<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Jerry,<br>
    <br>
    I feel you are reducing this conversation to absurdity in an unfair
    manner.<br>
    <br>
    Let me lay this out to you once more in hopes to help you understand
    where I am coming from, even if I am wrong. <br>
    <br>
    1) This discussion started with a request for OWASP to make a
    public/official statement about <b>export control legislation</b>.<br>
    <br>
    2) The IRS states on their website that 501c3 charities
    <meta charset="utf-8">
    "<b>may not attempt to influence legislation as a substantial part
      of its activities</b>".
    <a class="moz-txt-link-freetext" href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations">http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations</a>
    <br>
    <br>
    3) I provided a word of warning. There are *many* statements from
    the IAB that we could model. I suggest we model their more technical
    messages such as their statement on internet confidentiality (
    <a class="moz-txt-link-freetext" href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/">https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/</a>
    ) as opposed to a statement on export control laws. <br>
    <br>
    Now Jerry, you do not have to agree with me, but I do feel there is
    sound logic to my thought process. <br>
    <br>
    This is on the board discussion list for June 24th. I'll make
    certain that any message the foundation does indeed broadcast is
    published for your and others review before we post it. In fact, if
    you or others wish to help draft it we would be grateful for your
    help.<br>
    <br>
    Does help clarify my concern and the actions the board is taking to
    work with the community to make this happen?<br>
    <br>
    Aloha,<br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
    <br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 6/22/15 4:08 AM, Jerry Hoff wrote:<br>
    </div>
    <blockquote
      cite="mid:741D8C52-2A31-4972-83F6-4B7B46946E0B@whitehatsec.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <div><span></span></div>
      <div>
        <div>Exactly - seemed to have gone from "let's publicly voice an
          position for the common good" to "we can't say anything for
          fear of losing our 501(c)(3) status on grounds of lobbying all
          branches of the U.S. Govt". </div>
        <div><br>
        </div>
        <div>So although I think it was a needed discussion, I suggest
          we steer clear from further <i style="background-color:
            rgba(255, 255, 255, 0);">reductio ad absurdums </i>and
          establish a mechanism in which the foundation can voice
          concerns.</div>
        <div><br>
        </div>
        <div>Jerry</div>
        <div><br>
          On Jun 22, 2015, at 06:22, Eoin Keary <<a
            moz-do-not-send="true" href="mailto:eoin.keary@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:eoin.keary@owasp.org">eoin.keary@owasp.org</a></a>>
          wrote:<br>
          <br>
        </div>
        <blockquote type="cite">
          <div>
            <div>+100 Tobias.</div>
            <div>Charities such as Amnesty International, Green Peace
              etc also make statements which are in line with their
              mission and also help drive the organisation achieving its
              goal. </div>
            <div>I'm unsure where lobbying / political activitisim needs
              to fit in here. It's more about speaking out for what the
              foundation believes in. </div>
            <div><br>
              <br>
              Eoin Keary
              <div>OWASP Volunteer</div>
              <div>@eoinkeary</div>
              <div><span style="font-size: 13pt;"><br>
                </span></div>
              <div><br>
              </div>
            </div>
            <div><br>
              On 22 Jun 2015, at 11:47, Tobias <<a
                moz-do-not-send="true"
                href="mailto:tobias.gondrom@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a></a>>
              wrote:<br>
              <br>
            </div>
            <blockquote type="cite">
              <div>
                <div class="moz-cite-prefix">Guys, <br>
                  <br>
                  just fyi: we had this discussion before. Last time in
                  January 2014. <br>
                  And I believe reading the material provided by Jim at
                  the time, we can in fact determine that OWASP can make
                  statements that are in line with our mission.
                  <br>
                  <br>
                  IMHO: It is good to be cautious in life, but to be so
                  cautious as to remain silent on topics that are
                  relevant and will be a problem for the security of the
                  web and the Internet as a whole is IMHO a mistake.
