<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Jerry,<br>
    <br>
    I'm a fan of OWASP taking technical stands such as the IAB Statement
    on Internet Confidentiality
    <a class="moz-txt-link-freetext" href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/">https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/</a>
    and similar. <br>
    <br>
    What our 501(c)(3) foundation needs to to steer clear of from my
    understanding is...<br>
    <br>
    1) ... not to engage in political campaigning<br>
    2) ... not to attempt to influence legislation as a substantial part
    of our activities<br>
    <br>
    I am no fan of NACL's but this is a very important topic.<br>
    <br>
    The exact quote from the IRS is
(<a class="moz-txt-link-freetext" href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations)">http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations)</a><br>
    <br>
    <meta charset="utf-8">
    <span style="color: rgb(0, 0, 0); font-family: sans-serif;
      font-size: 13px; font-style: normal; font-variant: normal;
      font-weight: normal; letter-spacing: normal; line-height:
      16.0029983520508px; orphans: auto; text-align: start; text-indent:
      0px; text-transform: none; white-space: normal; widows: 1;
      word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
      !important; float: none; background-color: rgb(255, 255, 255);">"...it
      may not attempt to influence legislation as a substantial part of
      its activities and it may not participate in any campaign activity
      for or against political candidates..."</span><br>
    <br>
    So as long as our "official foundation statement" on this matter
    steers clear of these issues, I will support it.<br>
    <br>
    We will be discussing this at the June 24th meeting, I hope you can
    make it.<br>
    <br>
    <a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
    <br>
    Aloha,<br>
    Jim<br>
    <br>
    <div class="moz-cite-prefix">On 6/21/15 3:16 PM, Jerry Hoff wrote:<br>
    </div>
    <blockquote
      cite="mid:A2E4A344-4519-4A6B-A86A-B240A09E68DD@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <div>I believe this debate is based off wrong assumptions - for
        example the EFF is 501(c)(3) and that does not prevent them from
        taking a position on relevant issues as an organization.<br>
        <br>
        --
        <div>Jerry Hoff</div>
        <div><a moz-do-not-send="true" href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
        <div>@jerryhoff</div>
      </div>
      <div><br>
        On Jun 21, 2015, at 21:05, Jim Manico <<a
          moz-do-not-send="true" href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <meta content="text/html; charset=utf-8"
            http-equiv="Content-Type">
          With respect, I disagree with your take on this Jeff. Official
          OWASP public statements should be done with care.<br>
          <br>
          Also, this issue is not resolved yet and I am simply stating
          *my opinion* on the matter backed by research and references
          to IRS guidelines discussing this matter. And again I've
          stated that this is a nebulous area even by IRS regulation.<br>
          <br>
          <u><b>We are discussing this at the June 24 board meeting</b></u><u><b>
              - a meeting in which I hope that you and the community
              attend.</b></u> <br>
          <br>
          Making a big statement like this as an official message of the
          OWASP foundation - especial since it's political in nature -
          does in my opinion require board discussion. I know you want
          us to "jump on this" immediately - and we are Jeff - in just a
          few days.<br>
          <br>
          In fact, if the language is crafted in a way that keeps clear
          of specific legislation, I will likely vote to push this out.
