<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">“The hottest places in hell are
      reserved for those who, in times of great moral crisis, maintain
      their neutrality.”<br>
      <br>
      ― John F. Kennedy <br>
      <br>
      On 05/01/14 18:38, Bev Corwin wrote:<br>
    </div>
    <blockquote
cite="mid:CAKHF8GGSVXSSjqShSoV+w8r-3Zdew1fonCNCy3icu6Df0OMD9A@mail.gmail.com"
      type="cite">
      <div dir="ltr">For the record, my 2 cents: I support this "OWASP
        without borders", non political approach:
        <div><br>
        </div>
        <div><span style="font-family:arial,sans-serif;font-size:13px">"OWASP
            is a vendor-neutral, community-driven organization and its
            participation in any conference or program does not means
            endorsement or approval of any kind for products or business
            practices. OWASP participation is meant to 'make security
            visible' as stated in the OWASP chart. OWASP repudiates all
            activities that can decrease the security of IT systems."</span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>
          </span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px">Bev</span></div>
        <div><span style="font-family:arial,sans-serif;font-size:13px"><br>
          </span></div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Sun, Jan 5, 2014 at 12:29 PM, Lucas
          Ferreira <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Hello everyone,
              <div><br>
              </div>
              <div>while I personally would rather not see OWASP in RSA,
                I have to admit that I was there last year and saw the
                room full of people when Eoin and Manico did their
                training. I agree this is a great opportunity.</div>
              <div><br>
              </div>
              <div>I also feel that the more hardcore security and
                crypto people will be less present at RSAC this year and
                this increases the possibility of reaching out of the
                community. This means that if we have a full room this
                year, we will probably have more non-security people
                that last year.</div>
              <div><br>
              </div>
              <div>So I was at the same time more willing to say the
                talk should be cancelled but worrying about loosing such
                an opportunity. To me we could get a more balanced
                approach if the training clearly included a disclaimer
                that we do not endorse any activity that can jeopardize
                the security of IT systems. This would make it clear
                that we are not in the conference because we endorse or
                believe RSA, but because the presentation would help
                OWASP in fulfilling its mission.</div>
              <div><br>
              </div>
              <div>Anyway, when we had presentations at RSAC in the
                past, it was not be be seen as if OWASP endorsed RSA
                products. AFAIK, we have OWASP presentations in
                vendor-organized conferences and are still
                vendor-neutral. To me, this is a sign that, in the past,
                doing a presentation was not seen as an endorsement from
                OWASP.</div>
              <div><br>
              </div>
              <div>In the case of RSAC, I would still like to see a
                clear disclaimer. It could be something like:</div>
              <div><br>
              </div>
              <div>"OWASP is a vendor-neutral, community-driven
                organization and its participation in any conference or
                program does not means endorsement or approval of any
                kind for products or business practices. OWASP
                participation is meant to 'make security visible' as
                stated in the OWASP chart. OWASP repudiates all
                activities that can decrease the security of IT
                systems."</div>
              <div><br>
              </div>
              <div>Regards,</div>
              <div><br>
              </div>
              <div>Lucas</div>
            </div>
            <div class="gmail_extra">
              <div>
                <div class="h5"><br>
                  <br>
                  <div class="gmail_quote">On Sun, Jan 5, 2014 at 8:54
                    AM, L. Gustavo C. Barbato <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:lgbarbato@owasp.org"
                        target="_blank">lgbarbato@owasp.org</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="auto">
                        <div>Keeping discussing philosophy and high
                          ideals, we will never reach a consensus in the
                          time frame we need, so let's let democracy
                          wins the debay.</div>
                        <div>
                          <div>
                            <div><br>
                              On 05/01/2014, at 11:38, Josh Sokol <<a
                                moz-do-not-send="true"
                                href="mailto:josh.sokol@owasp.org"
                                target="_blank">josh.sokol@owasp.org</a>>
                              wrote:<br>
                              <br>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <p dir="ltr">A key differentiator when
                                  we did this free training at AppSecUSA
                                  in Austin and LASCON 2013 is that it
                                  was 100% free and open to all.  No
                                  conference pass was required to
                                  participate.  Since that is not the
                                  case here, and since the training is
                                  only open to RSA attendees, then I
                                  think this demonstrates a much closer
                                  tie between OWASP and RSA than I would
                                  like to see.  I like the idea of
                                  approaching BSides SF and seeing if
                                  maybe they would be interested in
                                  hosting this training for free for the
                                  community at large.  If we can do
                                  that, then I think its the true win
                                  here as we get the visibility to
                                  satisfy our mission and we remove the
                                  negative stigma of being associated
                                  with RSA.</p>
                                <p dir="ltr">I would diaagree, however,
                                  that visibility is only a means to an
                                  end.  Since its in our mission
                                  statement, all of our activities and
                                  prioritizations are required, by law,
                                  to follow that.  And if we ever reach
                                  the point where everyone, everywhere,
                                  knows about application security, then
                                  we can close up shop and move on. 
