[Owasp-leaders] Urgent** Get Connected and Status Update : Chapter Leaders only

Andrew van der Stock vanderaj at owasp.org
Fri Jun 17 13:51:25 UTC 2016


The Board is working very seriously towards a good governance model for all
regional advisory councils, that I think will offer a good way forward that
means a repeat of the OWASP Lucknow issue will not arise again. Hopefully,
we will have more to say on this by the Face to Face meeting in two weeks.

And yes, from time to time, the list is moderated. Sometimes we are
required to remove things for legal reasons, other times, a post or a
thread does nothing to foster community and good relations. I am not sure
what happened in this instance, but for whatever reason something happened,
it was done for the right reasons.

Let's get on with being the best and most positive OWASP can be. Drama is
for Twitter, not here.

thanks,
Andrew

On Fri, Jun 17, 2016 at 10:25 PM, Vaibhav Gupta <vaibhav.gupta at owasp.org>
wrote:

> Hi guys,
>
> I can see owasp-leaders being marked in Prashant's email but can not find
> this in the online archive. Is the leader list moderated?
>
> http://lists.owasp.org/pipermail/owasp-leaders/2016-June/thread.html
>
> Thanks
> Vaibhav
>
> twitter.com/VaibhavGupta_1
>
> On Fri, Jun 17, 2016 at 1:16 PM, Prashant Kv <kvprashant at owasp.org> wrote:
>
>> Hi,
>> I am sorry to open this old thread but i would like to point to some
>> developments. Please check the link below:
>> https://twitter.com/defcon/status/743557391212437504
>>
>> Appsec India has been announced and i am not sure if anyone from defcon
>> lucknow is still part of it. I will be very disappointed if some day OWASP
>> has to take a similar step like defcon for any chapter or conference in
>> India. I would request the chapter leads(if involved) and the organizers to
>> be cautious and make sure that we uphold ourselves to atmost accountability.
>>
>> Regards
>> Prashant
>>
>> On Fri, Apr 1, 2016 at 5:20 AM, Noreen Whysel <noreen.whysel at owasp.org>
>> wrote:
>>
>>> Nitin joined on Milan's request. Nitin has received foundation report
>>> for co-coordinated DefCon events in Lucknow for the past two or three
>>> years. Despite controversy this year - that has been addressed and is
>>> resolved - we were happy to have additional planning team support from an
>>> experienced event producer and welcome others who would like to participate.
>>>
>>> Noreen Whysel
>>> Community Manager
>>> OWASP Foundation
>>>
>>> On Apr 1, 2016, at 8:02 AM, Akash Mahajan <akash.mahajan at owasp.org>
>>> wrote:
>>>
>>> Hi Noreen,
>>>
>>> Thank you so much for your patience in explaining where things are. I
>>> think it is safe to say that we all really appreciate the fact that you
>>> have taken out time to address this vexing issue. I am greatly relieved to
>>> know how things did progress and it was always the plan to give everyone a
>>> chance to be a part of AppSec India.
>>>
>>> Getting a clear idea of how Milan reached at this point, is also very
>>> useful to know.
>>>
>>> @Milan, could you help us understand how did Nitin join you in being
>>> the leader for AppSec India as well. I guess at this point that is the
>>> only remaining point of confusion for all of us.
>>>
>>> The sooner we get past that, sooner we can expect an email from your
>>> side for a call for volunteers.
>>>
>>> Thank you.
>>>
>>>
>>>
>>> On 1 April 2016 at 17:09, Noreen Whysel <noreen.whysel at owasp.org> wrote:
>>>
>>>> As I said in my email, there is no OWASP India chapter and no leader
>>>> who has oversight responsibilities for the country's chapters. We had an
>>>> advisory group led by Dhruv Soi for some time but this has been inactive
>>>> since he moved to Dubai.
>>>>
>>>> When Milan stepped forward to restart the AppSec India, he was a known
>>>> leader and participant in OWASP Mobile Security project and Mobile Top Ten,
>>>> and had been an invited speaker at OWASP Online Academy. We sought Dhruv's
>>>> advice in the matter and allowed Milan to step into this role with the
>>>> primary responsibility to restart AppSec India.
