<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Thank you Jim for citing the text. <br>
      I think the key word is "substantial part". As explained
      yesterday, if we make a statement about our mission and how it
      relates to some government ideas, that is still far away from
      "substantial part". The bar would be if we use more than
      100-300kUSD for promoting that message.... And I think we are far
      far away from that.... <br>
      <br>
      So I think we do not need to worry too much about the legal
      charity limitations at this point. <br>
      <br>
      So I think the question is: <br>
      Do we want for OWASP to express an opinion on important security
      questions? Like e.g. we did in 2014 with the statement on Internet
      Security or possibly statements similar to the one from the IAB on
      export control of security. <br>
      <br>
      From the discussion so far, I get the impression that overall
      there would be some support for OWASP to use its voice in the
      public to further our core messages for our mission of improving
      web and application security. <br>
      <br>
      IMHO we should naturally only do this on topics were we have a
      large majority and support in our community and avoid too
      contentious topics. (in general I believe the topic of our
      statement from last year and possibly the IAB statement would be
      relatively close to consensus in our community...) <br>
      <br>
      For the process: in general, I would advise for us to have a
      community discussion first before we release any statements and
      only do make a statement after we see a very very large community
      support for it. <br>
      <br>
      Just my 2 cents. <br>
      <br>
      Tobias<br>
      <br>
      <br>
      On 22/06/15 21:27, Jim Manico wrote:<br>
    </div>
    <blockquote cite="mid:558861A6.3020306@owasp.org" type="cite">
      <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
      Jerry,<br>
      <br>
      I feel you are reducing this conversation to absurdity in an
      unfair manner.<br>
      <br>
      Let me lay this out to you once more in hopes to help you
      understand where I am coming from, even if I am wrong. <br>
      <br>
      1) This discussion started with a request for OWASP to make a
      public/official statement about <b>export control legislation</b>.<br>
      <br>
      2) The IRS states on their website that 501c3 charities
      <meta charset="utf-8">
      "<b>may not attempt to influence legislation as a substantial part
        of its activities</b>". <a moz-do-not-send="true"
        class="moz-txt-link-freetext"
href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501%28c%29%283%29-Organizations">http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations</a>
      <br>
      <br>
      3) I provided a word of warning. There are *many* statements from
      the IAB that we could model. I suggest we model their more
      technical messages such as their statement on internet
      confidentiality ( <a moz-do-not-send="true"
        class="moz-txt-link-freetext"
href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/">https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/</a>
      ) as opposed to a statement on export control laws. <br>
      <br>
      Now Jerry, you do not have to agree with me, but I do feel there
      is sound logic to my thought process. <br>
      <br>
      This is on the board discussion list for June 24th. I'll make
      certain that any message the foundation does indeed broadcast is
      published for your and others review before we post it. In fact,
      if you or others wish to help draft it we would be grateful for
      your help.<br>
      <br>
      Does help clarify my concern and the actions the board is taking
      to work with the community to make this happen?<br>
      <br>
      Aloha,<br>
      <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
      <br>
      <br>
      <br>
      <br>
      <div class="moz-cite-prefix">On 6/22/15 4:08 AM, Jerry Hoff wrote:<br>
      </div>
      <blockquote
        cite="mid:741D8C52-2A31-4972-83F6-4B7B46946E0B@whitehatsec.com"
        type="cite">
        <meta http-equiv="Content-Type" content="text/html;
          charset=UTF-8">
        <div><span></span></div>
        <div>
          <div>Exactly - seemed to have gone from "let's publicly voice
            an position for the common good" to "we can't say anything
            for fear of losing our 501(c)(3) status on grounds of
            lobbying all branches of the U.S. Govt". </div>
          <div><br>
          </div>
          <div>So although I think it was a needed discussion, I suggest
            we steer clear from further <i style="background-color:
              rgba(255, 255, 255, 0);">reductio ad absurdums </i>and
            establish a mechanism in which the foundation can voice
            concerns.</div>
          <div><br>
          </div>
          <div>Jerry</div>
          <div><br>
            On Jun 22, 2015, at 06:22, Eoin Keary <<a
              moz-do-not-send="true" class="moz-txt-link-abbreviated"
              href="mailto:eoin.keary@owasp.org">eoin.keary@owasp.org</a>>

            wrote:<br>
            <br>
          </div>
          <blockquote type="cite">
            <div>
              <div>+100 Tobias.</div>
              <div>Charities such as Amnesty International, Green Peace
                etc also make statements which are in line with their
                mission and also help drive the organisation achieving
                its goal. </div>
              <div>I'm unsure where lobbying / political activitisim
                needs to fit in here. It's more about speaking out for
                what the foundation believes in. </div>
              <div><br>
                <br>
                Eoin Keary
                <div>OWASP Volunteer</div>
                <div>@eoinkeary</div>
                <div><span style="font-size: 13pt;"><br>
                  </span></div>
                <div><br>
                </div>
              </div>
              <div><br>
                On 22 Jun 2015, at 11:47, Tobias <<a
                  moz-do-not-send="true"
                  class="moz-txt-link-abbreviated"
                  href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>>