                                  There is no compromising the end goal
                                  here because, per the mission
                                  statement, visibility is the end
                                  goal.  I'm sorry if that compromises
                                  your principals Sastry but its the
                                  truth about OWASP as a non-profit.</p>
                                <p dir="ltr">~josh</p>
                                <div class="gmail_quote">On Jan 5, 2014
                                  12:32 AM, "Sastry Tumuluri" <<a
                                    moz-do-not-send="true"
                                    href="mailto:sastry.tumuluri@owasp.org"
                                    target="_blank">sastry.tumuluri@owasp.org</a>>
                                  wrote:<br type="attribution">
                                  <blockquote class="gmail_quote"
                                    style="margin:0 0 0
                                    .8ex;border-left:1px #ccc
                                    solid;padding-left:1ex">
                                    1. The immediate focus on RSAC:<br>
                                    No matter how we rationalize, the
                                    fact is that we (OWASP) have<br>
                                    options. This, at worst, is one
                                    missed opportunity. So let us not,
                                    in<br>
                                    our relentless pursuit of
                                    VISIBILITY, compromise on
                                    principles.<br>
                                    <br>
                                    VISIBILITY is a means to an end
                                    (better security, more secure
                                    software<br>
                                    -- which in itself is likely a
                                    never-ending activity). Let us not<br>
                                    compromise on the end-goal while
                                    chasing the means.<br>
                                    <br>
                                    Short term gains (of reaching some
                                    developers) will easily be lost if<br>
                                    we take the low road. Even 300 more
                                    "aware" developers are for naught<br>
                                    if, based on RSAC acceptance, just
                                    one more company feels that the<br>
                                    risks of trucking with NSA/GCHQ and
                                    compromising underlying<br>
                                    foundations are acceptable.<br>
                                    <br>
                                    Is it our job/charter to "convey
                                    such a message"? I believe so.<br>
                                    Conversely, can we say "we merely
                                    advocate tech principles and<br>
                                    educate... this is not for us"? If
                                    we want to be treated as a<br>
                                    responsible member of the ecosystem,
                                    we can't duck like that.<br>
                                    <br>
                                    Related, but a slightly different
                                    perspective: Robert Graham's blog<br>
                                    post on this: <a
                                      moz-do-not-send="true"
                                      href="http://blog.erratasec.com/2014/01/why-we-have-to-boycott-rsa.html"
                                      target="_blank">http://blog.erratasec.com/2014/01/why-we-have-to-boycott-rsa.html</a><br>
                                    <br>
                                    2. The tough world of principles,
                                    ethics, etc:<br>
                                    Jim Manico raised a very pertinent
                                    point regarding sending mixed<br>
                                    messages (=> recognition-of and
                                    consistency-in-applying our<br>
                                    principles). It isn't easy.<br>
                                    <br>
                                    Funding goes to the very heart of
                                    neutrality and ethics. So it is not<br>
                                    so tangential, after all. I know we
                                    shouldn't accept funds or even<br>
                                    projects from NSA, GCHQ, etc.
