<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">+1 <br>
      <br>
      On 1/5/14, 12:49 AM, Dennis Groves wrote:<br>
    </div>
    <blockquote
cite="mid:CADWsQ8TnW5xyUcG55d+JnYu=RJvzmArRU4VO0S=VLWrxKF6ydQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Indeed, everywhere I look on RSA's website it is
        heavily branded as OWASP. The slides are currently branded as
        OWASP.  We are sending our board members??? 
        <div><br>
        </div>
        <div>RSA are no better than criminals at this point; it is
          obvious why they want the OWASP brand associated with their
          brand; why in the world do we want our brand sullied by their
          less that above board reputation?</div>
        <div><br>
        </div>
        <div>I am starting to disagree more and more with this, I just
          fail to see what good for OWASP can come from lying down with
          a dog full of fleas.</div>
        <div><br>
        </div>
        <div>Dennis</div>
      </div>
      <div class="gmail_extra">
        <br>
        <br>
        <div class="gmail_quote">On Sat, Jan 4, 2014 at 1:26 PM, Eoin
          Keary <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="auto">
              <div>Thanks please keep letting us know your feelings on
                this. </div>
              <div><br>
              </div>
              <div>Id like to hear from our executive director and other
                board members also please?</div>
              <div class="im">
                <div><br>
                </div>
                <div><br>
                </div>
                <div><br>
                  Eoin Keary
                  <div>Owasp Global Board</div>
                  <div><a moz-do-not-send="true"
                      href="tel:%2B353%2087%20977%202988"
                      value="+353879772988" target="_blank">+353 87 977
                      2988</a></div>
                  <div><br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <div>
                    <br>
                    On 4 Jan 2014, at 19:59, Larry Conklin <<a
                      moz-do-not-send="true"
                      href="mailto:larry.conklin@owasp.org"
                      target="_blank">larry.conklin@owasp.org</a>>
                    wrote:<br>
                    <br>
                  </div>
                  <blockquote type="cite">
                    <div>
                      <div dir="ltr">
                        <p class="MsoNormal">I totally support Eoin and
                          Jim with Michael on giving free
                          training at RSA convetion. Seems we have two
                          very clear-cut issues at hand. In
                          fact I want to thank then for being willing to
                          take time away from their work,
                          families in doing this.</p>
                        <p class="MsoNormal"> </p>
                        <p class="MsoNormal">First issue is security
                          training. In wake of the Target data
                          breach, which I am caught up in, this should
                          be OWASP first mission, “
                          disseminate security principles and
                          information to everyone, especially
                          software deveopers,CEO’s and CIO’s”. This is
                          what they are doing. We should all
                          get behind them and thank them for their
                          willniess to do exactly this.</p>
                        <p class="MsoNormal"> </p>
                        <p class="MsoNormal">Second issue is NSA issue.
                          I realize the OWASP is an
                          internation origazation. But the NSA issue is
                          an American issue. Granted the
                          resolution with be influenced by internation
                          pressure and our own (American) political,
                          judicial systems and (American and
                          Internation) free enterprise capital markets.
                          How that will work out I am unsure of. I can
                          say with some certainity that the
                          resolution will not to everyones satisfaction.