                wrote:<br>
                <br>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="moz-cite-prefix">Guys, <br>
                    <br>
                    just fyi: we had this discussion before. Last time
                    in January 2014. <br>
                    And I believe reading the material provided by Jim
                    at the time, we can in fact determine that OWASP can
                    make statements that are in line with our mission. <br>
                    <br>
                    IMHO: It is good to be cautious in life, but to be
                    so cautious as to remain silent on topics that are
                    relevant and will be a problem for the security of
                    the web and the Internet as a whole is IMHO a
                    mistake. <br>
                    <br>
                    For the full and detailed analysis from our
                    discussion in Jan 2014, please refer to here: <br>
                    <a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-board/2014-January/012872.html">http://lists.owasp.org/pipermail/owasp-board/2014-January/012872.html</a><br>
                    <br>
                    In short: <br>
                    <i>"</i><i><b>"Your organization can engage in
                        legislative advocacy and issue-related advocacy,
                        as long as it follows certain rules and steers
                        clear of political campaigning. "</b></i><i>
                      (for those interested in what these certain rules
                      are: that a non-profit does not have "substantial
                      part" of its overall activities relates to
                      influencing legislation or carrying on propaganda.
                      Roughly anything under 5% of the overall budget is
                      considered not substantial, while expenditures of
                      above 15% would probably be considered substantial
                      - e.g. 5% would be with our current budget size
                      spending of more than USD 100.000(!) on
                      lobbying....)</i><i><br>
                    </i><i><br>
                    </i><i>We are free and safe to advocate our mission
                      and to make public statements to communicate our
                      mission. (And nobody would want for OWASP to
                      politically campaign for the next candidate for
                      presidency, governor,</i><i><br>
                    </i><i>mayor or political party of any country.)</i><i>"</i><i><br>
                      <br>
                    </i><br>
                    Furthermore: that's also the reason why the IAB/IETF
                    has no problem at all making this statement....<br>
                    And the Internet Society which is basically the
                    "communication" arm of the IETF (and a 501(c) 3
                    tax-exempt charitable organization, <a
                      moz-do-not-send="true"
                      href="http://www.internetsociety.org/tax-exempt-charitable-organization">http://www.internetsociety.org/tax-exempt-charitable-organization</a>)
                    has no problems engaging in political debate about
                    an open and secure Internet. And in fact is doing
                    that very effectively. <i><br>
                    </i><br>
                    Best regards, Tobias<br>
                    <br>
                    <br>
                    <br>
                    On 22/06/15 03:57, Jim Manico wrote:<br>
                  </div>
                  <blockquote cite="mid:55876B76.4030608@owasp.org"
                    type="cite">Jerry,<br>
                    <br>
                    Per IRS guidelines, it's not just about lobbying
                    politicians. The limit is also on trying to
                    influence legislation. The original IAB link from
                    Tobias was about export control law (ie:
                    legislation) which is why I emailed words of
                    caution.<br>
                    <br>
                    - Jim<br>
                    <br>
                    <br>
                    <div class="moz-cite-prefix">On 6/21/15 3:52 PM,
                      Jerry Hoff wrote:<br>
                    </div>
                    <blockquote
                      cite="mid:4F829A81-4C69-404E-94B7-42474752CE15@owasp.org"
                      type="cite">
                      <div><span></span></div>
                      <div>
                        <div>Just to be clear again - no one in this
                          entire thread (that I have read at least) has
                          suggested we actively lobby politicians.
                          Putting out a statement on proposed
                          legislation is not the same as actively
                          lobbying government as defined below. </div>
                        <div><br>
                        </div>
                        <div>The entire thread is based on Jeff's
                          statement that  OWASP should put out a single
                          statement similar to the IAB's.  That's it.
                           I'm not sure how the conversation has drifted
                          so substantially from that  request.</div>
                        <div><br>
                        </div>
                        <div>--
                          <div>Jerry Hoff</div>
                          <div><a moz-do-not-send="true"
                              href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                          <div>@jerryhoff</div>
                        </div>
                        <div><br>
                          On Jun 21, 2015, at 21:42, Jim Manico <<a
                            moz-do-not-send="true"
                            class="moz-txt-link-abbreviated"
                            href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>>