                                    Whether DHS is to be painted by the
                                    same<br>
                                    brush, I don't know (depends on
                                    internal structure, etc.). Let the<br>
                                    more knowledgeable people decide on
                                    this.<br>
                                    <br>
                                    Chasing "quick results at any cost"
                                    and then splitting hairs on<br>
                                    legality and rationalizations will
                                    not paint us black; but will surely<br>
                                    park us firmly in the gray areas of
                                    ethics. Is that what we want?<br>
                                    <br>
                                    Cheers,<br>
                                    <br>
                                    ==Sas3==<br>
                                    <br>
                                    On Sun, Jan 5, 2014 at 8:33 AM, Josh
                                    Sokol <<a moz-do-not-send="true"
                                      href="mailto:josh.sokol@owasp.org"
                                      target="_blank">josh.sokol@owasp.org</a>>
                                    wrote:<br>
                                    > My apologies in the delay in
                                    responding to this.  I've been on
                                    the road all<br>
                                    > day today and will be slow to
                                    respond tomorrow as well.<br>
                                    ><br>
                                    > First off, let me admit that
                                    while my term hadn't officially
                                    begun yet, I am<br>
                                    > one of the Board members who
                                    encouraged Jim and Eoin to move
                                    forward with<br>
                                    > the training.  My rationale for
                                    this was simple; OWASP's mission is
                                    to make<br>
                                    > software security visible, so
                                    that individuals and organizations
                                    worldwide<br>
                                    > can make informed decisions
                                    about true software security risks.
                                     The core of<br>
                                    > this statement being VISBILITY.
                                     We need to find and take advantage
                                    of as<br>
                                    > many ways as possible to raise
                                    the visibility of security risks.
                                     Our<br>
                                    > mission says nothing about
                                    making political statements.  It
                                    says nothing<br>
                                    > about ethical business
                                    practices.  Our mission can
                                    certainly be amended to<br>
                                    > reflect other imperatives, if
                                    so desired by our membership, but
                                    until that<br>
                                    > day we need to prevent mission
                                    scope creep.<br>
                                    ><br>
                                    > Now, since our mission is
                                    making software security visible, we
                                    simply have<br>
                                    > to ask ourselves if we better
                                    serve this mission by:<br>
                                    ><br>
                                    > 1) Performing a free training
                                    at a major conference, thereby
                                    increasing our<br>
                                    > exposure to people who haven't
                                    heard of OWASP before and
                                    enlightening them<br>
                                    > to software security risks that
                                    they likely were not aware of
                                    before.<br>
                                    ><br>
                                    > 2) Taking a stance against a
                                    company where some evidence may
                                    imply that they<br>
                                    > took a bribe to sacrifice
                                    security in one of their products.<br>
                                    ><br>
                                    > Let me be clear on #2.  I don't
                                    agree that what RSA did is right, if
                                    it is<br>
                                    > true.  In fact, I have made the
                                    explicit decision to not do business
                                    with<br>
                                    > RSA in my day job because there
                                    are many other options out there and
                                    it's<br>
                                    > just not worth the risk.  But
                                    my passive decision to not purchase
                                    from RSA<br>
                                    > is very different than OWASP
                                    reneging on our agreement and making
                                    a public<br>
                                    > statement about their ethics.<br>
                                    ><br>
                                    > So, given these two options, my
                                    gut is that OWASP's mission will be
                                    best<br>
                                    > served by #1.  It doesn't mean
                                    that we're supporting RSA.  It
                                    doesn't mean<br>
                                    > that we agree with unethical
                                    business practices.  It just means
                                    that we are<br>
                                    > doing the best we can to make
                                    application security visible.  If
                                    that means<br>
                                    > piggy-backing on the massive
                                    marketing effort they put into the
                                    conference<br>
                                    > or the infrastructure that
                                    supports it, I'm ok with that.  I
                                    understand that<br>
                                    > others may object to this on
                                    ethical grounds, and that's fine,
                                    but as a<br>
                                    > non-profit organization, we
                                    have a mandate to stay true to our
                                    mission, not<br>
                                    > to speak out against whatever
                                    the latest security headline is.<br>
                                    ><br>
                                    > I do have one question about
                                    this training for clarification.