                  <br>
                  <br>
                  For the full and detailed analysis from our discussion
                  in Jan 2014, please refer to here:
                  <br>
                  <a moz-do-not-send="true"
href="http://lists.owasp.org/pipermail/owasp-board/2014-January/012872.html">http://lists.owasp.org/pipermail/owasp-board/2014-January/012872.html</a><br>
                  <br>
                  In short: <br>
                  <i>"</i><i><b>"Your organization can engage in
                      legislative advocacy and issue-related advocacy,
                      as long as it follows certain rules and steers
                      clear of political campaigning. "</b></i><i> (for
                    those interested in what these certain rules are:
                    that a non-profit does not have "substantial part"
                    of its overall activities relates to influencing
                    legislation or carrying on propaganda. Roughly
                    anything under 5% of the overall budget is
                    considered not substantial, while expenditures of
                    above 15% would probably be considered substantial -
                    e.g. 5% would be with our current budget size
                    spending of more than USD 100.000(!) on
                    lobbying....)</i><i><br>
                  </i><i><br>
                  </i><i>We are free and safe to advocate our mission
                    and to make public statements to communicate our
                    mission. (And nobody would want for OWASP to
                    politically campaign for the next candidate for
                    presidency, governor,</i><i><br>
                  </i><i>mayor or political party of any country.)</i><i>"</i><i><br>
                    <br>
                  </i><br>
                  Furthermore: that's also the reason why the IAB/IETF
                  has no problem at all making this statement....<br>
                  And the Internet Society which is basically the
                  "communication" arm of the IETF (and a 501(c) 3
                  tax-exempt charitable organization,
                  <a moz-do-not-send="true"
                    href="http://www.internetsociety.org/tax-exempt-charitable-organization">http://www.internetsociety.org/tax-exempt-charitable-organization</a>)
                  has no problems engaging in political debate about an
                  open and secure Internet. And in fact is doing that
                  very effectively. <i><br>
                  </i><br>
                  Best regards, Tobias<br>
                  <br>
                  <br>
                  <br>
                  On 22/06/15 03:57, Jim Manico wrote:<br>
                </div>
                <blockquote cite="mid:55876B76.4030608@owasp.org"
                  type="cite">Jerry,<br>
                  <br>
                  Per IRS guidelines, it's not just about lobbying
                  politicians. The limit is also on trying to influence
                  legislation. The original IAB link from Tobias was
                  about export control law (ie: legislation) which is
                  why I emailed words of caution.<br>
                  <br>
                  - Jim<br>
                  <br>
                  <br>
                  <div class="moz-cite-prefix">On 6/21/15 3:52 PM, Jerry
                    Hoff wrote:<br>
                  </div>
                  <blockquote
                    cite="mid:4F829A81-4C69-404E-94B7-42474752CE15@owasp.org"
                    type="cite">
                    <div><span></span></div>
                    <div>
                      <div>Just to be clear again - no one in this
                        entire thread (that I have read at least) has
                        suggested we actively lobby politicians. Putting
                        out a statement on proposed legislation is not
                        the same as actively lobbying government as
                        defined below. </div>
                      <div><br>
                      </div>
                      <div>The entire thread is based on Jeff's
                        statement that  OWASP should put out a single
                        statement similar to the IAB's.  That's it.  I'm
                        not sure how the conversation has drifted so
                        substantially from that  request.</div>
                      <div><br>
                      </div>
                      <div>--
                        <div>Jerry Hoff</div>
                        <div><a moz-do-not-send="true"
                            href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                        <div>@jerryhoff</div>
                      </div>
                      <div><br>
                        On Jun 21, 2015, at 21:42, Jim Manico <<a
                          moz-do-not-send="true"
                          class="moz-txt-link-abbreviated"
                          href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
                        wrote:<br>
                        <br>
                      </div>
                      <blockquote type="cite">
                        <div>And in the interest in fairness, here is
                          the counter-point as to why we should do MORE
                          lobbying at OWASP.
                          <br>
                          <br>
                          <a moz-do-not-send="true"
                            class="moz-txt-link-freetext"
href="http://www.asaecenter.org/Resources/whitepaperdetail.cfm?ItemNumber=12202">http://www.asaecenter.org/Resources/whitepaperdetail.cfm?ItemNumber=12202</a><br>
                          <br>
                          <h5 style="box-sizing: border-box; margin:
                            0.2rem 0px 0px; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: 500;
                            font-style: normal; color: black;
                            text-rendering: optimizeLegibility;
                            line-height: 1.4; font-size: 0.938rem;
                            font-variant: normal; letter-spacing:
                            normal; orphans: auto; text-align: start;
                            text-indent: 0px; text-transform: none;
                            white-space: normal; widows: 1;
                            word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            1. 501(c)(3)s cannot lobby and will lose
                            their tax exemption if they engage in
                            lobbying.</h5>
                          <p style="box-sizing: border-box; margin: 0px
                            0px 1.25rem; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: normal;
                            line-height: 1.6; text-rendering:
                            optimizeLegibility; color: rgb(51, 51, 51);
                            font-size: 15.0080003738403px; font-style:
                            normal; font-variant: normal;
                            letter-spacing: normal; orphans: auto;
                            text-align: start; text-indent: 0px;
                            text-transform: none; white-space: normal;
                            widows: 1; word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            Absolutely not. 501(c)(3) organizations can,
                            and often should, lobby at all levels of
                            government. Federal tax law has always
                            permitted some lobbying by nonprofits. The
                            1976 lobbying tax law passed by Congress
                            made that expressly clear. The Internal
                            Revenue Service ("IRS") followed with
                            implementing regulations. The federal
                            government clearly supports lobbying by
                            501(c)(3) organizations. Together, the law
                            and regulations provide wide latitude for
                            501(c)(3) organizations to lobby.</p>
                          <p style="box-sizing: border-box; margin: 0px
                            0px 1.25rem; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: normal;
                            line-height: 1.6; text-rendering:
                            optimizeLegibility; color: rgb(51, 51, 51);
                            font-size: 15.0080003738403px; font-style:
                            normal; font-variant: normal;
                            letter-spacing: normal; orphans: auto;
                            text-align: start; text-indent: 0px;
                            text-transform: none; white-space: normal;
                            widows: 1; word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            The law makes it very clear how much a
                            501(c)(3) organization can spend on lobbying
                            - up to $1 million depending on the size of
                            the organization - if the 501(h) election is
                            made. The law also makes it clear which
                            activities are lobbying and which are not.