                          wrote:<br>
                          <br>
                        </div>
                        <blockquote type="cite">
                          <div>And in the interest in fairness, here is
                            the counter-point as to why we should do
                            MORE lobbying at OWASP. <br>
                            <br>
                            <a moz-do-not-send="true"
                              class="moz-txt-link-freetext"
href="http://www.asaecenter.org/Resources/whitepaperdetail.cfm?ItemNumber=12202">http://www.asaecenter.org/Resources/whitepaperdetail.cfm?ItemNumber=12202</a><br>
                            <br>
                            <h5 style="box-sizing: border-box; margin:
                              0.2rem 0px 0px; padding: 0px; font-family:
                              'Helvetica Neue', Helvetica, Helvetica,
                              Arial, sans-serif; font-weight: 500;
                              font-style: normal; color: black;
                              text-rendering: optimizeLegibility;
                              line-height: 1.4; font-size: 0.938rem;
                              font-variant: normal; letter-spacing:
                              normal; orphans: auto; text-align: start;
                              text-indent: 0px; text-transform: none;
                              white-space: normal; widows: 1;
                              word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);"> 1.
                              501(c)(3)s cannot lobby and will lose
                              their tax exemption if they engage in
                              lobbying.</h5>
                            <p style="box-sizing: border-box; margin:
                              0px 0px 1.25rem; padding: 0px;
                              font-family: 'Helvetica Neue', Helvetica,
                              Helvetica, Arial, sans-serif; font-weight:
                              normal; line-height: 1.6; text-rendering:
                              optimizeLegibility; color: rgb(51, 51,
                              51); font-size: 15.0080003738403px;
                              font-style: normal; font-variant: normal;
                              letter-spacing: normal; orphans: auto;
                              text-align: start; text-indent: 0px;
                              text-transform: none; white-space: normal;
                              widows: 1; word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);">
                              Absolutely not. 501(c)(3) organizations
                              can, and often should, lobby at all levels
                              of government. Federal tax law has always
                              permitted some lobbying by nonprofits. The
                              1976 lobbying tax law passed by Congress
                              made that expressly clear. The Internal
                              Revenue Service ("IRS") followed with
                              implementing regulations. The federal
                              government clearly supports lobbying by
                              501(c)(3) organizations. Together, the law
                              and regulations provide wide latitude for
                              501(c)(3) organizations to lobby.</p>
                            <p style="box-sizing: border-box; margin:
                              0px 0px 1.25rem; padding: 0px;
                              font-family: 'Helvetica Neue', Helvetica,
                              Helvetica, Arial, sans-serif; font-weight:
                              normal; line-height: 1.6; text-rendering:
                              optimizeLegibility; color: rgb(51, 51,
                              51); font-size: 15.0080003738403px;
                              font-style: normal; font-variant: normal;
                              letter-spacing: normal; orphans: auto;
                              text-align: start; text-indent: 0px;
                              text-transform: none; white-space: normal;
                              widows: 1; word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);">
                              The law makes it very clear how much a
                              501(c)(3) organization can spend on
                              lobbying - up to $1 million depending on
                              the size of the organization - if the
                              501(h) election is made. The law also
                              makes it clear which activities are
                              lobbying and which are not. For example,
                              lobbying occurs only when there is an<span
                                class="Apple-converted-space"> </span><i
                                style="box-sizing: border-box;
                                font-style: italic; line-height:
                                inherit;">expenditure of money</i><span
                                class="Apple-converted-space"> </span>by
                              the 501(c)(3) for the purpose of
                              attempting to influence legislation. Where
                              there is no expenditure by the
                              organization for lobbying (such as
                              lobbying by members or volunteers), there
                              is no lobbying by the organization.</p>
                            <p style="box-sizing: border-box; margin:
                              0px 0px 1.25rem; padding: 0px;
                              font-family: 'Helvetica Neue', Helvetica,
                              Helvetica, Arial, sans-serif; font-weight:
                              normal; line-height: 1.6; text-rendering:
                              optimizeLegibility; color: rgb(51, 51,
                              51); font-size: 15.0080003738403px;
                              font-style: normal; font-variant: normal;
                              letter-spacing: normal; orphans: auto;
                              text-align: start; text-indent: 0px;
                              text-transform: none; white-space: normal;
                              widows: 1; word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);">
                              The right of citizens to petition their
                              government is basic to our democratic way
                              of life, and associations, including
                              501(c)(3)s, are one of the most effective
                              vehicles for making use of citizen
                              participation in shaping public policy.
                              Fortunately, the legislation passed by
                              Congress in 1976 makes it possible for
                              501(c)(3)s to lobby freely for the causes,
                              communities and constituencies they serve.</p>
                            <p style="box-sizing: border-box; margin:
                              0px 0px 1.25rem; padding: 0px;
                              font-family: 'Helvetica Neue', Helvetica,
                              Helvetica, Arial, sans-serif; font-weight:
                              normal; line-height: 1.6; text-rendering:
                              optimizeLegibility; color: rgb(51, 51,
                              51); font-size: 15.0080003738403px;
                              font-style: normal; font-variant: normal;
                              letter-spacing: normal; orphans: auto;
                              text-align: start; text-indent: 0px;
                              text-transform: none; white-space: normal;
                              widows: 1; word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);">
                              Generally, organizations that make the
                              501(h) election under the 1976 lobbying
                              law may spend 20% of the first $500,000 of
                              their annual expenditures on lobbying
                              ($100,000), 15% of the next $500,000, and
                              so on, up to $1 million dollars.</p>
                            <p style="box-sizing: border-box; margin:
                              0px 0px 1.25rem; padding: 0px;
                              font-family: 'Helvetica Neue', Helvetica,
                              Helvetica, Arial, sans-serif; font-weight:
                              normal; line-height: 1.6; text-rendering:
                              optimizeLegibility; color: rgb(51, 51,
                              51); font-size: 15.0080003738403px;
                              font-style: normal; font-variant: normal;
                              letter-spacing: normal; orphans: auto;
                              text-align: start; text-indent: 0px;
                              text-transform: none; white-space: normal;
                              widows: 1; word-spacing: 0px;
                              -webkit-text-stroke-width: 0px;
                              background-color: rgb(255, 255, 255);">
                              Finally, by not engaging in lobbying, your
                              organization may be failing to employ a
                              very important activity that could be
                              enormously helpful in carrying out its
                              mission.</p>
                            <br>
                            <br>
                            <div class="moz-cite-prefix">On 6/21/15 3:32
                              PM, Jerry Hoff wrote:<br>
                            </div>
                            <blockquote
                              cite="mid:741675FD-A590-42D8-A175-EA0672ECD616@owasp.org"
                              type="cite">
                              <div>Agreed - but I was under the strong
                                impression this entire discussion was on
                                putting out a statement similar to the
                                IAB.  Apologies if I misunderstood. I
                                was voicing support on that specific
                                action.</div>
                              <div><br>
                              </div>
                              <div>I didn't see anywhere in the thread
                                (though I may have missed it) anyone
                                advocating political campaigning or to
                                change the OWASP charter such that
                                influencing legislation would be a
                                substantial activity. <br>
                                <br>
                                --
                                <div>Jerry Hoff</div>
                                <div><a moz-do-not-send="true"
                                    href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                                <div>@jerryhoff</div>
                              </div>
                              <div><br>
                                On Jun 21, 2015, at 21:25, Jim Manico
                                <<a moz-do-not-send="true"
                                  class="moz-txt-link-abbreviated"
                                  href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>>