                        </p>
                        <p class="MsoNormal"> </p>
                        <p class="MsoNormal">The idea that saying
                          something in front of an origanization
                          like RSA is saying you fully support
                          everything they do and say is without
                          merit and an over reach. Working for BP Oil
                          does not mean you favior private
                          enterprise over environmental safety. </p>
                        <p class="MsoNormal"><br>
                        </p>
                        <p class="MsoNormal">Larry Conklin, CISSP</p>
                      </div>
                      <div class="gmail_extra"><br>
                        <br>
                        <div class="gmail_quote">On Sat, Jan 4, 2014 at
                          1:31 PM, John Wilander <span dir="ltr"><<a
                              moz-do-not-send="true"
                              href="mailto:john.wilander@owasp.org"
                              target="_blank">john.wilander@owasp.org</a>></span>
                          wrote:<br>
                          <blockquote class="gmail_quote"
                            style="margin:0 0 0 .8ex;border-left:1px
                            #ccc solid;padding-left:1ex">
                            <div dir="auto">
                              <div>My personal view as a longtime
                                community member …</div>
                              <div><br>
                              </div>
                              <div>I would like OWASP to cancel the
                                developer training and any other
                                official presence at this year's RSA
                                Con.</div>
                              <div><br>
                              </div>
                              <div>You might argue the NSA revelations
                                are politics. I disagree. This is
                                technology, standards, research,
                                business, and politics in a disastrous
                                cocktail. Global mass surveillance and
                                weakened crypto are things we used to
                                talk about as worst case scenarios,
                                remember? Others would call us
                                paranoids.</div>
                              <div><br>
                              </div>
                              <div>Now we know. This is earthshakingly
                                bad, at the core of what OWASP stands
                                for.</div>
                              <div><br>
                              </div>
                              <div>Our brand is strong. We're
                                independent, community-driven and
                                global. This is our chance to show we're
                                better than RSA and our conference
                                series OWASP AppSec is a better place to
                                give talks and meet peers.</div>
                              <div><br>
                              </div>
                              <div>Don't support RSA until they come
                                clean. Please.</div>
                              <span><font color="#888888">
                                  <div><br>
                                  </div>
                                  <div>/John</div>
                                  <div><br>
                                    <div>-- </div>
                                    <div>Twitter <a
                                        moz-do-not-send="true"
                                        href="https://twitter.com/johnwilander"
                                        target="_blank">https://twitter.com/johnwilander</a></div>
                                    <div>CV or Résumé <a
                                        moz-do-not-send="true"
                                        href="http://johnwilander.se"
                                        target="_blank">http://johnwilander.se</a></div>
                                  </div>
                                  <div><br>
                                    4 jan 2014 kl. 19:42 skrev Eoin
                                    Keary <<a moz-do-not-send="true"
                                      href="mailto:eoin.keary@owasp.org"
                                      target="_blank">eoin.keary@owasp.org</a>>:<br>
                                    <br>
                                  </div>
                                </font></span>
                              <div>
                                <div>
                                  <blockquote type="cite">
                                    <div>
                                      <div>we are participating as
                                        OWASP.</div>
                                      <div>OWASP was asked to do this
                                        initially by RSA.</div>
                                      <div>Our material has no personal
                                        or company branding but OWASP
                                        branding.</div>
                                      <div>Thanks for feedback.</div>
                                      <div><br>
                                        <br>
                                        Eoin Keary
                                        <div>Owasp Global Board</div>
                                        <div><a moz-do-not-send="true"
                                            href="tel:%2B353%2087%20977%202988"
                                            value="+353879772988"
                                            target="_blank">+353 87 977
                                            2988</a></div>
                                        <div><br>
                                        </div>
                                      </div>
                                      <div><br>
                                        On 4 Jan 2014, at 18:24, Abbas
                                        Naderi <<a
                                          moz-do-not-send="true"
                                          href="mailto:abbas.naderi@owasp.org"
                                          target="_blank">abbas.naderi@owasp.org</a>>
                                        wrote:<br>
                                        <br>
                                      </div>
                                      <blockquote type="cite">
                                        <div>I strongly support Sastry
                                          on this one.
                                          <div>
                                            <br>
                                          </div>
                                          <div>You might be
                                            participating as
                                            individuals, but people see
                                            you guys as the OWASP Board,
                                            and that’s something that
                                            many of us don’t like to be
                                            the image of OWASP.</div>
                                          <div><br>
                                          </div>
                                          <div>Thanks</div>
                                          <div>-Abbas<br>
                                            <div>
                                              <div>On Jan 4, 2014, at
                                                1:18 PM, Eoin Keary <<a
                                                  moz-do-not-send="true"
href="mailto:eoin.keary@owasp.org" target="_blank">eoin.keary@owasp.org</a>>
                                                wrote:</div>
                                              <br>
                                              <blockquote type="cite">
                                                <div dir="auto">
                                                  <div>To be clear,
                                                    there was no
                                                    recorded vote on
                                                    this but a debate.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>I started the
                                                    debate after reading
                                                    about Mikko. (Even
                                                    though I was
                                                    delivering the
                                                    training with Jim
                                                    and it is my
                                                    material).</div>
                                                  <div><br>
                                                  </div>
                                                  <div>The majority of
                                                    board of OWASP feels
                                                    getting involved in
                                                    politics is wrong
                                                    and wanted to push
                                                    ahead with the
                                                    training.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>So if feelings
                                                    are strong we need
                                                    to vote on this
                                                    ASAP? as leaders of
                                                    OWASP. A formal
                                                    board vote?