>>>>
>>>> My expectation was that there would be an announcement and call for
>>>> volunteers from the foundation.
>>>>
>>>> Noreen Whysel
>>>> Community Manager
>>>> OWASP Foundation
>>>>
>>>> On Apr 1, 2016, at 1:58 AM, Akash Mahajan <akash.mahajan at owasp.org>
>>>> wrote:
>>>>
>>>> Hello Noreen and Milan,
>>>>
>>>> Thank you so much for replying quickly and helping all of us understand
>>>> what might be going on. I understand what we want to is work together
>>>> towards an OWASP AppSec India. If the initial email from Milan had been
>>>> about that to begin with, my assumption is that a lot of us would have
>>>> responded a little differently. I know for sure, I would have.
>>>>
>>>> While Noreen in your email you clearly mention that the Indian board is
>>>> dissolved, Milan still refers to himself as OWASP India Lead. So I am still
>>>> confused about which is it?
>>>>
>>>> 1. Is there something like an OWASP India Chapter?
>>>> 2. If there is how does one become a leader for OWASP India?
>>>> 3. If any of this was being decided, why was this not on the chapters
>>>> mailing list or the leaders mailing list?
>>>> 4. Who are the people who decided that Milan, Nitin would become the
>>>> new leaders and what was the process followed for their selection?
>>>>
>>>> Apologies for being a bit difficult, but to me community work is very
>>>> important and most importantly it needs to be transparent and above board.
>>>> Otherwise amongst other things this will lead to
>>>>
>>>> 1. Loss of morale for people who volunteer their time, effort,
>>>> reputation to do OWASP community work
>>>> 2. Confusion (already has) and anger at the perceived lack of
>>>> transparency between leaders, board and other volunteers
>>>>
>>>> Do note, it was great that Milan has apologised but most of us weren't
>>>> looking for an apology but clear answers. We are all mature individuals
>>>> with good experience of doing community work without expecting any rewards
>>>> so it wasn't ever about the tone (it is nice if the email was polite) but
>>>> the meat of the problem is lack of clarity.
>>>>
>>>> Also at the risk of sounding preachy, burning bridges to start any
>>>> community initiative or getting everyone on board is neither a sustainable
>>>> strategy nor productive in the short term. It does call in question of the
>>>> competence of the individuals with respect to being able to organise and
>>>> lead a community initiative.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>>
>>>> On 1 April 2016 at 09:46, Milan Singh Thakur <milan at owasp.org> wrote:
>>>>
>>>>> Thank you Noreen for clearing the misunderstandings that arose here.
>>>>>
>>>>> OWASP India will remain focused on organizing AppSec India event and
>>>>> also coordinating/involving other chapters in India to come together in
>>>>> this as a Strong Team.
>>>>>
>>>>> My Sincere Apologies to All Leaders again for my first mail.
>>>>> Let us work together as Team and get past this difficult situation.
>>>>>
>>>>> Looking forward for your involvement in AppSec India event starting
>>>>> this year.
>>>>>
>>>>> Regards,
>>>>> Milan Singh Thakur
>>>>> INDIA Leader
>>>>> OWASP Foundation
>>>>> Mob: +91 9405901005
>>>>>
>>>>> On Fri, Apr 1, 2016 at 3:06 AM, Noreen Whysel <noreen.whysel at owasp.org
>>>>> > wrote:
>>>>>
>>>>>> Hi Milan and India leaders,
>>>>>>
>>>>>> Thank you for inviting me to comment on this thread. I have indeed
>>>>>> received many inquiries from India leaders wondering where this
>>>>>> announcement came from and I was frankly a bit surprised at the tone of his
>>>>>> message as well. Milan and I had a brief email conversation and I think
>>>>>> there is somewhat of a misunderstanding.
>>>>>>
>>>>>> There is no OWASP India chapter as a stand alone entity. This
>>>>>> dissolved some time ago as chapter development grew throughout the country.
>>>>>> You all have to congratulate yourselves on this growth as it has been truly
>>>>>> amazing. There is also no governing body aside from the global foundation