                                     The training<br>
                                    > is FREE for anyone who would
                                    like to attend and not just for RSA
                                    attendees,<br>
                                    > correct?  My assumption is the
                                    former, but if the latter, this
                                    changes<br>
                                    > things significantly in my
                                    opinion.<br>
                                    ><br>
                                    > ~josh<br>
                                    ><br>
                                    ><br>
                                    > On Sat, Jan 4, 2014 at 5:40 PM,
                                    Eoin Keary <<a
                                      moz-do-not-send="true"
                                      href="mailto:eoin.keary@owasp.org"
                                      target="_blank">eoin.keary@owasp.org</a>>
                                    wrote:<br>
                                    >><br>
                                    >> Good point.<br>
                                    >> Bottom line is we want
                                    people to build secure code.
                                    Delivering this<br>
                                    >> message under the same roof
                                    as RSA does not dilute the quality
                                    of the class<br>
                                    >> delivered.<br>
                                    >> There is no black and
                                    white, only shades of grey :)<br>
                                    >><br>
                                    >><br>
                                    >> Eoin Keary<br>
                                    >> Owasp Global Board<br>
                                    >> <a moz-do-not-send="true"
href="tel:%2B353%2087%20977%202988" value="+353879772988"
                                      target="_blank">+353 87 977 2988</a><br>
                                    >><br>
                                    >><br>
                                    >> On 4 Jan 2014, at 23:36,
                                    Jim Manico <<a
                                      moz-do-not-send="true"
                                      href="mailto:jim.manico@owasp.org"
                                      target="_blank">jim.manico@owasp.org</a>>
                                    wrote:<br>
                                    >><br>
                                    >> > Another issue that is
                                    tangential.<br>
                                    >> ><br>
                                    >> > We are applying for
                                    several big money DHS grants. These
                                    help keep the<br>
                                    >> > foundation running.<br>
                                    >> ><br>
                                    >> > Should be reject all
                                    of these grants because of the
                                    Snowden affair? It<br>
                                    >> > we abort RSA but
                                    continue to take DHS money, then we
                                    send a mixed message.<br>
                                    >> ><br>
                                    >> > Aloha,<br>
                                    >> > Jim<br>
                                    >> ><br>
                                    >> >> I strongly support
                                    Sastry on this one.<br>
                                    >> >><br>
                                    >> >> You might be
                                    participating as individuals, but
                                    people see you guys as<br>
                                    >> >> the OWASP Board,
                                    and that’s something that many of us
                                    don’t like to be the<br>
                                    >> >> image of OWASP.<br>
                                    >> >><br>
                                    >> >> Thanks<br>
                                    >> >> -Abbas<br>
                                    >> >> On Jan 4, 2014, at
                                    1:18 PM, Eoin Keary <<a
                                      moz-do-not-send="true"
                                      href="mailto:eoin.keary@owasp.org"
                                      target="_blank">eoin.keary@owasp.org</a>>
                                    wrote:<br>
                                    >> >><br>
                                    >> >>> To be clear,
                                    there was no recorded vote on this
                                    but a debate.<br>
                                    >> >>><br>
                                    >> >>> I started the
                                    debate after reading about Mikko.