          I agree with it 100%, I am only concerned if it's the right
          thing for OWASP to be making such a public statement. <br>
          <br>
          It is critical for all of us in OWASP leadership to be aware
          of the limits of what a 501(c)(3) should be doing, and when I
          hear that the members of foundation want OWASP to make a
          public and politically charged statement of intent, I think
          it's crucial for the board to be a part of it since the board
          holds legal responsibility for the operations of the
          foundation.<br>
          <br>
          See you June 24th?<br>
          <br>
          <a moz-do-not-send="true" class="moz-txt-link-freetext"
            href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
          <br>
          Aloha,<br>
          Jim<br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <div class="moz-cite-prefix">On 6/21/15 2:47 PM, Jeff Williams
            wrote:<br>
          </div>
          <blockquote
cite="mid:815ED4954DD4EA87.AC9F30B4-B882-4DBD-8F06-A2CC09F2B771@mail.outlook.com"
            type="cite">
            <div>This is a false dichotomy -- OWASP can and should do
              both. The Board should work to assist and support *any*
              idea consistent with our mission...even if...especially
              if... you don't think it will work.</div>
            <div><br>
            </div>
            <div>You can't let *your* judgement influence the decision
              to support a project. If you do, then all we will ever get
              is Board ideas.  And, respectfully, I don't trust you or
              any other individual to think up the next great AppSec
              idea.</div>
            <div><br>
            </div>
            <div>The Board shouldn't interfere at all unless somebody is
              doing something harmful to the organization or the
              mission. And even then should try to figure out a
              productive path for that energy.</div>
            <div><br>
            </div>
            <div>Again respectfully, you should get out of the way.<br>
              <br>
              <div class="acompli_signature">--Jeff<br>
              </div>
            </div>
            <br>
            <br>
            <br>
            <div class="gmail_quote">On Sun, Jun 21, 2015 at 5:27 PM
              -0700, "Jim Manico" <span dir="ltr"><<a
                  moz-do-not-send="true"
                  href="mailto:jim.manico@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>></span>
              wrote:<br>
              <br>
              <blockquote class="gmail_quote" style="margin:0 0 0
                .8ex;border-left:1px #ccc solid;padding-left:1ex">
                <div dir="3D"ltr"">
                  <meta http-equiv="content-type" content="text/html;
                    charset=utf-8">
                  <div>Jeff,</div>
                  <div><br>
                  </div>
                  <div>My take on this is that "talk is cheap" and that
                    "actions are more powerful words". I'd rather keep
                    out of legislation and focus on making important
                    projects like ESAPI, ASVS, Security Shepard and
                    others more powerful.</div>
                  <div><br>
                  </div>
                  <div>I am sorry you are disappointed in current board
                    action, but there is good reason behind the
                    perspective I am stating. Also, this is my opinion
                    alone, not the entire boards.</div>
                  <div><br>
                  </div>
                  <div>Again, take a look at Whisper Systems. They are
                    providing incredibly well created and well assessed
                    open source projects for secure communications.
                    These open source projects are now being integrated
                    into various Operating Systems and other projects.</div>
                  <div><br>
                  </div>
                  <div>If ESAPI was not a abandoned, it could have been
                    serving our mission - planet level. I want to see it
                    and other key projects revived and well funded.</div>
                  <div><br>
                  </div>
                  <div>The power of a well built security project is
                    worth more than a thousand words. Talk is cheap.
                    Actions that change the world take sweat, blood and
                    staying the course even when it's no longer
                    financially beneficial to do so.</div>
                  <div><br>
                  </div>
                  <div>Respectfully,<br>
                    <div>--</div>
                    <div>Jim Manico</div>
                    <div>
                      <div apple-content-edited="true" class="">
                        <div class="" style="word-wrap: break-word;
                          -webkit-nbsp-mode: space; -webkit-line-break:
                          after-white-space;">
                          <div class=""><span style="background-color:
                              rgba(255, 255, 255, 0);">Global Board
                              Member</span></div>
                          <span style="background-color: rgba(255, 255,
                            255, 0);">OWASP Foundation</span>
                          <div class=""><a moz-do-not-send="true"
                              href="https://www.owasp.org/" class=""
                              style="background-color: rgba(255, 255,
                              255, 0);"><font color="#000000">https://www.owasp.org</font></a></div>