>>>>>> overseeing activity of individual chapters in India and has not been as far
>>>>>> as I can tell since 2012.
>>>>>>
>>>>>> Milan may have been overly eager to engage active India chapter
>>>>>> leaders in his conversation in advance of creating an AppSec India event. I
>>>>>> can assure you that as volunteers, neither Milan nor any of you would have
>>>>>> authority to bring a legal case against anyone on behalf of OWASP. Further,
>>>>>> starting and dissolving OWASP chapters is the responsibility of the
>>>>>> Community Manager alone.
>>>>>>
>>>>>> That said, there are many chapters in need of cleanup. Many who have
>>>>>> received an appropriately stern message from me :) and many who are doing
>>>>>> wonderful work as evidenced by so many reports from chapter leads that I
>>>>>> had the pleasure to write about in the OWASP newsletters.
>>>>>>
>>>>>> My understanding is Milan has made apologies to people who have
>>>>>> complained to him, which is a gracious and proper thing to do. We at the
>>>>>> global foundation hope we all can get past this difficult spot and get back
>>>>>> to the business of making application security visible in India and
>>>>>> throughout the world.
>>>>>>
>>>>>> Thank you for your passion and your support of these endeavors.
>>>>>>
>>>>>> Noreen Whysel
>>>>>> Community Manager
>>>>>> OWASP Foundation
>>>>>>
>>>>>> On Mar 31, 2016, at 3:40 PM, Milan Singh Thakur <milan at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Team,
>>>>>>
>>>>>> I have already apologised for my initial mail.
>>>>>> I am looping Noreen for further communications between us.
>>>>>>
>>>>>> I will send you copy of official mail received from Owasp Global Team
>>>>>> for accepting my Leadership request that I had raised.
>>>>>>
>>>>>> Regards,
>>>>>> Milan Singh Thakur
>>>>>> INDIA Leader
>>>>>> OWASP Foundation
>>>>>> Mob: +91 9405901005
>>>>>>
>>>>>> On Fri, Apr 1, 2016 at 1:09 AM, Milan Singh Thakur <milan at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Team,
>>>>>>>
>>>>>>> I have already apologised for my initial mail.
>>>>>>> I am looping Noreen for further communications between us.
>>>>>>>
>>>>>>> I will send you copy of official mail received from Owasp Global
>>>>>>> Team for accepting my Leadership request that I had raised.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Milan Singh Thakur
>>>>>>> INDIA Leader
>>>>>>> OWASP Foundation
>>>>>>> Mob: +91 9405901005
>>>>>>>
>>>>>>> On Fri, Apr 1, 2016 at 1:06 AM, Krishnendu Paul <
>>>>>>> krishnendu.paul at owasp.org> wrote:
>>>>>>>
>>>>>>>> Hi from OWASP Kolkata chapter,
>>>>>>>>
>>>>>>>>     We will be taking OWASP Bangalore path, by refusing to accept
>>>>>>>> your authority and assertions - we don't have any official information from
>>>>>>>> Global OWASP, and each of us contribute in our own way to OWASP following
>>>>>>>> their official handbook, I never saw anything like your plan mentioned over
>>>>>>>> there.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Krishnendu Paul
>>>>>>>> +91-98300-26324
>>>>>>>>
>>>>>>>> On Fri, Apr 1, 2016 at 12:59 AM, Akash Mahajan <
>>>>>>>> akash.mahajan at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> Hi Milan,
>>>>>>>>>
>>>>>>>>> I guess all discussion is moot, till you do answer the questions
>>>>>>>>> asked of you.
>>>>>>>>>
>>>>>>>>> We at OWASP Bangalore are very keen to find out how you and Nitin
>>>>>>>>> became India board members without anyone at OWASP Bangalore getting any
>>>>>>>>> information at all about the selection/election/nomination process.
>>>>>>>>>
>>>>>>>>> Till you do answer the questions, OWASP Bangalore chapter will
>>>>>>>>> refuse to accept your authority on any of the points you have raised in
>>>>>>>>> your initial email.
>>>>>>>>>
>>>>>>>>> Not only do we refuse to accept your authority and assertions, we
>>>>>>>>> are going to try and establish the exact sequence of events which have lead
>>>>>>>>> to this for full transparency and the community we represent.
>>>>>>>>>
>>>>>>>>> I am hoping that before you plan/rebut/go on a tangent, you answer
