[Owasp-leaders] don't allow explicit discrimination 🙏🏿 (women only)

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Sun Mar 17 05:22:05 UTC 2019


+1

OWASP AppSec must be open to all participants.
Regards
Azzeddine RAMRAMI
OWASP AppSec Morocco and Africa
OWASP Morocco

Le dim. 17 mars 2019 à 03:13, Timur 'x' Khrotko [owasp] <timur at owasp.org> a
écrit :

> Dear all, I still maintain my request to correct the condition of the free
> Burp/ZAP training in Tel Aviv to anything tolerable from 'women only'.
>
> 'Women only' is gender discriminatory by design and as such should not be
> tolerated. In the below conversation I found no reason that could outweigh
> this issue. While Kevin and Liam suggested solutions which could fulfill
> the purpose of helping/sponsoring/engaging chosen groups/causes.
>
> Dear Vandana, I respect your missionary work. It's only that the solution
> you proposed to replicate from your successful practice in India is not
> proper in Europe/Israel. As well I would not assume that the situation you
> are curing in India is present in Europe in the same manner. Especially in
> Israel where women join the regular service in defense forces equally to
> men. And I assume that female developers travelling to Appsec Global can
> easily learn in coeducational circumstances.
>
> PS. Also I see a parallel issue in that that there is no regulation of
> having free trainings of any kind at OWASP conferences. Like if there is a
> preselected free training then its topic should be announced in the CfT to
> prevent trainers proposing their for profit trainings with the same topic.
> Etc.
>
> Thanks for the discussion,
> Timur
>
> On Fri, Mar 15, 2019 at 3:37 PM Liam Smit <liam.smit at gmail.com> wrote:
>
>>
>> Hi Avi
>>
>> It seemed that Timur was pointing out the double standard or hypocrisy
>> involved in claiming to be inclusive yet being exclusive to one gender and
>> thus discriminating. This would see to be confirmed by his questions around
>> other exclusive training examples of race, religion, not having children
>> and sexual orientation. In effect he appears to be asking if it is only OK
>> to discriminate to increase diversity.
>>
>> If the end goal to ensure equal representation of every gender, race,
>> age, sexual orientation, gender identity, religion, etc. in every field,
>> conference and other walk of life then it is going to involve a gargantuan
>> amount of social engineering to achieve that  which would entail
>> individuals giving up their right to privacy of those attributes as well as
>> some sort of bureaucracy to assign more resources to certain groups defined
>> by the chosen defining characteristic as well as encourage people to pursue
>> a certain direction at the expense of their other options.
>>
>> By mentioning "gender, e.g. PoC, trans, and more" you have already
>> touched on the problem of how does one define let alone measure diversity.
>> What about diversity of age, current or past financial status, interests,
>> or ideas? Ironically with enough effort and enough groups we could end up
>> with a list of permutations that result in one individual per permutation
>> at which point we could probably dispense with dividing people up into
>> groups... ;-)
>>
>> Personally I do not feel offended if there is an event aimed at women,
>> one aimed at the youth to explain the dangers of social media, training
>> aimed at the elderly on how to spot con artist scams, etc. Of course at the
>> same time it would be silly to prevent, e.g., parents or teachers from
>> attending a course aimed at children because they would most likely be able
>> to pass knowledge on to children and younger people who have parents who
>> they consider at risk to such scams.
>>
>> I would suggest equal access to opportunity is the simplest way of
>> allowing people to learn and partake in what they find interesting. Online
>> computer based training offers a scalable (physical space is limited),
>> affordable (financial considerations are real) and effective way to learn
>> the basic (and even the more advanced) concepts without having to fear
>> being ridiculed (a specific issue raised by Pravant). You could also have a
>> classroom rule of do not ridicule basic questions, provide the basic
>> information before the training to get everyone up to a similar level or
>> encourage a friendly atmosphere in the class so that the worst anyone gets
>> is a gentle ribbing and I mention that last one as someone who purposefully
>> asks the stupid question in a group environment.
>>
>> I am not sure why you saw fit to make a comment about Jim Crow laws or
>> joking about white supremacy. Perhaps I am missing some context but if it
>> solely based on Timur's email then it would appear that you are attempting
>> to label him as a bad person to dismiss his argument instead of addressing
>> the substance of his argument. If that is indeed the case then that is at
>> best poor debating skills. Regardless, it is far better to identify the
>> specific issues hindering access to education or training and address each
>> of those in turn to improve the situation.
>>
>> My sincere thanks to everyone (including Timur and Avi) in the thread who
>> highlighted what they considered specific problems, offered feedback and
>> suggestions on how to improve access to information security training and
>> of course to those like Vandana who volunteer their time and effort to
>> provide free training! Being able to rationally discuss problems in a civil
>> manner in order to come up with potential solutions is a fundamental
>> requirement to helping OWASP achieve its purpose of safe and secure
>> software.
>>
>>
>> Regards,
>>
>> Liam
>>
>> On Fri, Mar 15, 2019 at 11:05 AM Avi D (OWASP Israel) <
>> avi.douglen at owasp.org> wrote:
>>
>>> Hi Timur,
>>>
>>>
>>>
>>> As you know, I am the conference chair for this event. It’s a shame you
>>> didn’t feel comfortable reaching out to me directly before complaining at