                            For example, lobbying occurs only when there
                            is an<span class="Apple-converted-space"> </span><i
                              style="box-sizing: border-box; font-style:
                              italic; line-height: inherit;">expenditure
                              of money</i><span
                              class="Apple-converted-space"> </span>by
                            the 501(c)(3) for the purpose of attempting
                            to influence legislation. Where there is no
                            expenditure by the organization for lobbying
                            (such as lobbying by members or volunteers),
                            there is no lobbying by the organization.</p>
                          <p style="box-sizing: border-box; margin: 0px
                            0px 1.25rem; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: normal;
                            line-height: 1.6; text-rendering:
                            optimizeLegibility; color: rgb(51, 51, 51);
                            font-size: 15.0080003738403px; font-style:
                            normal; font-variant: normal;
                            letter-spacing: normal; orphans: auto;
                            text-align: start; text-indent: 0px;
                            text-transform: none; white-space: normal;
                            widows: 1; word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            The right of citizens to petition their
                            government is basic to our democratic way of
                            life, and associations, including
                            501(c)(3)s, are one of the most effective
                            vehicles for making use of citizen
                            participation in shaping public policy.
                            Fortunately, the legislation passed by
                            Congress in 1976 makes it possible for
                            501(c)(3)s to lobby freely for the causes,
                            communities and constituencies they serve.</p>
                          <p style="box-sizing: border-box; margin: 0px
                            0px 1.25rem; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: normal;
                            line-height: 1.6; text-rendering:
                            optimizeLegibility; color: rgb(51, 51, 51);
                            font-size: 15.0080003738403px; font-style:
                            normal; font-variant: normal;
                            letter-spacing: normal; orphans: auto;
                            text-align: start; text-indent: 0px;
                            text-transform: none; white-space: normal;
                            widows: 1; word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            Generally, organizations that make the
                            501(h) election under the 1976 lobbying law
                            may spend 20% of the first $500,000 of their
                            annual expenditures on lobbying ($100,000),
                            15% of the next $500,000, and so on, up to
                            $1 million dollars.</p>
                          <p style="box-sizing: border-box; margin: 0px
                            0px 1.25rem; padding: 0px; font-family:
                            'Helvetica Neue', Helvetica, Helvetica,
                            Arial, sans-serif; font-weight: normal;
                            line-height: 1.6; text-rendering:
                            optimizeLegibility; color: rgb(51, 51, 51);
                            font-size: 15.0080003738403px; font-style:
                            normal; font-variant: normal;
                            letter-spacing: normal; orphans: auto;
                            text-align: start; text-indent: 0px;
                            text-transform: none; white-space: normal;
                            widows: 1; word-spacing: 0px;
                            -webkit-text-stroke-width: 0px;
                            background-color: rgb(255, 255, 255);">
                            Finally, by not engaging in lobbying, your
                            organization may be failing to employ a very
                            important activity that could be enormously
                            helpful in carrying out its mission.</p>
                          <br>
                          <br>
                          <div class="moz-cite-prefix">On 6/21/15 3:32
                            PM, Jerry Hoff wrote:<br>
                          </div>
                          <blockquote
                            cite="mid:741675FD-A590-42D8-A175-EA0672ECD616@owasp.org"
                            type="cite">
                            <div>Agreed - but I was under the strong
                              impression this entire discussion was on
                              putting out a statement similar to the
                              IAB.  Apologies if I misunderstood. I was
                              voicing support on that specific action.</div>
                            <div><br>
                            </div>
                            <div>I didn't see anywhere in the thread
                              (though I may have missed it) anyone
                              advocating political campaigning or to
                              change the OWASP charter such that
                              influencing legislation would be a
                              substantial activity. <br>
                              <br>
                              --
                              <div>Jerry Hoff</div>
                              <div><a moz-do-not-send="true"
                                  href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                              <div>@jerryhoff</div>
                            </div>
                            <div><br>
                              On Jun 21, 2015, at 21:25, Jim Manico <<a
                                moz-do-not-send="true"
                                class="moz-txt-link-abbreviated"
                                href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
                              wrote:<br>
                              <br>
                            </div>
                            <blockquote type="cite">
                              <div>Jerry,<br>
                                <br>
                                I'm a fan of OWASP taking technical
                                stands such as the IAB Statement on
                                Internet Confidentiality
                                <a moz-do-not-send="true"
                                  class="moz-txt-link-freetext"
href="https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/">https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/</a>
                                and similar.