                                    (Even though I was<br>
                                    >> >>> delivering the
                                    training with Jim and it is my
                                    material).<br>
                                    >> >>><br>
                                    >> >>> The majority
                                    of board of OWASP feels getting
                                    involved in politics is<br>
                                    >> >>> wrong and
                                    wanted to push ahead with the
                                    training.<br>
                                    >> >>><br>
                                    >> >>> So if feelings
                                    are strong we need to vote on this
                                    ASAP? as leaders of<br>
                                    >> >>> OWASP. A
                                    formal board vote? Executive
                                    decision from Sarah, our executive<br>
                                    >> >>> director.<br>
                                    >> >>><br>
                                    >> >>><br>
                                    >> >>><br>
                                    >> >>> Eoin Keary<br>
                                    >> >>> Owasp Global
                                    Board<br>
                                    >> >>> <a
                                      moz-do-not-send="true"
                                      href="tel:%2B353%2087%20977%202988"
                                      value="+353879772988"
                                      target="_blank">+353 87 977 2988</a><br>
                                    >> >>><br>
                                    >> >>><br>
                                    >> >>> On 4 Jan 2014,
                                    at 16:48, Sastry Tumuluri <<a
                                      moz-do-not-send="true"
                                      href="mailto:sastry.tumuluri@owasp.org"
                                      target="_blank">sastry.tumuluri@owasp.org</a>><br>
                                    >> >>> wrote:<br>
                                    >> >>><br>
                                    >> >>>> Friends,<br>
                                    >> >>>><br>
                                    >> >>>> Please see
                                    the following full conversation on
                                    twitter:<br>
                                    >> >>>> <a
                                      moz-do-not-send="true"
                                      href="https://twitter.com/EoinKeary/status/419111748424454145"
                                      target="_blank">https://twitter.com/EoinKeary/status/419111748424454145</a><br>
                                    >> >>>><br>
                                    >> >>>> Eoin Keary
                                    and Jim Manico (both OWASP board
                                    members) will be<br>
                                    >> >>>>
                                    presenting/conducting 4 hrs of
                                    free-of-cost AppSec training at the
                                    RSA<br>
                                    >> >>>>
                                    Conference, 2014. Michael Coates,
                                    Chairman of the OWASP Board is also
                                    said<br>
                                    >> >>>> to be
                                    present. Apparently, this was
                                    discussed at the OWASP board level;
                                    and<br>
                                    >> >>>> the board
                                    has decided to go ahead, keeping in
                                    mind the benefit to the<br>
                                    >> >>>> attending
                                    developers.<br>
                                    >> >>>><br>
                                    >> >>>> As you are
                                    aware, RSA is strongly suspected
                                    (we'll never be 100%<br>
                                    >> >>>> sure, I'm
                                    afraid) of being complicit with NSA
                                    in enabling fatal weakening of<br>
                                    >> >>>> crypto
                                    products. RSA has issued a sort of a
                                    denial that only deepens the<br>
                                    >> >>>> mistrust.