                                                    Executive decision
                                                    from Sarah, our
                                                    executive director. </div>
                                                  <div><br>
                                                  </div>
                                                  <div><br>
                                                    <br>
                                                    Eoin Keary
                                                    <div>
                                                      Owasp Global Board</div>
                                                    <div><a
                                                        moz-do-not-send="true"
href="tel:%2B353%2087%20977%202988" value="+353879772988"
                                                        target="_blank">+353
                                                        87 977 2988</a></div>
                                                    <div><br>
                                                    </div>
                                                  </div>
                                                  <div><br>
                                                    On 4 Jan 2014, at
                                                    16:48, Sastry
                                                    Tumuluri <<a
                                                      moz-do-not-send="true"
href="mailto:sastry.tumuluri@owasp.org" target="_blank">sastry.tumuluri@owasp.org</a>>
                                                    wrote:<br>
                                                    <br>
                                                  </div>
                                                  <blockquote
                                                    type="cite">
                                                    <div dir="ltr">
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">Friends,</div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">
                                                        Please see the
                                                        following full
                                                        conversation on
                                                        twitter: </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><a moz-do-not-send="true"
                                                          href="https://twitter.com/EoinKeary/status/419111748424454145"
target="_blank">https://twitter.com/EoinKeary/status/419111748424454145</a></div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">Eoin Keary and Jim Manico (both
                                                        OWASP board
                                                        members) will be
                                                        presenting/conducting
                                                        4 hrs of
                                                        free-of-cost
                                                        AppSec training
                                                        at the RSA
                                                        Conference,
                                                        2014. Michael
                                                        Coates, Chairman
                                                        of the OWASP
                                                        Board is also
                                                        said to be
                                                        present.
                                                        Apparently, this
                                                        was discussed at
                                                        the OWASP board
                                                        level; and the
                                                        board has
                                                        decided to go
                                                        ahead, keeping
                                                        in mind the
                                                        benefit to the
                                                        attending
                                                        developers.</div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">As you are aware, RSA is strongly
                                                        suspected (we'll
                                                        never be 100%
                                                        sure, I'm
                                                        afraid) of being
                                                        complicit with
                                                        NSA in enabling
                                                        fatal weakening
                                                        of crypto
                                                        products. RSA
                                                        has issued a
                                                        sort of a denial
                                                        that only
                                                        deepens the
                                                        mistrust. As a
                                                        protest, many
                                                        leading speakers
                                                        are cancelling
                                                        their talks at
                                                        the upcoming
                                                        RSAC 2014. Among
                                                        them are (to my
                                                        knowledge) Mikko
                                                        Hypponen,
                                                        Jeffrey Carr and
                                                        Josh Thomas.</div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">At such a time, I am saddened by
                                                        the OWASP board
                                                        decision to
                                                        support RSAC by
                                                        their presence.
                                                        At a time when
                                                        they had the
                                                        opportunity to
                                                        let the world
                                                        know how much
                                                        they care for
                                                        the Information
                                                        Security
                                                        profession
                                                        (esp., against
                                                        weakening
                                                        crypto); and how
                                                        much they care
                                                        about the
                                                        privacy of
                                                        people (against
                                                        NSA's unabashed
                                                        spying on
                                                        Americans &
                                                        non-Americans
                                                        alike), the
                                                        board has copped
                                                        out using a
                                                        flimsy
                                                        rationalization
                                                        ("benefit of (a
                                                        few)
                                                        developers",
                                                        many of who
                                                        would rethink
                                                        their attendance
                                                        had OWASP and
                                                        more
                                                        organizations
                                                        didn't
                                                        blink!"). </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">I'm sure there was a heated
                                                        debate. I'm sure
                                                        all angles were
                                                        considered.