                                wrote:<br>
                                <br>
                              </div>
                              <blockquote type="cite">
                                <div>Jerry,<br>
                                  <br>
                                  I'm a fan of OWASP taking technical
                                  stands such as the IAB Statement on
                                  Internet Confidentiality <a
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext"
href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/">https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/</a>
                                  and similar. <br>
                                  <br>
                                  What our 501(c)(3) foundation needs to
                                  to steer clear of from my
                                  understanding is...<br>
                                  <br>
                                  1) ... not to engage in political
                                  campaigning<br>
                                  2) ... not to attempt to influence
                                  legislation as a substantial part of
                                  our activities<br>
                                  <br>
                                  I am no fan of NACL's but this is a
                                  very important topic.<br>
                                  <br>
                                  The exact quote from the IRS is (<a
                                    moz-do-not-send="true"
                                    class="moz-txt-link-freetext"
href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501%28c%29%283%29-Organizations%29">http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations)</a><br>
                                  <br>
                                  <span style="color: rgb(0, 0, 0);
                                    font-family: sans-serif; font-size:
                                    13px; font-style: normal;
                                    font-variant: normal; font-weight:
                                    normal; letter-spacing: normal;
                                    line-height: 16.0029983520508px;
                                    orphans: auto; text-align: start;
                                    text-indent: 0px; text-transform:
                                    none; white-space: normal; widows:
                                    1; word-spacing: 0px;
                                    -webkit-text-stroke-width: 0px;
                                    display: inline !important; float:
                                    none; background-color: rgb(255,
                                    255, 255);">"...it may not attempt
                                    to influence legislation as a
                                    substantial part of its activities
                                    and it may not participate in any
                                    campaign activity for or against
                                    political candidates..."</span><br>
                                  <br>
                                  So as long as our "official foundation
                                  statement" on this matter steers clear
                                  of these issues, I will support it.<br>
                                  <br>
                                  We will be discussing this at the June
                                  24th meeting, I hope you can make it.<br>
                                  <br>
                                  <a moz-do-not-send="true"
                                    class="moz-txt-link-freetext"
                                    href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
                                  <br>
                                  Aloha,<br>
                                  Jim<br>
                                  <br>
                                  <div class="moz-cite-prefix">On
                                    6/21/15 3:16 PM, Jerry Hoff wrote:<br>
                                  </div>
                                  <blockquote
                                    cite="mid:A2E4A344-4519-4A6B-A86A-B240A09E68DD@owasp.org"
                                    type="cite">
                                    <div>I believe this debate is based
                                      off wrong assumptions - for
                                      example the EFF is 501(c)(3) and
                                      that does not prevent them from
                                      taking a position on relevant
                                      issues as an organization.<br>
                                      <br>
                                      --
                                      <div>Jerry Hoff</div>
                                      <div><a moz-do-not-send="true"
                                          href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                                      <div>@jerryhoff</div>
                                    </div>
                                    <div><br>
                                      On Jun 21, 2015, at 21:05, Jim
                                      Manico <<a
                                        moz-do-not-send="true"
                                        class="moz-txt-link-abbreviated"
href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>> wrote:<br>
                                      <br>
                                    </div>
                                    <blockquote type="cite">
                                      <div>With respect, I disagree with
                                        your take on this Jeff. Official
                                        OWASP public statements should
                                        be done with care.<br>
                                        <br>
                                        Also, this issue is not resolved
                                        yet and I am simply stating *my
                                        opinion* on the matter backed by
                                        research and references to IRS
                                        guidelines discussing this
                                        matter. And again I've stated
                                        that this is a nebulous area
                                        even by IRS regulation.<br>
                                        <br>
                                        <u><b>We are discussing this at
                                            the June 24 board meeting</b></u><u><b>
                                            - a meeting in which I hope
                                            that you and the community
                                            attend.</b></u> <br>
                                        <br>
                                        Making a big statement like this
                                        as an official message of the
                                        OWASP foundation - especial
                                        since it's political in nature -
                                        does in my opinion require board
                                        discussion. I know you want us
                                        to "jump on this" immediately -
                                        and we are Jeff - in just a few
                                        days.<br>
                                        <br>
                                        In fact, if the language is
                                        crafted in a way that keeps
                                        clear of specific legislation, I
                                        will likely vote to push this
                                        out. I agree with it 100%, I am
                                        only concerned if it's the right
                                        thing for OWASP to be making
                                        such a public statement. <br>
                                        <br>
                                        It is critical for all of us in
                                        OWASP leadership to be aware of
                                        the limits of what a 501(c)(3)
                                        should be doing, and when I hear
                                        that the members of foundation
                                        want OWASP to make a public and
                                        politically charged statement of
                                        intent, I think it's crucial for
                                        the board to be a part of it
                                        since the board holds legal
                                        responsibility for the
                                        operations of the foundation.<br>
                                        <br>
                                        See you June 24th?<br>
                                        <br>
                                        <a moz-do-not-send="true"
                                          class="moz-txt-link-freetext"
href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
                                        <br>
                                        Aloha,<br>
                                        Jim<br>
                                        <br>
                                        <br>
                                        <br>
                                        <br>
                                        <br>
                                        <div class="moz-cite-prefix">On
                                          6/21/15 2:47 PM, Jeff Williams
                                          wrote:<br>
                                        </div>
                                        <blockquote
cite="mid:815ED4954DD4EA87.AC9F30B4-B882-4DBD-8F06-A2CC09F2B771@mail.outlook.com"
                                          type="cite">
                                          <div>This is a false dichotomy
                                            -- OWASP can and should do
                                            both. The Board should work
                                            to assist and support *any*
                                            idea consistent with our
                                            mission...even
                                            if...especially if... you
                                            don't think it will work.</div>
                                          <div><br>
                                          </div>
                                          <div>You can't let *your*
                                            judgement influence the
                                            decision to support a
                                            project. If you do, then all
                                            we will ever get is Board
                                            ideas.  And, respectfully, I
                                            don't trust you or any other
                                            individual to think up the
                                            next great AppSec idea.</div>
                                          <div><br>
                                          </div>
                                          <div>The Board shouldn't
                                            interfere at all unless
                                            somebody is doing something
                                            harmful to the organization
                                            or the mission. And even
                                            then should try to figure
                                            out a productive path for
                                            that energy.</div>
                                          <div><br>
                                          </div>
                                          <div>Again respectfully, you
                                            should get out of the way.<br>
                                            <br>
                                            <div
                                              class="acompli_signature">--Jeff<br>
                                            </div>
                                          </div>
                                          <br>
                                          <br>
                                          <br>
                                          <div class="gmail_quote">On
                                            Sun, Jun 21, 2015 at 5:27 PM
                                            -0700, "Jim Manico" <span
                                              dir="ltr"> <<a
                                                moz-do-not-send="true"
                                                class="moz-txt-link-abbreviated"
href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>></span>
                                            wrote:<br>
                                            <br>
                                            <blockquote
                                              class="gmail_quote"
                                              style="margin:0 0 0
                                              .8ex;border-left:1px #ccc
                                              solid;padding-left:1ex">
                                              <div
                                                dir="3D"ltr"">
                                                <div>Jeff,</div>
                                                <div><br>
                                                </div>
                                                <div>My take on this is
                                                  that "talk is cheap"
                                                  and that "actions are
                                                  more powerful words".
                                                  I'd rather keep out of
                                                  legislation and focus
                                                  on making important
                                                  projects like ESAPI,
                                                  ASVS, Security Shepard
                                                  and others more
                                                  powerful.</div>
                                                <div><br>
                                                </div>
                                                <div>I am sorry you are
                                                  disappointed in
                                                  current board action,
                                                  but there is good
                                                  reason behind the
                                                  perspective I am
                                                  stating. Also, this is
                                                  my opinion alone, not
                                                  the entire boards.</div>
                                                <div><br>
                                                </div>
                                                <div>Again, take a look
                                                  at Whisper Systems.
                                                  They are providing
                                                  incredibly well
                                                  created and well
                                                  assessed open source
                                                  projects for secure
                                                  communications. These
                                                  open source projects
                                                  are now being
                                                  integrated into
                                                  various Operating
                                                  Systems and other
                                                  projects.</div>
                                                <div><br>
                                                </div>
                                                <div>If ESAPI was not a
                                                  abandoned, it could
                                                  have been serving our
                                                  mission - planet
                                                  level. I want to see
                                                  it and other key
                                                  projects revived and
                                                  well funded.</div>
                                                <div><br>
                                                </div>
                                                <div>The power of a well
                                                  built security project
                                                  is worth more than a
                                                  thousand words. Talk
                                                  is cheap. Actions that
                                                  change the world take
                                                  sweat, blood and
                                                  staying the course
                                                  even when it's no
                                                  longer financially
                                                  beneficial to do so.</div>
                                                <div><br>
                                                </div>
                                                <div>Respectfully,<br>
                                                  <div>--</div>
                                                  <div>Jim Manico</div>
                                                  <div>
                                                    <div
                                                      apple-content-edited="true"
                                                      class="">
                                                      <div class=""
                                                        style="word-wrap:
                                                        break-word;
                                                        -webkit-nbsp-mode:
                                                        space;
                                                        -webkit-line-break:
after-white-space;">
                                                        <div class=""><span
                                                          style="background-color:


                                                          rgba(255, 255,
                                                          255, 0);">Global

                                                          Board Member</span></div>
                                                        <span
                                                          style="background-color:
                                                          rgba(255, 255,
                                                          255, 0);">OWASP

                                                          Foundation</span>
                                                        <div class=""><font
color="#000000"><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.owasp.org">https://www.owasp.org</a></font></div>
                                                      </div>
                                                    </div>
                                                    <div class=""><span
                                                        style="background-color:

                                                        rgba(255, 255,
                                                        255, 0);">Join
                                                        me at <a
                                                          moz-do-not-send="true"
href="http://appsecusa.org/" target="_blank" class="">AppSecUSA</a> 2015
                                                        in San
                                                        Francisco!</span></div>
                                                  </div>
                                                </div>
                                                <div><br>
                                                  On Jun 21, 2015, at
                                                  2:12 PM, Jeff Williams
                                                  <<a
                                                    moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jeff.williams@owasp.org">jeff.williams@owasp.org</a>>

                                                  wrote:<br>
                                                  <br>
                                                </div>
                                                <blockquote type="cite">
                                                  <div>
                                                    <div>For the record,
                                                      the IAB is part of
                                                      the IETF, which
                                                      *is* a 501c3.
                                                       Even though 501c3
                                                      organizations
                                                      *can* do some
                                                      lobbying (as long
                                                      as expenditures
                                                      are not
                                                      substantial), the
                                                      IAB is careful not
                                                      to talk about
                                                      legislation or
                                                      urge anyone to
                                                      contact
                                                      representatives
                                                      about legislation.</div>
                                                    <div>As the creator
                                                      and longtime Chair
                                                      of the OWASP
                                                      Board, I'm
                                                      frustrated that
                                                      the current Board
                                                      isn't falling over
                                                      themselves to
                                                      support efforts
                                                      like this.  IMO
                                                      the whole purpose
                                                      of the Board is to
                                                      create a great
                                                      platform to
                                                      support and
                                                      amplify the
                                                      efforts of anyone
                                                      willing to
                                                      contribute to our
                                                      important cause.
                                                      Does't matter the
                                                      topic, but instead
                                                      of saying no or
                                                      criticizing ideas
                                                      or projects,
                                                      figure out a way
                                                      to make it work or
                                                      make them better.</div>
                                                    <div>In this case,
                                                      and a million
                                                      other topics, it
                                                      would be
                                                      incredibly easy to
                                                      stick to the
                                                      technical
                                                      realities and
                                                      feasibility of any
                                                      approaches being
                                                      discussed in the
                                                      news.  No need to
                                                      mention
                                                      legislation.</div>
                                                    <div>
                                                      <div
                                                        class="acompli_signature">--Jeff<br>
                                                        <br>
                                                        Jeff Williams |
                                                        CTO<br>
                                                        Contrast
                                                        Security<br>
                                                        <a
                                                          moz-do-not-send="true"
href="tel:410.707.1487" x-apple-data-detectors="true"
                                                          x-apple-data-detectors-type="telephone"
x-apple-data-detectors-result="0/1">410.707.1487</a> | @planetlevel
                                                        @contrastsec<br>
                                                        <br>
                                                      </div>
                                                      <br>
                                                    </div>
                                                    <div
                                                      class="gmail_quote">_____________________________<br>
                                                      From: Jim Manico
                                                      <<a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>><br>
                                                      Sent: Sunday, June
                                                      21, 2015 7:37 PM<br>
                                                      Subject: Re:
                                                      [Owasp-leaders]
                                                      [Owasp-community]
                                                      [Owasp-board] IAB
                                                      Statement on the
                                                      Trade in Security
                                                      Technologies<br>
                                                      To: McGovern,
                                                      James <<a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a>><br>
                                                      Cc: <<a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                        href="mailto:owasp-community@lists.owasp.org">owasp-community@lists.owasp.org</a>>,

                                                      OWASP Board List
                                                      <<a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                        href="mailto:owasp-board@lists.owasp.org">owasp-board@lists.owasp.org</a>>,