>>> everybody. J
>>>
>>>
>>>
>>> As Josh explained to you, I added this training outside the CFT
>>> submission process. As such there was never any conflict between this and
>>> any other submitted training proposal that may have been on a similar
>>> topic. This FREE training is being organized by the WIA committee, and
>>> Vandana in particular, and offered free (at her own personal expense) to
>>> _increase_ inclusion in OWASP events, and the industry in general.
>>>
>>>
>>>
>>> Whether or not you have encountered a problem with the current level of
>>> diversity in OWASP, AppSec events, and the industry in general – I assure
>>> you, this problem exists, it is significant, and it’s in a pretty terrible
>>> state right now. This free training is a blessed effort to get more women
>>> (and those identifying as women, as well as other underrepresented groups)
>>> into the industry, help them get started in a field that has traditionally
>>> been (and still is) biased against these groups, and hopefully rebalance
>>> our overwhelmingly male community. This is absolutely one of the core
>>> causes of OWASP, and part of our core mission: to make security visible and
>>> accessible to ALL developers etc.
>>>
>>>
>>>
>>> That said, if you feel strongly about it you can just as well sign up
>>> for the course – we will not be checking anyone’s genitals before we let
>>> them through the door. (Though I believe you are teaching a course yourself
>>> at the same time? So I’m not sure what you’re cranky about here.)
>>>
>>>
>>>
>>> FYI, I will point out that we do have a strict Code of Conduct at our
>>> event, in addition to OWASP’s generic one. TBF it is a bit basic IMO, but
>>> it DOES have teeth: any abuse, harassment, or making someone feel like they
>>> do not belong is not acceptable, and can even lead to expelling an abuser,
>>> no matter who they are. Anyone and everyone should feel comfortable and
>>> safe attending and participating in the conference.
>>>
>>> Suggesting a comparison between WIA and other inclusivity efforts to Jim
>>> Crow laws, or trivializing these efforts as “political reasons”, or joking
>>> about white supremacy – this is not really a bannable offense, but I would
>>> strongly suggest reconsidering this approach. It’s not a wholesome path to
>>> be on… J
>>>
>>>
>>>
>>> Looking forward to seeing you here again, and discussing further over a
>>> beer (or non-alcoholic drink if you prefer)!
>>>
>>>
>>>
>>> Regards,
>>>
>>> Avi D
>>>
>>>
>>>
>>> P.S. I am aware that are lack of diversity is not solely based on
>>> gender, e.g. PoC, trans, and more. As there are many groups that are not
>>> quite comfortable in many of these events, we do try to express universal
>>> inclusivity, and explicitly mention that anyone from underrepresented
>>> groups are included, not just women. If anyone feels they are still left
>>> out from this, please let me know and we will do whatever we can.
>>>
>>>
>>>
>>>
>>>
>>> *From:* owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org
>>> [mailto:owasp-leaders-bounces+avi.douglen=owasp.org at lists.owasp.org] *On
>>> Behalf Of *Timur 'x' Khrotko [owasp]
>>> *Sent:* Friday, March 15, 2019 3:31
>>> *To:* Josh Grossman <josh.grossman at owasp.org>; OWASP Foundation Board
>>> List <owasp-board at lists.owasp.org>; owasp-leaders at lists.owasp.org
>>> *Subject:* [Owasp-leaders] don't allow explicit discrimination 🙏🏿
>>> (women only)
>>>
>>>
>>>
>>> Dear Board, dear Josh,
>>>
>>>
>>>
>>> please modify the conditions of the Burp/ZAP training announced at
>>> Appsec Global in Tel Aviv. The "women only" condition is gender
>>> discriminatory, that is just plainly discriminatory and as such contradicts
>>> the faith and probably the policies of OWASP. Also it contradicted the
>>> training review policy which promised to make choices solely on
>>> professional grounds.
>>>
>>>
>>>
>>> Dear all,
>>>
>>>
>>>
>>> I understand the idea behind it and I support the WIA initiative but
>>> there must be common sense limits. You shouldn't encourage black only
>>> tailor shops in your holy fight with racially discriminatory tailor shops.
>>>
>>>
>>>
>>> There're options to keep the idea, maybe make the training free for WIA
>>> members -- that would be against my taste still but maybe something
>>> tolerable. Or let WIA invent a clever and tasteful solution for the
>>> conditions of a free training to engage female devs in secdev.
>>>
>>>
>>>
>>> As far as I know this isn't an issue with the Tel Aviv organisers as
>>> this training was nested from above. And also this women only thing already
>>> happened at one of the previous conferences, in the US probably.
>>>
>>>
>>>
>>> Consider that when one inserts trainings for political reasons then
>>> similar trainings which could compete on professional grounds get
>>> automatically excluded. So by promoting causes which are not exactly the
>>> core causes OWASP exists for one harms the professional impartiality/etc.
>>>
>>>
>>>
>>> Satirical sidenote: I'm not afraid of being tagged as trumpist since I'm
>>> already a Russian troll 😀 And during the Samantha-gate I already
>>> accepted highbrow American comments that we don't know modern social/moral
>>> norms at this side of the world.
>>>
>>>
>>>
>>> Or would it be a good move next time to announce a 'Muslims only', 'Jews
>>> only', 'childfree only' or a 'gay only' training next time? (I subscribe to
>>> support all these causes and peoples sometimes discriminated -- even in my
>>> OWASP hat but not in a discriminatory way.)
>>>
>>>
>>>
>>> Your thoughts?
>>>
>>>
>>>
>>> Current reference: https://telaviv.appsecglobal.org/registration/
>>>
>>>
>>>
>>> Timur
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>> This message may contain confidential information - you should handle it
>> accordingly.
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20190317/2e67533e/attachment-0001.html>


More information about the OWASP-Leaders mailing list