<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Michael is giving the training, too? <br>
      I thought it's only Jim and you (Eoin)?<br>
      <br>
      *Scratch my head* about the conflict of interest: You are probably
      right. :-( <br>
      Which is very unfortunate as this decision can have a dimension
      that may imply an "OWASP statement" about RSA's actions - far
      beyond the simple scope of whether OWASP is paying for someone's
      trip to RSA. <br>
      It seems, if we do it, x people will read this as support for
      RSA's actions; and if we cancel, y people will read this as a
      statement of disapproval of RSA's actions. <br>
      <br>
      Best regards, Tobias<br>
      <br>
      <br>
      Tobias Gondrom<br>
      OWASP Global Board Member<br>
      <br>
      <br>
      <br>
      On 04/01/14 22:24, Eoin Keary wrote:<br>
    </div>
    <blockquote
      cite="mid:398E5716-C2F1-4CC5-ACBD-7FC4916A126E@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div>Problem is, 3 of the board are actually delivering the class.
        So conflict of interest is there? So if vote is the way to go,
        id suggest we (3) abstain from the vote.</div>
      <div><br>
      </div>
      <div><br>
        Eoin Keary
        <div>Owasp Global Board</div>
        <div>+353 87 977 2988</div>
        <div><br>
        </div>
      </div>
      <div><br>
        On 4 Jan 2014, at 21:59, Tobias <<a moz-do-not-send="true"
          href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <meta content="text/html; charset=UTF-8"
            http-equiv="Content-Type">
          <div class="moz-cite-prefix">On 04/01/14 18:18, Eoin Keary
            wrote:<br>
          </div>
          <blockquote
            cite="mid:466FD2C8-A84A-485D-8B54-D9BA12E8F8A0@owasp.org"
            type="cite">
            <meta http-equiv="content-type" content="text/html;
              charset=UTF-8">
            <div>To be clear, there was no recorded vote on this but a
              debate.</div>
            <div><br>
            </div>
            <div>I started the debate after reading about Mikko. (Even
              though I was delivering the training with Jim and it is my
              material).</div>
            <div><br>
            </div>
            <div>The majority of board of OWASP feels getting involved
              in politics is wrong and wanted to push ahead with the
              training.</div>
            <div><br>
            </div>
            <div>So if feelings are strong we need to vote on this ASAP?
              as leaders of OWASP. A formal board vote? Executive
              decision from Sarah, our executive director. </div>
            <div><br>
            </div>
          </blockquote>
          <br>
          If we have to make a decision about this as a community, I
          expect this to be voted on by the board following the guidance
          and input from all community members. <br>
          <br>
          - Tobias<br>
          <br>
          <br>
          <blockquote
            cite="mid:466FD2C8-A84A-485D-8B54-D9BA12E8F8A0@owasp.org"
            type="cite">
            <div><br>
              <br>
              Eoin Keary
              <div>Owasp Global Board</div>
              <div>+353 87 977 2988</div>
              <div><br>
              </div>
            </div>
            <div><br>
              On 4 Jan 2014, at 16:48, Sastry Tumuluri <<a
                moz-do-not-send="true"
                href="mailto:sastry.tumuluri@owasp.org">sastry.tumuluri@owasp.org</a>>

              wrote:<br>
              <br>
            </div>
            <blockquote type="cite">
              <div>
                <div dir="ltr">
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">Friends,</div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"> Please see
                    the following full conversation on twitter: </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><a
                      moz-do-not-send="true"
                      href="https://twitter.com/EoinKeary/status/419111748424454145"
                      target="_blank">https://twitter.com/EoinKeary/status/419111748424454145</a></div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">Eoin Keary and
                    Jim Manico (both OWASP board members) will be
                    presenting/conducting 4 hrs of free-of-cost AppSec
                    training at the RSA Conference, 2014. Michael
                    Coates, Chairman of the OWASP Board is also said to
                    be present. Apparently, this was discussed at the
                    OWASP board level; and the board has decided to go
                    ahead, keeping in mind the benefit to the attending
                    developers.</div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">As you are
                    aware, RSA is strongly suspected (we'll never be
                    100% sure, I'm afraid) of being complicit with NSA
                    in enabling fatal weakening of crypto products. RSA
                    has issued a sort of a denial that only deepens the
                    mistrust. As a protest, many leading speakers are
                    cancelling their talks at the upcoming RSAC 2014.
                    Among them are (to my knowledge) Mikko Hypponen,
                    Jeffrey Carr and Josh Thomas.</div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">At such a
                    time, I am saddened by the OWASP board decision to
                    support RSAC by their presence. At a time when they
                    had the opportunity to let the world know how much
                    they care for the Information Security profession
                    (esp., against weakening crypto); and how much they
                    care about the privacy of people (against NSA's
                    unabashed spying on Americans & non-Americans
                    alike), the board has copped out using a flimsy
                    rationalization ("benefit of (a few) developers",
                    many of who would rethink their attendance had OWASP
                    and more organizations didn't blink!"). </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">I'm sure there
                    was a heated debate. I'm sure all angles were
                    considered. However, this goes too deep for me to
                    take it as "better men than me have considered and
                    decided". As a matter of my personal values, if the
                    situation doesn't change, I would no longer wish to
                    continue as the OWASP Chapter Lead. Please let me
                    know if any of you would like to take over from me. </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">I will also
                    share my feelings with fellow chapter members at our
                    next chapter meeting on Jan 21st. Needless to say,
                    no matter how things go, I remain committed to the
                    principles of our open and open-source infosec
                    community.</div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"><br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">Best regards,</div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif"> <br>
                  </div>
                  <div class="gmail_default"
                    style="font-family:tahoma,sans-serif">==Sas3==</div>
                </div>
              </div>
            </blockquote>
            <br>
            <fieldset class="mimeAttachmentHeader"></fieldset>
            <br>
            <pre wrap="">_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
          </blockquote>
          <br>
        </div>
      </blockquote>
    </blockquote>
    <br>
  </body>
</html>