                                    As a protest, many leading speakers
                                    are cancelling their talks at<br>
                                    >> >>>> the
                                    upcoming RSAC 2014. Among them are
                                    (to my knowledge) Mikko Hypponen,<br>
                                    >> >>>> Jeffrey
                                    Carr and Josh Thomas.<br>
                                    >> >>>><br>
                                    >> >>>> At such a
                                    time, I am saddened by the OWASP
                                    board decision to support<br>
                                    >> >>>> RSAC by
                                    their presence. At a time when they
                                    had the opportunity to let the<br>
                                    >> >>>> world know
                                    how much they care for the
                                    Information Security profession
                                    (esp.,<br>
                                    >> >>>> against
                                    weakening crypto); and how much they
                                    care about the privacy of<br>
                                    >> >>>> people
                                    (against NSA's unabashed spying on
                                    Americans & non-Americans
                                    alike),<br>
                                    >> >>>> the board
                                    has copped out using a flimsy
                                    rationalization ("benefit of (a few)<br>
                                    >> >>>>
                                    developers", many of who would
                                    rethink their attendance had OWASP
                                    and more<br>
                                    >> >>>>
                                    organizations didn't blink!").<br>
                                    >> >>>><br>
                                    >> >>>> I'm sure
                                    there was a heated debate. I'm sure
                                    all angles were<br>
                                    >> >>>>
                                    considered. However, this goes too
                                    deep for me to take it as "better
                                    men<br>
                                    >> >>>> than me
                                    have considered and decided". As a
                                    matter of my personal values, if<br>
                                    >> >>>> the
                                    situation doesn't change, I would no
                                    longer wish to continue as the<br>
                                    >> >>>> OWASP
                                    Chapter Lead. Please let me know if
                                    any of you would like to take over<br>
                                    >> >>>> from me.<br>
                                    >> >>>><br>
                                    >> >>>> I will
                                    also share my feelings with fellow
                                    chapter members at our next<br>
                                    >> >>>> chapter
                                    meeting on Jan 21st. Needless to
                                    say, no matter how things go, I<br>
                                    >> >>>> remain
                                    committed to the principles of our
                                    open and open-source infosec<br>
                                    >> >>>> community.<br>
                                    >> >>>><br>
                                    >> >>>> Best
                                    regards,<br>
                                    >> >>>><br>
                                    >> >>>> ==Sas3==<br>
                                    >> >>>
                                    _______________________________________________<br>
                                    >> >>> OWASP-Leaders
                                    mailing list<br>
                                    >> >>> <a
                                      moz-do-not-send="true"
                                      href="mailto:OWASP-Leaders@lists.owasp.org"
                                      target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                    >> >>> <a
                                      moz-do-not-send="true"
                                      href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                      target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                    >> >><br>
                                    >> >><br>
                                    >> >><br>
                                    >> >><br>
                                    >> >>
                                    _______________________________________________<br>
                                    >> >> OWASP-Leaders
                                    mailing list<br>
                                    >> >> <a
                                      moz-do-not-send="true"
                                      href="mailto:OWASP-Leaders@lists.owasp.org"
                                      target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                    >> >> <a
                                      moz-do-not-send="true"
                                      href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                      target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                    >> ><br>
                                    >>
                                    _______________________________________________<br>
                                    >> Owasp-board mailing list<br>
                                    >> <a moz-do-not-send="true"
href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
                                    >> <a moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/owasp-board"
                                      target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                                    ><br>
                                    ><br>
                                    ><br>
                                    >
                                    _______________________________________________<br>
                                    > OWASP-Leaders mailing list<br>
                                    > <a moz-do-not-send="true"
                                      href="mailto:OWASP-Leaders@lists.owasp.org"
                                      target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                    > <a moz-do-not-send="true"
                                      href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                      target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                    ><br>
                                  </blockquote>
                                </div>
                              </div>
                            </blockquote>
                            <blockquote type="cite">
                              <div><span>_______________________________________________</span><br>
                                <span>OWASP-Leaders mailing list</span><br>
                                <span><a moz-do-not-send="true"
                                    href="mailto:OWASP-Leaders@lists.owasp.org"
                                    target="_blank">OWASP-Leaders@lists.owasp.org</a></span><br>
                                <span><a moz-do-not-send="true"
                                    href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                                    target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                              </div>
                            </blockquote>
                          </div>
                        </div>
                      </div>
                      <br>
                      _______________________________________________<br>
                      OWASP-Leaders mailing list<br>
                      <a moz-do-not-send="true"
                        href="mailto:OWASP-Leaders@lists.owasp.org"
                        target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                      <a moz-do-not-send="true"
                        href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                        target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                      <br>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <div><br>
                  </div>
                </div>
              </div>
              <span class="HOEnZb"><font color="#888888">-- <br>
                  Homo sapiens non urinat in ventum.
                </font></span></div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
              target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>