                        </div>
                      </div>
                      <div class=""><span style="background-color:
                          rgba(255, 255, 255, 0);">Join me at <a
                            moz-do-not-send="true"
                            href="http://appsecusa.org/" target="_blank"
                            class="">AppSecUSA</a> 2015 in San
                          Francisco!</span></div>
                    </div>
                  </div>
                  <div><br>
                    On Jun 21, 2015, at 2:12 PM, Jeff Williams <<a
                      moz-do-not-send="true"
                      class="moz-txt-link-abbreviated"
                      href="mailto:jeff.williams@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jeff.williams@owasp.org">jeff.williams@owasp.org</a></a>>

                    wrote:<br>
                    <br>
                  </div>
                  <blockquote type="cite">
                    <div>
                      <div>For the record, the IAB is part of the IETF,
                        which *is* a 501c3.  Even though 501c3
                        organizations *can* do some lobbying (as long as
                        expenditures are not substantial), the IAB is
                        careful not to talk about legislation or urge
                        anyone to contact representatives about
                        legislation.</div>
                      <div>As the creator and longtime Chair of the
                        OWASP Board, I'm frustrated that the current
                        Board isn't falling over themselves to support
                        efforts like this.  IMO the whole purpose of the
                        Board is to create a great platform to support
                        and amplify the efforts of anyone willing to
                        contribute to our important cause. Does't matter
                        the topic, but instead of saying no or
                        criticizing ideas or projects, figure out a way
                        to make it work or make them better.</div>
                      <div>In this case, and a million other topics, it
                        would be incredibly easy to stick to the
                        technical realities and feasibility of any
                        approaches being discussed in the news.  No need
                        to mention legislation.</div>
                      <div>
                        <div class="acompli_signature">--Jeff<br>
                          <br>
                          Jeff Williams | CTO<br>
                          Contrast Security<br>
                          <a moz-do-not-send="true"
                            href="tel:410.707.1487"
                            x-apple-data-detectors="true"
                            x-apple-data-detectors-type="telephone"
                            x-apple-data-detectors-result="0/1">410.707.1487</a>
                          | @planetlevel @contrastsec<br>
                          <br>
                        </div>
                        <br>
                      </div>
                      <div class="gmail_quote">_____________________________<br>
                        From: Jim Manico <<a moz-do-not-send="true"
                          href="mailto:jim.manico@owasp.org"
                          x-apple-data-detectors="true"
                          x-apple-data-detectors-type="link"
                          x-apple-data-detectors-result="2">jim.manico@owasp.org</a>><br>
                        Sent: Sunday, June 21, 2015 7:37 PM<br>
                        Subject: Re: [Owasp-leaders] [Owasp-community]
                        [Owasp-board] IAB Statement on the Trade in
                        Security Technologies<br>
                        To: McGovern, James <<a
                          moz-do-not-send="true"
                          href="mailto:james.mcgovern@hp.com"
                          x-apple-data-detectors="true"
                          x-apple-data-detectors-type="link"
                          x-apple-data-detectors-result="4"><a class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a></a>><br>
                        Cc: <<a moz-do-not-send="true"
                          href="mailto:owasp-community@lists.owasp.org"
                          x-apple-data-detectors="true"
                          x-apple-data-detectors-type="link"
                          x-apple-data-detectors-result="5">owasp-community@lists.owasp.org</a>>,

                        OWASP Board List <<a moz-do-not-send="true"
                          href="mailto:owasp-board@lists.owasp.org"
                          x-apple-data-detectors="true"
                          x-apple-data-detectors-type="link"
                          x-apple-data-detectors-result="6">owasp-board@lists.owasp.org</a>>,

                        owasp-leaders <<a moz-do-not-send="true"
                          href="mailto:owasp-leaders@lists.owasp.org"
                          x-apple-data-detectors="true"
                          x-apple-data-detectors-type="link"
                          x-apple-data-detectors-result="7">owasp-leaders@lists.owasp.org</a>><br>
                        <br>
                        <br>
                        <meta content="text/html; charset=utf-8">
                        <div> I will - for sure - put this on the June
                          24th Board meeting agenda. My opinion (based
                          on research over the years trying to
                          understand my duty to the foundation) is to
                          keep AWAY from any even slight attempt to