                                                      owasp-leaders <<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                        href="mailto:owasp-leaders@lists.owasp.org">owasp-leaders@lists.owasp.org</a>><br>
                                                      <br>
                                                      <br>
                                                      <meta
                                                        content="text/html;
                                                        charset=utf-8">
                                                      <div>I will - for
                                                        sure - put this
                                                        on the June 24th
                                                        Board meeting
                                                        agenda. My
                                                        opinion (based
                                                        on research over
                                                        the years trying
                                                        to understand my
                                                        duty to the
                                                        foundation) is
                                                        to keep AWAY
                                                        from any even
                                                        slight attempt
                                                        to influence
                                                        legislation. </div>
                                                      <div><br>
                                                      </div>
                                                      <div>In general I
                                                        see projects,
                                                        documentation
                                                        efforts and
                                                         conferences
                                                        doing much to
                                                        unite us in our
                                                        shared mission.
                                                        But start
                                                        discussing
                                                        politics and it
                                                        will go a long
                                                        way to divide us
                                                        as a community.
                                                      </div>
                                                      <div><br>
                                                      </div>
                                                      <div>I suggest
                                                        that we focus on
                                                        •doing
                                                        something• vs
                                                        •saying
                                                        something•.  </div>
                                                      <div><br>
                                                      </div>
                                                      <div>Imagine
                                                        funding open
                                                        source projects
                                                        similar to
                                                        Whisper Systems
                                                        or enhancing our
                                                        documentation
                                                        projects to be
                                                        much more up to
                                                        date and
                                                        relevant our
                                                        building
                                                        professional
                                                        open source
                                                        training
                                                        material? This
                                                        is how I think
                                                        the foundation
                                                        can best face
                                                        these issues
                                                        while at the
                                                        same time serve
                                                        our mission
                                                        while at the
                                                        same time keep
                                                        away from
                                                        influencing
                                                        legislation. :)
                                                      </div>
                                                      <div><br>
                                                      </div>
                                                      <div>And for what
                                                        it's worth, I
                                                        strongly dislike
                                                        the fact that
                                                        I'm bringing
                                                        these things up.
                                                        I'm not trying
                                                        to ruin anyones
                                                        party here. But
                                                        I do feel it's
                                                        my duty as your
                                                        elected board
                                                        member to do so.
                                                      </div>
                                                      <div><br>
                                                      </div>
                                                      <div>Aloha, </div>
                                                      <div>-- <br>
                                                        <div>Jim Manico
                                                        </div>
                                                        <div>
                                                          <div class="">
                                                          <div class=""
                                                          style="word-wrap:


                                                          break-word;
                                                          -webkit-nbsp-mode:
                                                          space;
                                                          -webkit-line-break:
after-white-space;">
                                                          <div class=""><span
                                                          style="background-color:


                                                          rgba(255, 255,
                                                          255, 0);">Global

                                                          Board Member</span>
                                                          </div>
                                                          <span
                                                          style="background-color:
                                                          rgba(255, 255,
                                                          255, 0);">OWASP

                                                          Foundation</span>
                                                          <div class=""><font
color="#000000"><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.owasp.org">https://www.owasp.org</a></font> </div>
                                                          </div>
                                                          </div>
                                                          <div class=""><span
                                                          style="background-color:


                                                          rgba(255, 255,
                                                          255, 0);">Join
                                                          me at <a
                                                          moz-do-not-send="true"
href="http://appsecusa.org/" class="">AppSecUSA</a> 2015 in San
                                                          Francisco!</span>
                                                          </div>
                                                        </div>
                                                      </div>
                                                      <div><br>
                                                        On Jun 21, 2015,
                                                        at 1:23 PM,
                                                        McGovern, James
                                                        < <a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">
                                                        </a><a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a>>
                                                        wrote: <br>
                                                        <br>
                                                      </div>
                                                      <blockquote>
                                                        <div><span>Jim,
                                                          while you are
                                                          going to the
                                                          board for
                                                          legal
                                                          clarification,
                                                          please
                                                          inquire:</span>
                                                          <br>
                                                          <span></span><br>
                                                          <span>1. 501c3
                                                          is a US thing.
                                                          Can we
                                                          influence
                                                          non-US
                                                          government and
                                                          still comply?</span>
                                                          <br>
                                                          <span>2.
                                                          Understanding
                                                          the US
                                                          political
                                                          issues
                                                          sometimes will
                                                          put us on a
                                                          partisan path.
                                                          For example,
                                                          in CT I have
                                                          commented in
                                                          the past in a
                                                          political
                                                          context on why
                                                          smart guns are
                                                          just plain
                                                          stupid. This
                                                          particular
                                                          issue leans
                                                          more
                                                          conservative/libertarian
                                                          than it does
                                                          Liberal.
                                                          Therefore, we
                                                          must attempt
                                                          to understand
                                                          the flow of
                                                          politics on
                                                          any given
                                                          Sunday.</span>
                                                          <br>
                                                          <span>3. Maybe
                                                          we could
                                                          somehow solve
                                                          this by having
                                                          a policy that
                                                          encourages
                                                          legislators of
                                                          all parties to
                                                          reach out to
                                                          their local
                                                          chapter leader
                                                          for an
                                                          informed
                                                          opinion.</span>
                                                          <br>
                                                          <span></span><br>
                                                          <span>-----Original