                                <br>
                                <br>
                                What our 501(c)(3) foundation needs to
                                to steer clear of from my understanding
                                is...<br>
                                <br>
                                1) ... not to engage in political
                                campaigning<br>
                                2) ... not to attempt to influence
                                legislation as a substantial part of our
                                activities<br>
                                <br>
                                I am no fan of NACL's but this is a very
                                important topic.<br>
                                <br>
                                The exact quote from the IRS is (<a
                                  moz-do-not-send="true"
                                  class="moz-txt-link-freetext"
href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501%28c%29%283%29-Organizations%29"><a class="moz-txt-link-freetext" href="http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations)">http://www.irs.gov/Charities-&-Non-Profits/Charitable-Organizations/Exemption-Requirements-Section-501(c)(3)-Organizations)</a></a><br>
                                <br>
                                <span style="color: rgb(0, 0, 0);
                                  font-family: sans-serif; font-size:
                                  13px; font-style: normal;
                                  font-variant: normal; font-weight:
                                  normal; letter-spacing: normal;
                                  line-height: 16.0029983520508px;
                                  orphans: auto; text-align: start;
                                  text-indent: 0px; text-transform:
                                  none; white-space: normal; widows: 1;
                                  word-spacing: 0px;
                                  -webkit-text-stroke-width: 0px;
                                  display: inline !important; float:
                                  none; background-color: rgb(255, 255,
                                  255);">"...it may not attempt to
                                  influence legislation as a substantial
                                  part of its activities and it may not
                                  participate in any campaign activity
                                  for or against political
                                  candidates..."</span><br>
                                <br>
                                So as long as our "official foundation
                                statement" on this matter steers clear
                                of these issues, I will support it.<br>
                                <br>
                                We will be discussing this at the June
                                24th meeting, I hope you can make it.<br>
                                <br>
                                <a moz-do-not-send="true"
                                  class="moz-txt-link-freetext"
                                  href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
                                <br>
                                Aloha,<br>
                                Jim<br>
                                <br>
                                <div class="moz-cite-prefix">On 6/21/15
                                  3:16 PM, Jerry Hoff wrote:<br>
                                </div>
                                <blockquote
                                  cite="mid:A2E4A344-4519-4A6B-A86A-B240A09E68DD@owasp.org"
                                  type="cite">
                                  <div>I believe this debate is based
                                    off wrong assumptions - for example
                                    the EFF is 501(c)(3) and that does
                                    not prevent them from taking a
                                    position on relevant issues as an
                                    organization.<br>
                                    <br>
                                    --
                                    <div>Jerry Hoff</div>
                                    <div><a moz-do-not-send="true"
                                        href="mailto:jerry@owasp.com">jerry@owasp.com</a></div>
                                    <div>@jerryhoff</div>
                                  </div>
                                  <div><br>
                                    On Jun 21, 2015, at 21:05, Jim
                                    Manico <<a moz-do-not-send="true"
                                      class="moz-txt-link-abbreviated"
                                      href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>>
                                    wrote:<br>
                                    <br>
                                  </div>
                                  <blockquote type="cite">
                                    <div>With respect, I disagree with
                                      your take on this Jeff. Official
                                      OWASP public statements should be
                                      done with care.<br>
                                      <br>
                                      Also, this issue is not resolved
                                      yet and I am simply stating *my
                                      opinion* on the matter backed by
                                      research and references to IRS
                                      guidelines discussing this matter.
                                      And again I've stated that this is
                                      a nebulous area even by IRS
                                      regulation.<br>
                                      <br>
                                      <u><b>We are discussing this at
                                          the June 24 board meeting</b></u><u><b>
                                          - a meeting in which I hope
                                          that you and the community
                                          attend.</b></u>
                                      <br>
                                      <br>
                                      Making a big statement like this
                                      as an official message of the
                                      OWASP foundation - especial since
                                      it's political in nature - does in
                                      my opinion require board
                                      discussion. I know you want us to
                                      "jump on this" immediately - and
                                      we are Jeff - in just a few days.<br>
                                      <br>
                                      In fact, if the language is
                                      crafted in a way that keeps clear
                                      of specific legislation, I will
                                      likely vote to push this out. I
                                      agree with it 100%, I am only
                                      concerned if it's the right thing
                                      for OWASP to be making such a
                                      public statement.
