>> On Jun 23, 2015, at 3:57 AM, Lucas Ferreira < <lucas.ferreira at owasp.org>
>> lucas.ferreira at owasp.org> wrote:
>>
>>   Jonathan,
>>
>>  not exactly what you are looking for, I guess:
>> <https://www.owasp.org/index.php/OWASP_Brasil_Manifesto>
>> https://www.owasp.org/index.php/OWASP_Brasil_Manifesto
>>
>>  From my understanding of the whole discussion, our manifesto is Jim's
>> nightmare come true... :-)
>>
>>  Regards,
>>
>>  Lucas
>>
>>  On Mon, Jun 22, 2015 at 4:16 PM Jonathan Carter <
>> jonathan.carter at owasp.org> wrote:
>>
>>> On a slightly related note, are there any OWASP projects that focus on
>>> law?  It would be interesting to have a project that focuses on current
>>> legislation and makes authoritative statements on the efficacy /
>>> ramifications of law.
>>>
>>> On Fri, Jun 19, 2015 at 11:38 PM, Jim Manico < <jim.manico at owasp.org>
>>> jim.manico at owasp.org> wrote:
>>>
>>>>  One of the very few ways we can lose our tax exempt 501(c)3 status -
>>>> the status of a charity - is to engage in lobbying activities.
>>>>
>>>>  These activities are loosely defined, but we have a responsibility to
>>>> avoid trying to influence legislation at OWASP •if• we wish to maintain our
>>>> tax exempt status.
>>>>
>>>>  http://www.irs.gov/Charities-&-Non-Profits/Lobbying
>>>>
>>>> It is a core part of the boards fiduciary duty to protect the
>>>> foundation from losing its tax exempt status.
>>>>
>>>> However, we can as a foundation and as a community still participate in
>>>> this issue by serving our shared mission with care. Let our sword be open
>>>> source solutions that help achieve these important security goals. Let our
>>>> shields be powerful free documentation that helps inform all about
>>>> application security.
>>>>
>>>>  Aloha,
>>>>  --
>>>> Jim Manico
>>>> @Manicode
>>>> (808) 652-3805
>>>>
>>>> On Jun 19, 2015, at 6:49 PM, Kristian Erik Hermansen <
>>>> <kristian.hermansen at gmail.com>kristian.hermansen at gmail.com> wrote:
>>>>
>>>>  +1000...with NSA Bullrun and other secret programs known to weaken
>>>> crypto around the world to a similar end, it is our responsibility as a
>>>> community to stand up and say no. As many of us have the power to vote in
>>>> the USA, we also have the ability to act as agents for the remainder of the
>>>> world that doesn't have such a privilege to influence US policy. So we need
>>>> to take that role and responsibility very seriously and make sure that U.S.
>>>> policymakers understand crypto weakening proposals and actions are
>>>> unacceptable for the greater health of the Internet and autonomy of its
>>>> citizenry.
>>>> On Fri, Jun 19, 2015 at 9:08 PM Jeff Williams <
>>>> <jeff.williams at owasp.org>jeff.williams at owasp.org> wrote:
>>>>
>>>>>  Thanks for pointing this out.  Totally agree and I wish OWASP had
>>>>> come out with a similar statement of values.
>>>>>
>>>>> --Jeff
>>>>>
>>>>> Jeff Williams | CTO
>>>>> Contrast Security
>>>>> @planetlevel @contrastsec
>>>>>   _____________________________
>>>>> From: Tobias < <tobias.gondrom at owasp.org>tobias.gondrom at owasp.org>
>>>>> Sent: Sunday, June 14, 2015 4:44 AM
>>>>> Subject: [Owasp-community] IAB Statement on the Trade in Security
>>>>> Technologies
>>>>> To: < <owasp-community at lists.owasp.org>owasp-community at lists.owasp.org
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> I thought this is noteworthy.
>>>>>
>>>>> *IAB Statement on the Trade in Security Technologies*
>>>>>
>>>>>
>>>>> <https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/>
>>>>> https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/
>>>>>
>>>>> And I am in strong agreement with the above statement.
>>>>>
>>>>> What do you think?
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Tobias
>>>>>
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Owasp-community mailing list
>>>>> Owasp-community at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>>
>>>>   _______________________________________________
>>>> Owasp-community mailing list
>>>> Owasp-community at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-community
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>  _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
> --
> Jim Manico
> Global Board Member
> OWASP Foundationhttps://www.owasp.org
> Join me at AppSecUSA 2015!
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150625/e2096ecb/attachment-0001.html>


More information about the OWASP-Leaders mailing list