                                                          Message-----</span>
                                                          <br>
                                                          <span>From: <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community-bounces@lists.owasp.org">
                                                          </a><a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community-bounces@lists.owasp.org">owasp-community-bounces@lists.owasp.org</a>
                                                          [<a
                                                          moz-do-not-send="true"
href="mailto:owasp-community-bounces@lists.owasp.org">mailto:owasp-community-bounces@lists.owasp.org</a>]
                                                          On Behalf Of
                                                          Jim Manico</span>
                                                          <br>
                                                          <span>Sent:
                                                          Saturday, June
                                                          20, 2015 4:37
                                                          PM</span> <br>
                                                          <span>To:
                                                          Kevin W. Wall</span>
                                                          <br>
                                                          <span>Cc:
                                                          OWASP Board
                                                          List; <a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community@lists.owasp.org">
                                                          </a><a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community@lists.owasp.org">owasp-community@lists.owasp.org</a>;
                                                          owasp-leaders</span>
                                                          <br>
                                                          <span>Subject:
                                                          Re:
                                                          [Owasp-community]
                                                          [Owasp-board]
                                                          IAB Statement
                                                          on the Trade
                                                          in Security
                                                          Technologies</span>
                                                          <br>
                                                          <span></span><br>
                                                          <span>I agree
                                                          with you
                                                          Kevin. Even
                                                          the IRS is
                                                          cagey about
                                                          this topic. </span><br>
                                                          <span></span><br>
                                                          <span>However,
                                                          this is an
                                                          organization
                                                          risk that I
                                                          feel we should
                                                          be aware of
                                                          before
                                                          charging to
                                                          far into
                                                          policy. It
                                                          would behoove
                                                          is to get
                                                          legal review
                                                          before going
                                                          to far. I'll
                                                          bring this up
                                                          at the next
                                                          board meeting.</span>
                                                          <br>
                                                          <span></span><br>
                                                          <span>Aloha,</span>
                                                          <br>
                                                          <span>--</span>
                                                          <br>
                                                          <span>Jim
                                                          Manico</span>
                                                          <br>
                                                          <span>@Manicode</span>
                                                          <br>
                                                          <span><a
                                                          moz-do-not-send="true"
href="tel:%28808%29%20652-3805" x-apple-data-detectors="true"
                                                          x-apple-data-detectors-type="telephone"
x-apple-data-detectors-result="18/1">(808) 652-3805</a></span> <br>
                                                          <span></span><br>
                                                          <blockquote><span>On

                                                          Jun 20, 2015,
                                                          at 9:47 AM,
                                                          Kevin W. Wall
                                                          <<a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:kevin.w.wall@gmail.com">kevin.w.wall@gmail.com</a>>

                                                          wrote:</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>Jim,</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>On

                                                          Sat, Jun 20,
                                                          2015 at 2:55
                                                          PM, Jim Manico
                                                          <<a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>>

                                                          wrote:</span>
                                                          <br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>That

                                                          is fair
                                                          Michael.</span>
                                                          <br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>But

                                                          I do want to
                                                          warn the
                                                          community that
                                                          this is a
                                                          slippery
                                                          slope, we </span><br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>are

                                                          being watched,
                                                          and trying to
                                                          influence
                                                          legislation is
                                                          one of the </span><br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>few

                                                          ways OWASP can
                                                          lose it's
                                                          charitable
                                                          status. And if
                                                          that happens,
                                                          </span><br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote>
                                                          <blockquote><span>the

                                                          debate about
                                                          what to do
                                                          with our funds
                                                          will quickly
                                                          change for the
                                                          worse.</span>
                                                          <br>
                                                          </blockquote>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>I
                                                          don't think
                                                          that it is
                                                          impossible for
                                                          charitable
                                                          organizations
                                                          to </span><br>
                                                          </blockquote>
                                                          <blockquote><span>comment

                                                          on public
                                                          possible
                                                          without
                                                          loosing their
                                                          501(c)(3)
                                                          status, but </span><br>
                                                          </blockquote>
                                                          <blockquote><span>it

                                                          just has to be
                                                          done in the
                                                          right way.
                                                          (However,
                                                          IANAL, so I
                                                          don't </span><br>
                                                          </blockquote>
                                                          <blockquote><span>even

                                                          begin to know
                                                          the details of
                                                          what that
                                                          "right way"
                                                          would entail.)</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>As

                                                          a case in
                                                          point, the ACM
                                                          has a
                                                          501(c)(3)
                                                          not-for-profit
                                                          status, and </span><br>
                                                          </blockquote>
                                                          <blockquote><span>yet

                                                          their public
                                                          policy
                                                          arm--the
                                                          USACM--has
                                                          certainly
                                                          tried to </span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>influence

                                                          public policy.
                                                          (Recall the
                                                          crypto debate
                                                          from the late
                                                          </span><br>
                                                          </blockquote>
                                                          <blockquote><span>1990s?

                                                          The USACM and
                                                          IEEE wrote a
                                                          letter to Sen.
                                                          John McCain to
                                                          try to </span><br>
                                                          </blockquote>
                                                          <blockquote><span>influence

                                                          the US
                                                          legislation
                                                          not to pass
                                                          laws to
                                                          mandate weak </span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>encryption.

                                                          E.g., see</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span><<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri">http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri</a></span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>vacy%20and%20Security>.)</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>So

                                                          I'm guessing
                                                          that the devil
                                                          is in the
                                                          details of how
                                                          it is done.  </span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>In

                                                          fact,
                                                          according to
                                                          Spaf's blog at
                                                          </span><br>
                                                          </blockquote>
                                                          <blockquote><span><<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t">https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t</a></span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>he_attack_on_encryption/>

                                                          the USACM is
                                                          going through
                                                          this same this
                                                          </span><br>
                                                          </blockquote>
                                                          <blockquote><span>this

                                                          again. Like I
                                                          said, I am not
                                                          a lawyer and
                                                          maybe this
                                                          attempt to </span><br>
                                                          </blockquote>
                                                          <blockquote><span>influence

                                                          public policy
                                                          doesn't
                                                          strictly
                                                          qualify as
                                                          "lobbying" in
                                                          the </span><br>
                                                          </blockquote>
                                                          <blockquote><span>eyes

                                                          of the IRS.
                                                          But it
                                                          certainly
                                                          doesn't seem
                                                          impossible.</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>Also,

                                                          we can--and
                                                          should--all
                                                          speak out
                                                          strongly
                                                          against things
                                                          that </span><br>
                                                          </blockquote>
                                                          <blockquote><span>we

                                                          believe are
                                                          against the
                                                          OWASP mission,
                                                          but we don't
                                                          have to do it
                                                          </span><br>
                                                          </blockquote>
                                                          <blockquote><span>in

                                                          a manner as
                                                          representing
                                                          OWASP. Do that
                                                          on your
                                                          personal blogs
                                                          or </span><br>
                                                          </blockquote>
                                                          <blockquote><span>social

                                                          media instead
                                                          of OWASP
                                                          mailing lists
                                                          and there
                                                          shouldn't be
                                                          an </span><br>
                                                          </blockquote>
                                                          <blockquote><span>issue,

                                                          especially if
                                                          you add a
                                                          short
                                                          disclaimer as
                                                          to how your
                                                          opinion </span><br>
                                                          </blockquote>
                                                          <blockquote><span>does