                                      <br>
                                      <br>
                                      It is critical for all of us in
                                      OWASP leadership to be aware of
                                      the limits of what a 501(c)(3)
                                      should be doing, and when I hear
                                      that the members of foundation
                                      want OWASP to make a public and
                                      politically charged statement of
                                      intent, I think it's crucial for
                                      the board to be a part of it since
                                      the board holds legal
                                      responsibility for the operations
                                      of the foundation.<br>
                                      <br>
                                      See you June 24th?<br>
                                      <br>
                                      <a moz-do-not-send="true"
                                        class="moz-txt-link-freetext"
                                        href="https://www.owasp.org/index.php/June_24,_2015">https://www.owasp.org/index.php/June_24,_2015</a><br>
                                      <br>
                                      Aloha,<br>
                                      Jim<br>
                                      <br>
                                      <br>
                                      <br>
                                      <br>
                                      <br>
                                      <div class="moz-cite-prefix">On
                                        6/21/15 2:47 PM, Jeff Williams
                                        wrote:<br>
                                      </div>
                                      <blockquote
cite="mid:815ED4954DD4EA87.AC9F30B4-B882-4DBD-8F06-A2CC09F2B771@mail.outlook.com"
                                        type="cite">
                                        <div>This is a false dichotomy
                                          -- OWASP can and should do
                                          both. The Board should work to
                                          assist and support *any* idea
                                          consistent with our
                                          mission...even if...especially
                                          if... you don't think it will
                                          work.</div>
                                        <div><br>
                                        </div>
                                        <div>You can't let *your*
                                          judgement influence the
                                          decision to support a project.
                                          If you do, then all we will
                                          ever get is Board ideas.  And,
                                          respectfully, I don't trust
                                          you or any other individual to
                                          think up the next great AppSec
                                          idea.</div>
                                        <div><br>
                                        </div>
                                        <div>The Board shouldn't
                                          interfere at all unless
                                          somebody is doing something
                                          harmful to the organization or
                                          the mission. And even then
                                          should try to figure out a
                                          productive path for that
                                          energy.</div>
                                        <div><br>
                                        </div>
                                        <div>Again respectfully, you
                                          should get out of the way.<br>
                                          <br>
                                          <div class="acompli_signature">--Jeff<br>
                                          </div>
                                        </div>
                                        <br>
                                        <br>
                                        <br>
                                        <div class="gmail_quote">On Sun,
                                          Jun 21, 2015 at 5:27 PM -0700,
                                          "Jim Manico" <span dir="ltr">
                                            <<a
                                              moz-do-not-send="true"
                                              class="moz-txt-link-abbreviated"
href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>></span>
                                          wrote:<br>
                                          <br>
                                          <blockquote
                                            class="gmail_quote"
                                            style="margin:0 0 0
                                            .8ex;border-left:1px #ccc
                                            solid;padding-left:1ex">
                                            <div dir="3D"ltr"">
                                              <div>Jeff,</div>
                                              <div><br>
                                              </div>
                                              <div>My take on this is
                                                that "talk is cheap" and
                                                that "actions are more
                                                powerful words". I'd
                                                rather keep out of
                                                legislation and focus on
                                                making important
                                                projects like ESAPI,
                                                ASVS, Security Shepard
                                                and others more
                                                powerful.</div>
                                              <div><br>
                                              </div>
                                              <div>I am sorry you are
                                                disappointed in current
                                                board action, but there
                                                is good reason behind
                                                the perspective I am
                                                stating. Also, this is
                                                my opinion alone, not
                                                the entire boards.</div>
                                              <div><br>
                                              </div>
                                              <div>Again, take a look at
                                                Whisper Systems. They
                                                are providing incredibly
                                                well created and well
                                                assessed open source
                                                projects for secure
                                                communications. These
                                                open source projects are
                                                now being integrated
                                                into various Operating
                                                Systems and other
                                                projects.</div>
                                              <div><br>
                                              </div>
                                              <div>If ESAPI was not a
                                                abandoned, it could have
                                                been serving our mission
                                                - planet level. I want
                                                to see it and other key
                                                projects revived and
                                                well funded.</div>
                                              <div><br>
                                              </div>
                                              <div>The power of a well
                                                built security project
                                                is worth more than a
                                                thousand words. Talk is
                                                cheap. Actions that
                                                change the world take
                                                sweat, blood and staying
                                                the course even when
                                                it's no longer
                                                financially beneficial
                                                to do so.</div>
                                              <div><br>
                                              </div>
                                              <div>Respectfully,<br>
                                                <div>--</div>
                                                <div>Jim Manico</div>
                                                <div>
                                                  <div
                                                    apple-content-edited="true"
                                                    class="">
                                                    <div class=""
                                                      style="word-wrap:
                                                      break-word;
                                                      -webkit-nbsp-mode:
                                                      space;
                                                      -webkit-line-break:
after-white-space;">
                                                      <div class=""><span
                                                          style="background-color:

                                                          rgba(255, 255,
                                                          255, 0);">Global
                                                          Board Member</span></div>
                                                      <span
                                                        style="background-color:
                                                        rgba(255, 255,
                                                        255, 0);">OWASP
                                                        Foundation</span>
