[Owasp-leaders] Fwd: Statement about the AppSec-EU 2018 and related events

Martin Knobloch martin.knobloch at owasp.org
Wed Jan 24 14:47:50 UTC 2018

Hi Lucas, Eoin, Tobias, et all,

We totally agree about the openness and transparency.
Again, please understand we needed to talk with the involved parties first,
as we did this week Monday.

About your question why the AppSec-Eu 2018 is not taking place as
scheduled, unfortunately is it not always as straight forward as we want
and it can be cumbersome to report on events.
To fully comprehend the situation, some background information is required.
In order to find the root causes of all, we can go back as far as begin of
2017 and the events during that year. Meaning the vacant position of an ED
and 3 employees resigning their positions, leaving behind a big gap in the
organization, our processes and support.
Finally hiring an ED at the end of the year, Karen had to deal with the
fact our Global events that are our major fundraising activities, the
AppSec-Eu in Belfast and the AppSec-US in Orlando ending up negative on the
balance and making less money then expected.

There have been voiced calling out the OWASP foundation would be about
money after all. As many do not realize, OWASP indeed requires funds to be
an healthy organization and to be able to do all the good things do. All
our financials are public available.

As for the reason of not hosting the AppSec-Eu in Israel, only this is true:
With background as mentioned above, the forecast for the AppSec-Eu in
Israel  being concerning regarding estimated costs, predicted number of
paying attendees and sponsor support - again, this is not the fault of the
Israel chapter and other volunteers involved, but the lack of support the
Foundation as able to offer - our ED raised concerns about hosting the
event as planed. Therefore the previous board had asked Karen to
investigate impact of hosting the conference in Tel Aviv and investigating
alternatives. In the following up, our ED and staff has tried to gather as
much information as possible to make a substantiated decision.
As organization, it appears we to lack insight and demographic information
about our own conferences. With Karen's extensive experience in running and
non for profit organization and hosting major events, she has identified
our gap in this matter and works hard on solving this issues next to many

Hope this answers your questions.

Please find the meeting notes of the conference call last Monday with the
Israel and UK chapters regarding this matter attached, the meeting has also
been recorded

Kind regards,

On Wed, Jan 24, 2018 at 11:20 AM, Tobias Glemser <tobias.glemser at owasp.org>

> +1 Eoin
> From several chats I had with OWASP volunteers about this issue I feel we,
> the community, are deeply confused about the decision. OWASP is open and
> transparent. Board, go for it. Please.
> On Wed, Jan 24, 2018 at 11:07 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Hi Martin,
>> I may of missed this but It may be useful to cite reasons for the move
>> from Israel to the UK to keep alignment with our mantra of OWASP "radical
>> transparency".
>> What was the basis for the decision.
>> Eoin
>> On Tue, Jan 23, 2018 at 11:33 PM, Martin Knobloch <
>> martin.knobloch at owasp.org> wrote:
>>> Dear OWASP community,
>>> As there have been quite a number of changes over the last number of
>>> months, the Global OWASP Foundation has faced a number of challenges. As
>>> you may be aware, three of our staff members have left the foundation,
>>> leaving a big gap in our day to day operations. This is not an excuse, but
>>> a reason why some processes both slowing down or even came to a complete
>>> halt. We are very happy to have found an Executive Director (ED) in Karen
>>> Staley. Since joining, Karen has been working hard to turn these challenges
>>> into opportunities and to allow OWASP to increase our organizational
>>> maturity and professionalism. I think it’s safe to say that the four newly
>>> elected board members and new ED, have had the most memorable start in
>>> their new position.
>>> We are all extremely passionate about OWASP and with this passion comes
>>> frustrations. Your frustration in relation to the lack of information/
>>> communication is understandable. As most of you were celebrating the
>>> Christmas and New Year holidays, the board were blindsided by these events.
>>> To this end the newly elected and sitting board members, together with our
>>> ED, were busy with the matters at hand. Given the time of year and the
>>> nature of the matter at hand, it’s easy to forget to communicate. We
>>> understand that the lack of communication on our part can make you assume
>>> nothing is happening.
>>> Even though there was no communication with the OWASP community at
>>> large, we want to ensure you that we were in constant communications with
>>> those involved and are working towards an acceptable path forward.
>>> As per previous mailing list communications, the AppSec-EU 2018
>>> conference will take place in the UK. Operational challenges are currently
>>> being resolved and information about the conference venue, location will be
>>> available as soon possible.
>>> Volunteers who have been working hard on organizing the AppSec-EU 2018
>>> conference in Tel Aviv and the OWASP Israel chapter especially, felt
>>> frustrated with the decision to move the conference and way it had been
>>> communicated. Those that have previously organized a global OWASP AppSec
>>> conference in the past know how much more complex it is to organize
>>> compared to a local event, even if the numbers of attendees are more of
>>> less the same. The decision to move the AppSec-EU 2018 conference to the UK
>>> has been made. We would like to acknowledge the effort of the organizing
>>> team, while realizing the required level of support from the foundation was
>>> not achieved.
>>> As OWASP board and staff, we see the huge burden it puts on the local
>>> chapter and leading volunteers. The OWASP board and staff recognizes the
>>> necessity of providing more professional support to the local chapter and
>>> volunteers to justify the expectations of our community and sponsors. With
>>> her extensive experience in organizing international conferences, our ED is
>>> working hard to do so.
>>> As you are aware, the board members are volunteers too and we do our
>>> best to act in the best interest of the OWASP community. OWASP is bigger
>>> than individuals or the board, OWASP is a community which is driven by it
>>> volunteers and we welcome your input in how we can improve OWASP to further
>>> our mission. Please be invited to the OWASP Board meetings
>>> <https://www.owasp.org/index.php/Board>, the first meeting of the
>>> current board is January 24th
>>> <https://www.owasp.org/index.php/January_24,_2018>.
>>> Many times, those who shout the loudest are perceived in representing
>>> the community’s opinion. In the succession of the announcement the
>>> AppSec-EU to be moved from Tel Aviv to the UK, and the public statement
>>> that has been made articulating the frustrations about this decision,
>>> people from inside and outside the OWASP community felt the need to vent
>>> their opinions. As we are an open organization, I appreciate how
>>> forthcoming our community was.
>>> Nevertheless, in OWASP we have a clear policy of ethics, stating the
>>> expected professionalism in communication and respect towards each other.
>>> We as a community of professionals are required to set an example to the
>>> next generation and should therefore lead by example in respecting these
>>> ethics when communicating both privately and in the public domain.
>>> We will endeavor to improve our communications going forward and hope
>>> that this has not deterred any of the great OWASP community that have spent
>>> a countless number of hours volunteering to improve software security as a
>>> whole.
>>> Kind regards,
>>> Martin Knobloch
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> --
>> OWASP Volunteer
>> @eoinkeary
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180124/35b86f01/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 22 January Conference Call.pdf
Type: application/pdf
Size: 184606 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180124/35b86f01/attachment-0001.pdf>

More information about the OWASP-Leaders mailing list