                          influence legislation. </div>
                        <div> <br>
                        </div>
                        <div> In general I see projects, documentation
                          efforts and  conferences doing much to unite
                          us in our shared mission. But start discussing
                          politics and it will go a long way to divide
                          us as a community. </div>
                        <div> <br>
                        </div>
                        <div> I suggest that we focus on •doing
                          something• vs •saying something•.  </div>
                        <div> <br>
                        </div>
                        <div> Imagine funding open source projects
                          similar to Whisper Systems or enhancing our
                          documentation projects to be much more up to
                          date and relevant our building professional
                          open source training material? This is how I
                          think the foundation can best face these
                          issues while at the same time serve our
                          mission while at the same time keep away from
                          influencing legislation. :) </div>
                        <div> <br>
                        </div>
                        <div> And for what it's worth, I strongly
                          dislike the fact that I'm bringing these
                          things up. I'm not trying to ruin anyones
                          party here. But I do feel it's my duty as your
                          elected board member to do so. </div>
                        <div> <br>
                        </div>
                        <div> Aloha, </div>
                        <div> -- <br>
                          <div> Jim Manico </div>
                          <div>
                            <div class="">
                              <div class="" style="word-wrap:
                                break-word; -webkit-nbsp-mode: space;
                                -webkit-line-break: after-white-space;">
                                <div class=""> <span
                                    style="background-color: rgba(255,
                                    255, 255, 0);">Global Board Member</span>
                                </div>
                                <span style="background-color: rgba(255,
                                  255, 255, 0);">OWASP Foundation</span>
                                <div class=""> <a
                                    moz-do-not-send="true"
                                    href="https://www.owasp.org/"
                                    class="" style="background-color:
                                    rgba(255, 255, 255, 0);"><font
                                      color="#000000"><a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a></font></a>
                                </div>
                              </div>
                            </div>
                            <div class=""> <span
                                style="background-color: rgba(255, 255,
                                255, 0);">Join me at <a
                                  moz-do-not-send="true"
                                  href="http://appsecusa.org/" class="">AppSecUSA</a> 2015

                                in San Francisco!</span> </div>
                          </div>
                        </div>
                        <div> <br>
                          On Jun 21, 2015, at 1:23 PM, McGovern, James
                          < <a moz-do-not-send="true"
                            class="moz-txt-link-abbreviated"
                            href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a>>

                          wrote: <br>
                          <br>
                        </div>
                        <blockquote>
                          <div> <span>Jim, while you are going to the
                              board for legal clarification, please
                              inquire:</span> <br>
                            <span></span> <br>
                            <span>1. 501c3 is a US thing. Can we
                              influence non-US government and still
                              comply?</span> <br>
                            <span>2. Understanding the US political
                              issues sometimes will put us on a partisan
                              path. For example, in CT I have commented
                              in the past in a political context on why
                              smart guns are just plain stupid. This
                              particular issue leans more
                              conservative/libertarian than it does
                              Liberal. Therefore, we must attempt to
                              understand the flow of politics on any
                              given Sunday.</span> <br>
                            <span>3. Maybe we could somehow solve this
                              by having a policy that encourages
                              legislators of all parties to reach out to
                              their local chapter leader for an informed
                              opinion.</span> <br>
                            <span></span> <br>
                            <span>-----Original Message-----</span> <br>
                            <span>From: <a moz-do-not-send="true"
                                href="mailto:owasp-community-bounces@lists.owasp.org">owasp-community-bounces@lists.owasp.org</a>