                                                      <div class=""><font
color="#000000"><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.owasp.org">https://www.owasp.org</a></font></div>
                                                    </div>
                                                  </div>
                                                  <div class=""><span
                                                      style="background-color:
                                                      rgba(255, 255,
                                                      255, 0);">Join me
                                                      at <a
                                                        moz-do-not-send="true"
href="http://appsecusa.org/" target="_blank" class="">AppSecUSA</a> 2015
                                                      in San Francisco!</span></div>
                                                </div>
                                              </div>
                                              <div><br>
                                                On Jun 21, 2015, at 2:12
                                                PM, Jeff Williams <<a
                                                  moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jeff.williams@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jeff.williams@owasp.org">jeff.williams@owasp.org</a></a>>
                                                wrote:<br>
                                                <br>
                                              </div>
                                              <blockquote type="cite">
                                                <div>
                                                  <div>For the record,
                                                    the IAB is part of
                                                    the IETF, which *is*
                                                    a 501c3.  Even
                                                    though 501c3
                                                    organizations *can*
                                                    do some lobbying (as
                                                    long as expenditures
                                                    are not
                                                    substantial), the
                                                    IAB is careful not
                                                    to talk about
                                                    legislation or urge
                                                    anyone to contact
                                                    representatives
                                                    about legislation.</div>
                                                  <div>As the creator
                                                    and longtime Chair
                                                    of the OWASP Board,
                                                    I'm frustrated that
                                                    the current Board
                                                    isn't falling over
                                                    themselves to
                                                    support efforts like
                                                    this.  IMO the whole
                                                    purpose of the Board
                                                    is to create a great
                                                    platform to support
                                                    and amplify the
                                                    efforts of anyone
                                                    willing to
                                                    contribute to our
                                                    important cause.
                                                    Does't matter the
                                                    topic, but instead
                                                    of saying no or
                                                    criticizing ideas or
                                                    projects, figure out
                                                    a way to make it
                                                    work or make them
                                                    better.</div>
                                                  <div>In this case, and
                                                    a million other
                                                    topics, it would be
                                                    incredibly easy to
                                                    stick to the
                                                    technical realities
                                                    and feasibility of
                                                    any approaches being
                                                    discussed in the
                                                    news.  No need to
                                                    mention legislation.</div>
                                                  <div>
                                                    <div
                                                      class="acompli_signature">--Jeff<br>
                                                      <br>
                                                      Jeff Williams |
                                                      CTO<br>
                                                      Contrast Security<br>
                                                      <a
                                                        moz-do-not-send="true"
href="tel:410.707.1487" x-apple-data-detectors="true"
                                                        x-apple-data-detectors-type="telephone"
x-apple-data-detectors-result="0/1">410.707.1487</a> | @planetlevel
                                                      @contrastsec<br>
                                                      <br>
                                                    </div>
                                                    <br>
                                                  </div>
                                                  <div
                                                    class="gmail_quote">_____________________________<br>
                                                    From: Jim Manico
                                                    <<a
                                                      moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>><br>
                                                    Sent: Sunday, June
                                                    21, 2015 7:37 PM<br>
                                                    Subject: Re:
                                                    [Owasp-leaders]
                                                    [Owasp-community]
                                                    [Owasp-board] IAB
                                                    Statement on the
                                                    Trade in Security
                                                    Technologies<br>
                                                    To: McGovern, James
                                                    <<a
                                                      moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com"><a class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a></a>><br>
                                                    Cc: <<a
                                                      moz-do-not-send="true"
href="mailto:owasp-community@lists.owasp.org"
                                                      x-apple-data-detectors="true"
x-apple-data-detectors-type="link" x-apple-data-detectors-result="5"><a class="moz-txt-link-abbreviated" href="mailto:owasp-community@lists.owasp.org">owasp-community@lists.owasp.org</a></a>>,
                                                    OWASP Board List
                                                    <<a
                                                      moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                      href="mailto:owasp-board@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:owasp-board@lists.owasp.org">owasp-board@lists.owasp.org</a></a>>,

                                                    owasp-leaders <<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                      href="mailto:owasp-leaders@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:owasp-leaders@lists.owasp.org">owasp-leaders@lists.owasp.org</a></a>><br>
                                                    <br>
                                                    <br>
                                                    <meta
                                                      content="text/html;
                                                      charset=utf-8">
                                                    <div>I will - for
                                                      sure - put this on
                                                      the June 24th
                                                      Board meeting
                                                      agenda. My opinion
                                                      (based on research
                                                      over the years
                                                      trying to
                                                      understand my duty
                                                      to the foundation)
                                                      is to keep AWAY
                                                      from any even
                                                      slight attempt to
                                                      influence
                                                      legislation.
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div>In general I
                                                      see projects,
                                                      documentation
                                                      efforts and
                                                       conferences doing
                                                      much to unite us
                                                      in our shared
                                                      mission. But start
                                                      discussing
                                                      politics and it
                                                      will go a long way
                                                      to divide us as a
                                                      community.