>>>>>>>>> all the questions posed to you by me personally and the other community
>>>>>>>>> members.
>>>>>>>>>
>>>>>>>>> Thank you.
>>>>>>>>>
>>>>>>>>> On 1 April 2016 at 00:19, Milan Singh Thakur <milan at owasp.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Akash,
>>>>>>>>>>
>>>>>>>>>> Its good to hear from you.
>>>>>>>>>> I know Bangalore chapter has been continuously improving Infosec
>>>>>>>>>> community with their immense efforts (as many other chapters are also
>>>>>>>>>> trying to).
>>>>>>>>>>
>>>>>>>>>> I agree my first mail was bit harsh, but it was to entice
>>>>>>>>>> everyone to speak. Even I *Sincerely Apologise* for the tone of
>>>>>>>>>> first mail that was sent out.
>>>>>>>>>>
>>>>>>>>>> 1. Will be answered 1-1 :)
>>>>>>>>>> 2. I have been leading Mobile Security project for quite some
>>>>>>>>>> time now.
>>>>>>>>>> 3. Yes, we are not monitoring chapter leads. But we are looking
>>>>>>>>>> into chapter activities. So that if a chapter is not getting sufficient
>>>>>>>>>> resources to run programs, then we will help it out for sure.
>>>>>>>>>> 4. As I clarified earlier, it was to entice people to speak. It
>>>>>>>>>> worked, but went in a negative way. Nothing as such will happen in future :)
>>>>>>>>>> 5. No one dictates in OWASP. So my intentions were clearly not to
>>>>>>>>>> do any kind of dictatorship (neither I support it). But we went through all
>>>>>>>>>> the chapter pages and found most of them were not updated, except for few.
>>>>>>>>>>
>>>>>>>>>> I understand that we all belong to same family. So let's work
>>>>>>>>>> together and keep the wiki updated.
>>>>>>>>>> If not then we can help to keep stuff updated on wiki and help
>>>>>>>>>> all the chapters with resources.
>>>>>>>>>>
>>>>>>>>>> Requesting you all to not to take things personally and as Akash
>>>>>>>>>> said "Let it be a fruitful discussion".
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Milan Singh Thakur
>>>>>>>>>> INDIA Leader
>>>>>>>>>> OWASP Foundation
>>>>>>>>>> Mob: +91 9405901005
>>>>>>>>>>
>>>>>>>>>> On Thu, Mar 31, 2016 at 11:55 PM, Milan Singh Thakur <
>>>>>>>>>> milan at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Thank you Sastry :)
>>>>>>>>>>>
>>>>>>>>>>> I really appreciate work of all Chapter Leaders in India (and
>>>>>>>>>>> entire community) and have deep respect for efforts required to hold the
>>>>>>>>>>> flag on ground.
>>>>>>>>>>>
>>>>>>>>>>> The motto we all work for is same "Love, Dedication and Passion
>>>>>>>>>>> for Infosec". Things that happened in past might have had bad impression,
>>>>>>>>>>> but as of present and future We (Nitin, Me and Owasp Global Board) assure
>>>>>>>>>>> you that any Owasp Chapter and any Infosec buddy will get full support from
>>>>>>>>>>> us.
>>>>>>>>>>>
>>>>>>>>>>> This is the reason we needed to get all leaders to speak, so
>>>>>>>>>>> that if there are any misunderstandings; they can be cleared/resolved.
>>>>>>>>>>>
>>>>>>>>>>> Everyone in Team please feel free to reach us for any help you
>>>>>>>>>>> need.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Milan Singh Thakur
>>>>>>>>>>> INDIA Leader
>>>>>>>>>>> OWASP Foundation
>>>>>>>>>>> Mob: +91 9405901005
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Warm regards,
>>>>>>>>> Akash Mahajan
>>>>>>>>>
>>>>>>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>>>>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>>>>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Thanks & Regards,
>>>>>>>>
>>>>>>>> Krishnendu Paul
>>>>>>>>
>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>> Phone: +91-9830026324
>>>>>>>> http://in.linkedin.com/in/krishpaul/
>>>>>>>> http://www.sillycon.org
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Warm regards,
>>>> Akash Mahajan
>>>>
>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>
>>>>
>>>
>>>
>>> --
>>> Warm regards,
>>> Akash Mahajan
>>>
>>> *That Web Application Security Guy* | +91 99 805 271 82
>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160617/69b94cef/attachment-0001.html>


More information about the OWASP-Leaders mailing list