                              [<a moz-do-not-send="true"
                                href="mailto:owasp-community-bounces@lists.owasp.org">mailto:owasp-community-bounces@lists.owasp.org</a>]
                              On Behalf Of Jim Manico</span> <br>
                            <span>Sent: Saturday, June 20, 2015 4:37 PM</span>
                            <br>
                            <span>To: Kevin W. Wall</span> <br>
                            <span>Cc: OWASP Board List; <a
                                moz-do-not-send="true"
                                class="moz-txt-link-abbreviated"
                                href="mailto:owasp-community@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:owasp-community@lists.owasp.org">owasp-community@lists.owasp.org</a></a>;
                              owasp-leaders</span> <br>
                            <span>Subject: Re: [Owasp-community]
                              [Owasp-board] IAB Statement on the Trade
                              in Security Technologies</span> <br>
                            <span></span> <br>
                            <span>I agree with you Kevin. Even the IRS
                              is cagey about this topic. </span> <br>
                            <span></span> <br>
                            <span>However, this is an organization risk
                              that I feel we should be aware of before
                              charging to far into policy. It would
                              behoove is to get legal review before
                              going to far. I'll bring this up at the
                              next board meeting.</span> <br>
                            <span></span> <br>
                            <span>Aloha,</span> <br>
                            <span>--</span> <br>
                            <span>Jim Manico</span> <br>
                            <span>@Manicode</span> <br>
                            <span><a moz-do-not-send="true"
                                href="tel:%28808%29%20652-3805"
                                x-apple-data-detectors="true"
                                x-apple-data-detectors-type="telephone"
                                x-apple-data-detectors-result="18/1">(808)

                                652-3805</a></span> <br>
                            <span></span> <br>
                            <blockquote> <span>On Jun 20, 2015, at 9:47
                                AM, Kevin W. Wall <<a
                                  moz-do-not-send="true"
                                  href="mailto:kevin.w.wall@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:kevin.w.wall@gmail.com">kevin.w.wall@gmail.com</a></a>>

                                wrote:</span> <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>Jim,</span> <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>On Sat, Jun 20, 2015
                                  at 2:55 PM, Jim Manico <<a
                                    moz-do-not-send="true"
                                    href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>

                                  wrote:</span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>That is fair Michael.</span>
                                <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span></span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>But I do want to warn
                                  the community that this is a slippery
                                  slope, we </span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>are being watched, and
                                  trying to influence legislation is one
                                  of the </span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>few ways OWASP can
                                  lose it's charitable status. And if
                                  that happens, </span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote>
                              <blockquote> <span>the debate about what
                                  to do with our funds will quickly
                                  change for the worse.</span> <br>
                              </blockquote>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>I don't think that it is
                                impossible for charitable organizations
                                to </span> <br>
                            </blockquote>
                            <blockquote> <span>comment on public
                                possible without loosing their 501(c)(3)
                                status, but </span> <br>
                            </blockquote>
                            <blockquote> <span>it just has to be done
                                in the right way. (However, IANAL, so I
                                don't </span> <br>
                            </blockquote>
                            <blockquote> <span>even begin to know the
                                details of what that "right way" would
                                entail.)</span> <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>As a case in point, the
                                ACM has a 501(c)(3) not-for-profit
                                status, and </span> <br>
                            </blockquote>
                            <blockquote> <span>yet their public policy
                                arm--the USACM--has certainly tried to </span>
                              <br>
                            </blockquote>
                            <blockquote> <span>influence public policy.