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div>I suggest that
                                                      we focus on •doing
                                                      something• vs
                                                      •saying
                                                      something•.  </div>
                                                    <div><br>
                                                    </div>
                                                    <div>Imagine funding
                                                      open source
                                                      projects similar
                                                      to Whisper Systems
                                                      or enhancing our
                                                      documentation
                                                      projects to be
                                                      much more up to
                                                      date and relevant
                                                      our building
                                                      professional open
                                                      source training
                                                      material? This is
                                                      how I think the
                                                      foundation can
                                                      best face these
                                                      issues while at
                                                      the same time
                                                      serve our mission
                                                      while at the same
                                                      time keep away
                                                      from influencing
                                                      legislation. :)
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div>And for what
                                                      it's worth, I
                                                      strongly dislike
                                                      the fact that I'm
                                                      bringing these
                                                      things up. I'm not
                                                      trying to ruin
                                                      anyones party
                                                      here. But I do
                                                      feel it's my duty
                                                      as your elected
                                                      board member to do
                                                      so.
                                                    </div>
                                                    <div><br>
                                                    </div>
                                                    <div>Aloha, </div>
                                                    <div>-- <br>
                                                      <div>Jim Manico </div>
                                                      <div>
                                                        <div class="">
                                                          <div class=""
                                                          style="word-wrap:

                                                          break-word;
                                                          -webkit-nbsp-mode:
                                                          space;
                                                          -webkit-line-break:
after-white-space;">
                                                          <div class=""><span
                                                          style="background-color:

                                                          rgba(255, 255,
                                                          255, 0);">Global
                                                          Board Member</span>
                                                          </div>
                                                          <span
                                                          style="background-color:
                                                          rgba(255, 255,
                                                          255, 0);">OWASP
                                                          Foundation</span>
                                                          <div class=""><font
color="#000000"><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.owasp.org">https://www.owasp.org</a></font>
                                                          </div>
                                                          </div>
                                                        </div>
                                                        <div class=""><span
                                                          style="background-color:

                                                          rgba(255, 255,
                                                          255, 0);">Join
                                                          me at <a
                                                          moz-do-not-send="true"
href="http://appsecusa.org/" class="">AppSecUSA</a> 2015 in San
                                                          Francisco!</span>
                                                        </div>
                                                      </div>
                                                    </div>
                                                    <div><br>
                                                      On Jun 21, 2015,
                                                      at 1:23 PM,
                                                      McGovern, James
                                                      < <a
                                                        moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">
<a class="moz-txt-link-abbreviated" href="mailto:james.mcgovern@hp.com">james.mcgovern@hp.com</a></a>> wrote: <br>
                                                      <br>
                                                    </div>
                                                    <blockquote>
                                                      <div><span>Jim,
                                                          while you are
                                                          going to the
                                                          board for
                                                          legal
                                                          clarification,
                                                          please
                                                          inquire:</span>
                                                        <br>
                                                        <span></span><br>
                                                        <span>1. 501c3
                                                          is a US thing.
                                                          Can we
                                                          influence
                                                          non-US
                                                          government and
                                                          still comply?</span>
                                                        <br>
                                                        <span>2.
                                                          Understanding
                                                          the US
                                                          political
                                                          issues
                                                          sometimes will
                                                          put us on a
                                                          partisan path.
                                                          For example,
                                                          in CT I have
                                                          commented in
                                                          the past in a
                                                          political
                                                          context on why
                                                          smart guns are
                                                          just plain
                                                          stupid. This
                                                          particular
                                                          issue leans
                                                          more
                                                          conservative/libertarian
                                                          than it does
                                                          Liberal.