                                                        However, this
                                                        goes too deep
                                                        for me to take
                                                        it as "better
                                                        men than me have
                                                        considered and
                                                        decided". As a
                                                        matter of my
                                                        personal values,
                                                        if the situation
                                                        doesn't change,
                                                        I would no
                                                        longer wish to
                                                        continue as the
                                                        OWASP Chapter
                                                        Lead. Please let
                                                        me know if any
                                                        of you would
                                                        like to take
                                                        over from me. </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">I will also share my feelings with
                                                        fellow chapter
                                                        members at our
                                                        next chapter
                                                        meeting on Jan
                                                        21st. Needless
                                                        to say, no
                                                        matter how
                                                        things go, I
                                                        remain committed
                                                        to the
                                                        principles of
                                                        our open and
                                                        open-source
                                                        infosec
                                                        community.</div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif"><br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">Best regards,</div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">
                                                        <br>
                                                      </div>
                                                      <div
                                                        class="gmail_default"
style="font-family:tahoma,sans-serif">==Sas3==</div>
                                                    </div>
                                                  </blockquote>
                                                </div>
_______________________________________________<br>
                                                OWASP-Leaders mailing
                                                list<br>
                                                <a
                                                  moz-do-not-send="true"
href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                                <a
                                                  moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                                  target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                              </blockquote>
                                            </div>
                                            <br>
                                          </div>
                                        </div>
                                      </blockquote>
                                    </div>
                                  </blockquote>
                                  <blockquote type="cite">
                                    <div><span>_______________________________________________</span><br>
                                      <span>OWASP-Leaders mailing list</span><br>
                                      <span><a moz-do-not-send="true"
                                          href="mailto:OWASP-Leaders@lists.owasp.org"
                                          target="_blank">OWASP-Leaders@lists.owasp.org</a></span><br>
                                      <span><a moz-do-not-send="true"
                                          href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                          target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                                    </div>
                                  </blockquote>
                                </div>
                              </div>
                            </div>
                            <br>
_______________________________________________<br>
                            OWASP-Leaders mailing list<br>
                            <a moz-do-not-send="true"
                              href="mailto:OWASP-Leaders@lists.owasp.org"
                              target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                            <a moz-do-not-send="true"
                              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                            <br>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                    </div>
                  </blockquote>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            Owasp-board mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-board"
              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <span style="background-color:rgb(255,255,255)"><span
            style="font-family:verdana,sans-serif"><font size="1"><span
                style="border-collapse:collapse"><a
                  moz-do-not-send="true"
                  href="http://about.me/dennis.groves" target="_blank">Dennis
                  Groves</a>, MSc</span></font></span></span>
        <div>
          <span style="background-color:rgb(255,255,255)"><span
              style="font-family:verdana,sans-serif"><font size="1"><span
                  style="border-collapse:collapse"><a
                    moz-do-not-send="true"
                    href="mailto:dennis.groves@owasp.org"
                    target="_blank">Email me,</a> or <a
                    moz-do-not-send="true" href="http://goo.gl/8sPIy"
                    target="_blank">schedule a meeting</a>.<br>
                </span></font></span></span></div>
        <div>
          <div style="text-align:left"><i><span
                style="background-color:rgb(255,255,255)"><span
                  style="font-family:verdana,sans-serif"><font size="1">This
                    email is licensed under a <a moz-do-not-send="true"
                      rel="license"
                      href="http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB"
                      target="_blank">CC BY-ND 3.0</a> <font size="1">license</font>.</font></span></span></i></div>
          <div style="text-align:left"><span
              style="font-family:verdana,sans-serif"><font size="1"><font
                  color="#999999"><span style="border-collapse:collapse"><span
                      style="color:rgb(0,0,0)"><span
                        style="background-color:rgb(255,255,0)"><a
                          moz-do-not-send="true"
                          href="http://www.fsf.org/campaigns/secure-boot/statement"
                          target="_blank">Stand up for your freedom to
                          install free software.</a></span></span><br>
                  </span></font></font></span><span
              style="font-family:verdana,sans-serif"><font size="1"><font
                  color="#999999"><span style="border-collapse:collapse"><span
                      style="color:rgb(102,102,102)">Please do not send
                      me Microsoft Office/Apple iWork documents. <br>
                      Send <a moz-do-not-send="true"
                        href="http://fsf.org/campaigns/opendocument/"
                        target="_blank">OpenDocument</a> instead!</span><br>
                    <br>
                  </span></font></font></span>
            <div style="text-align:left"><span
                style="font-family:verdana,sans-serif"><font size="1"><font
                    color="#999999"><span
                      style="border-collapse:collapse"><a
                        moz-do-not-send="true"
                        href="http://www.owasp.org/" target="_blank"><img
                          moz-do-not-send="true"
                          src="http://www.owasp.org/skins/monobook/ologo.png"
                          height="36" width="200"></a></span></font></font></span><br>
            </div>
            <span style="font-family:verdana,sans-serif"></span></div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>