                                (Recall the crypto debate from the late
                              </span> <br>
                            </blockquote>
                            <blockquote> <span>1990s? The USACM and
                                IEEE wrote a letter to Sen. John McCain
                                to try to </span> <br>
                            </blockquote>
                            <blockquote> <span>influence the US
                                legislation not to pass laws to mandate
                                weak </span> <br>
                            </blockquote>
                            <blockquote> <span>encryption. E.g., see</span>
                              <br>
                            </blockquote>
                            <blockquote> <span><<a
                                  moz-do-not-send="true"
href="http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri"><a class="moz-txt-link-freetext" href="http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri">http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri</a></a></span>
                              <br>
                            </blockquote>
                            <blockquote> <span>vacy%20and%20Security>.)</span>
                              <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>So I'm guessing that the
                                devil is in the details of how it is
                                done.  </span> <br>
                            </blockquote>
                            <blockquote> <span>In fact, according to
                                Spaf's blog at </span> <br>
                            </blockquote>
                            <blockquote> <span><<a
                                  moz-do-not-send="true"
href="https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t"><a class="moz-txt-link-freetext" href="https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t">https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t</a></a></span>
                              <br>
                            </blockquote>
                            <blockquote> <span>he_attack_on_encryption/>

                                the USACM is going through this same
                                this </span> <br>
                            </blockquote>
                            <blockquote> <span>this again. Like I said,
                                I am not a lawyer and maybe this attempt
                                to </span> <br>
                            </blockquote>
                            <blockquote> <span>influence public policy
                                doesn't strictly qualify as "lobbying"
                                in the </span> <br>
                            </blockquote>
                            <blockquote> <span>eyes of the IRS. But it
                                certainly doesn't seem impossible.</span>
                              <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>Also, we can--and
                                should--all speak out strongly against
                                things that </span> <br>
                            </blockquote>
                            <blockquote> <span>we believe are against
                                the OWASP mission, but we don't have to
                                do it </span> <br>
                            </blockquote>
                            <blockquote> <span>in a manner as
                                representing OWASP. Do that on your
                                personal blogs or </span> <br>
                            </blockquote>
                            <blockquote> <span>social media instead of
                                OWASP mailing lists and there shouldn't
                                be an </span> <br>
                            </blockquote>
                            <blockquote> <span>issue, especially if you
                                add a short disclaimer as to how your
                                opinion </span> <br>
                            </blockquote>
                            <blockquote> <span>does not necessarily
                                affect the opinion of OWASP overall (in
                                the cases when there might be some
                                doubt).</span> <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>So perhaps if we decide
                                that we officially want to speak out on
                              </span> <br>
                            </blockquote>
                            <blockquote> <span>certain public policy as
                                an organization in order to influence
                                public </span> <br>
                            </blockquote>
                            <blockquote> <span>policy in accordance
                                with our mission statements, then
                                someone who </span> <br>
                            </blockquote>
                            <blockquote> <span>understands the nuances
                                of the 501(c)(3) IRS regulations could
                                help </span> <br>
                            </blockquote>
                            <blockquote> <span>OWASP navigate these
                                waters.</span> <br>
                            </blockquote>
                            <blockquote> <span></span> <br>
                            </blockquote>
                            <blockquote> <span>-kevin</span> <br>
                            </blockquote>
                            <blockquote> <span>--</span> <br>
                            </blockquote>
                            <blockquote> <span>Blog: <a
                                  moz-do-not-send="true"
                                  class="moz-txt-link-freetext"
                                  href="http://off-the-wall-security.blogspot.com/"><a class="moz-txt-link-freetext" href="http://off-the-wall-security.blogspot.com/">http://off-the-wall-security.blogspot.com/</a></a></span>
                              <br>
                            </blockquote>
                            <blockquote> <span>NSA: All your crypto bit
                                are belong to us.</span> <br>
                            </blockquote>
                            <span>_______________________________________________</span>
                            <br>
                            <span>Owasp-community mailing list</span> <br>
                            <span><a moz-do-not-send="true"
                                href="mailto:Owasp-community@lists.owasp.org">Owasp-community@lists.owasp.org</a></span>
                            <br>
                            <span><a moz-do-not-send="true"
                                href="https://lists.owasp.org/mailman/listinfo/owasp-community">https://lists.owasp.org/mailman/listinfo/owasp-community</a></span>
                            <br>
                          </div>
                        </blockquote>
                        <br>
                        <br>
                      </div>
                    </div>
                  </blockquote>
                </div>
              </blockquote>
            </div>
          </blockquote>
          <br>
        </div>
      </blockquote>
      <blockquote type="cite">
        <div><span>_______________________________________________</span><br>
          <span>OWASP-Leaders mailing list</span><br>
          <span><a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
          <span><a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
        </div>
      </blockquote>
    </blockquote>
    <br>
  </body>
</html>