                                                          not
                                                          necessarily
                                                          affect the
                                                          opinion of
                                                          OWASP overall
                                                          (in the cases
                                                          when there
                                                          might be some
                                                          doubt).</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>So

                                                          perhaps if we
                                                          decide that we
                                                          officially
                                                          want to speak
                                                          out on </span><br>
                                                          </blockquote>
                                                          <blockquote><span>certain

                                                          public policy
                                                          as an
                                                          organization
                                                          in order to
                                                          influence
                                                          public </span><br>
                                                          </blockquote>
                                                          <blockquote><span>policy

                                                          in accordance
                                                          with our
                                                          mission
                                                          statements,
                                                          then someone
                                                          who </span><br>
                                                          </blockquote>
                                                          <blockquote><span>understands

                                                          the nuances of
                                                          the 501(c)(3)
                                                          IRS
                                                          regulations
                                                          could help </span><br>
                                                          </blockquote>
                                                          <blockquote><span>OWASP

                                                          navigate these
                                                          waters.</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                          <blockquote><span>-kevin</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>--</span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>Blog:

                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="http://off-the-wall-security.blogspot.com/">
                                                          </a><a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="http://off-the-wall-security.blogspot.com/">http://off-the-wall-security.blogspot.com/</a></span>
                                                          <br>
                                                          </blockquote>
                                                          <blockquote><span>NSA:

                                                          All your
                                                          crypto bit are
                                                          belong to us.</span>
                                                          <br>
                                                          </blockquote>
                                                          <span>_______________________________________________</span>
                                                          <br>
                                                          <span>Owasp-community

                                                          mailing list</span>
                                                          <br>
                                                          <span><a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:Owasp-community@lists.owasp.org">Owasp-community@lists.owasp.org</a></span>
                                                          <br>
                                                          <span><a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="https://lists.owasp.org/mailman/listinfo/owasp-community">https://lists.owasp.org/mailman/listinfo/owasp-community</a></span>
                                                          <br>
                                                        </div>
                                                      </blockquote>
                                                      <br>
                                                      <br>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                              </div>
                                            </blockquote>
                                          </div>
                                        </blockquote>
                                        <br>
                                      </div>
                                    </blockquote>
                                    <blockquote type="cite">
                                      <div><span>_______________________________________________</span><br>
                                        <span>OWASP-Leaders mailing list</span><br>
                                        <span><a moz-do-not-send="true"
href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
                                        <span><a moz-do-not-send="true"
href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                                      </div>
                                    </blockquote>
                                  </blockquote>
                                  <br>
                                </div>
                              </blockquote>
                            </blockquote>
                            <br>
                          </div>
                        </blockquote>
                      </div>
                    </blockquote>
                    <br>
                    <br>
                    <fieldset class="mimeAttachmentHeader"></fieldset>
                    <br>
                    <pre wrap="">_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </blockquote>
              <blockquote type="cite">
                <div><span>_______________________________________________</span><br>
                  <span>Owasp-board mailing list</span><br>
                  <span><a moz-do-not-send="true"
                      href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br>
                  <span><a moz-do-not-send="true"
                      href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
                </div>
              </blockquote>
            </div>
          </blockquote>
          <blockquote type="cite">
            <div><span>_______________________________________________</span><br>
              <span>OWASP-Leaders mailing list</span><br>
              <span><a moz-do-not-send="true"
                  href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
              <span><a moz-do-not-send="true"
                  href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
            </div>
          </blockquote>
        </div>
        <div>
          <p id="yui-gen4">
            <style>
<!--
 /* Font Definitions */
@font-face
        {font-family:"MS 明朝";
        mso-font-charset:78;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
        {font-family:"MS 明朝";
        mso-font-charset:78;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;
        mso-font-charset:0;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:-520092929 1073786111 9 0 415 0;}
@font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;
        mso-font-charset:0;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:-536870145 1073743103 0 0 415 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-unhide:no;
        mso-style-qformat:yes;
        mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:Cambria;
        mso-ascii-font-family:Cambria;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"MS 明朝";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Cambria;
        mso-hansi-theme-font:minor-latin;
        mso-bidi-font-family:"Times New Roman";
        mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
        {mso-style-type:export-only;
        mso-default-props:yes;
        font-family:Cambria;
        mso-ascii-font-family:Cambria;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"MS 明朝";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Cambria;
        mso-hansi-theme-font:minor-latin;
        mso-bidi-font-family:"Times New Roman";
        mso-bidi-theme-font:minor-bidi;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.WordSection1
        {page:WordSection1;}
-->
</style></p>
          <p class="MsoNormal"><span
              style="font-size:14.0pt;font-family:Calibri;
              mso-bidi-font-family:Calibri"><br>
            </span></p>
          <p class="MsoNormal"><span
              style="font-size:14.0pt;font-family:Calibri;
              mso-bidi-font-family:Calibri"><br>
            </span></p>
          <p class="MsoNormal"><span
              style="font-size:14.0pt;font-family:Calibri;
              mso-bidi-font-family:Calibri"><br>
            </span></p>
          <p id="yui-gen3" class="MsoNormal"><span
              style="font-size:14.0pt;font-family:Calibri;
              mso-bidi-font-family:Calibri">______________________________________________________________________<br>
            </span></p>
          <p class="MsoNormal"><span
              style="font-size:14.0pt;font-family:Calibri;
              mso-bidi-font-family:Calibri">The contents of this
              electronic message, including any attachments, are
              intended only for the use of the individual or entity to
              which they are addressed and may contain confidential
              information. If you are not the intended recipient, you
              are hereby notified that any use, dissemination,
              distribution, or copying of this message or any attachment
              is strictly prohibited. If you have received this
              transmission in error, please send an e-mail to <a
                moz-do-not-send="true"
                href="mailto:postmaster@whitehatsec.com"><span
                  style="color:#0000E9">postmaster@whitehatsec.com</span></a> and

              delete this message, along with any attachments, from your
              computer<span style="font-family: Cambria;">.</span></span></p>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
      </blockquote>
      <br>
      <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Owasp-board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>