                                                          Therefore, we
                                                          must attempt
                                                          to understand
                                                          the flow of
                                                          politics on
                                                          any given
                                                          Sunday.</span>
                                                        <br>
                                                        <span>3. Maybe
                                                          we could
                                                          somehow solve
                                                          this by having
                                                          a policy that
                                                          encourages
                                                          legislators of
                                                          all parties to
                                                          reach out to
                                                          their local
                                                          chapter leader
                                                          for an
                                                          informed
                                                          opinion.</span>
                                                        <br>
                                                        <span></span><br>
                                                        <span>-----Original
                                                          Message-----</span>
                                                        <br>
                                                        <span>From: <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community-bounces@lists.owasp.org">
<a class="moz-txt-link-abbreviated" href="mailto:owasp-community-bounces@lists.owasp.org">owasp-community-bounces@lists.owasp.org</a></a> [<a moz-do-not-send="true"
                                                          href="mailto:owasp-community-bounces@lists.owasp.org">mailto:owasp-community-bounces@lists.owasp.org</a>]
                                                          On Behalf Of
                                                          Jim Manico</span>
                                                        <br>
                                                        <span>Sent:
                                                          Saturday, June
                                                          20, 2015 4:37
                                                          PM</span> <br>
                                                        <span>To: Kevin
                                                          W. Wall</span>
                                                        <br>
                                                        <span>Cc: OWASP
                                                          Board List; <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
                                                          href="mailto:owasp-community@lists.owasp.org">
<a class="moz-txt-link-abbreviated" href="mailto:owasp-community@lists.owasp.org">owasp-community@lists.owasp.org</a></a>; owasp-leaders</span> <br>
                                                        <span>Subject:
                                                          Re:
                                                          [Owasp-community]
                                                          [Owasp-board]
                                                          IAB Statement
                                                          on the Trade
                                                          in Security
                                                          Technologies</span>
                                                        <br>
                                                        <span></span><br>
                                                        <span>I agree
                                                          with you
                                                          Kevin. Even
                                                          the IRS is
                                                          cagey about
                                                          this topic. </span><br>
                                                        <span></span><br>
                                                        <span>However,
                                                          this is an
                                                          organization
                                                          risk that I
                                                          feel we should
                                                          be aware of
                                                          before
                                                          charging to
                                                          far into
                                                          policy. It
                                                          would behoove
                                                          is to get
                                                          legal review
                                                          before going
                                                          to far. I'll
                                                          bring this up
                                                          at the next
                                                          board meeting.</span>
                                                        <br>
                                                        <span></span><br>
                                                        <span>Aloha,</span>
                                                        <br>
                                                        <span>--</span>
                                                        <br>
                                                        <span>Jim Manico</span>
                                                        <br>
                                                        <span>@Manicode</span>
                                                        <br>
                                                        <span><a
                                                          moz-do-not-send="true"
href="tel:%28808%29%20652-3805" x-apple-data-detectors="true"
                                                          x-apple-data-detectors-type="telephone"
x-apple-data-detectors-result="18/1">(808) 652-3805</a></span>
                                                        <br>
                                                        <span></span><br>
                                                        <blockquote><span>On
                                                          Jun 20, 2015,
                                                          at 9:47 AM,
                                                          Kevin W. Wall
                                                          <<a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:kevin.w.wall@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:kevin.w.wall@gmail.com">kevin.w.wall@gmail.com</a></a>>
                                                          wrote:</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>Jim,</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>On
                                                          Sat, Jun 20,
                                                          2015 at 2:55
                                                          PM, Jim Manico
                                                          <<a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a></a>>
                                                          wrote:</span>
                                                          <br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>That
                                                          is fair
                                                          Michael.</span>
                                                          <br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span></span><br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>But
                                                          I do want to
                                                          warn the
                                                          community that
                                                          this is a
                                                          slippery
                                                          slope, we
                                                          </span><br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>are
                                                          being watched,
                                                          and trying to
                                                          influence
                                                          legislation is
                                                          one of the
                                                          </span><br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>few
                                                          ways OWASP can
                                                          lose it's
                                                          charitable
                                                          status. And if
                                                          that happens,
                                                          </span><br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote>
                                                          <blockquote><span>the
                                                          debate about
                                                          what to do
                                                          with our funds
                                                          will quickly
                                                          change for the
                                                          worse.</span>
                                                          <br>
                                                          </blockquote>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>I
                                                          don't think
                                                          that it is
                                                          impossible for
                                                          charitable
                                                          organizations
                                                          to
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>comment
                                                          on public
                                                          possible
                                                          without
                                                          loosing their
                                                          501(c)(3)
                                                          status, but
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>it
                                                          just has to be
                                                          done in the
                                                          right way.
                                                          (However,
                                                          IANAL, so I
                                                          don't
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>even
                                                          begin to know
                                                          the details of
                                                          what that
                                                          "right way"
                                                          would entail.)</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>As
                                                          a case in
                                                          point, the ACM
                                                          has a
                                                          501(c)(3)
                                                          not-for-profit
                                                          status, and
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>yet
                                                          their public
                                                          policy
                                                          arm--the
                                                          USACM--has
                                                          certainly
                                                          tried to </span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>influence
                                                          public policy.
                                                          (Recall the
                                                          crypto debate
                                                          from the late
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>1990s?
                                                          The USACM and
                                                          IEEE wrote a
                                                          letter to Sen.
                                                          John McCain to
                                                          try to
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>influence
                                                          the US
                                                          legislation
                                                          not to pass
                                                          laws to
                                                          mandate weak </span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>encryption.
                                                          E.g., see</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span><<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri"><a class="moz-txt-link-freetext" href="http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri">http://usacm.acm.org/privsec/details.cfm?type=Letters&id=18&cat=8&Pri</a></a></span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>vacy%20and%20Security>.)</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>So
                                                          I'm guessing
                                                          that the devil
                                                          is in the
                                                          details of how
                                                          it is done.  </span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>In
                                                          fact,
                                                          according to
                                                          Spaf's blog at
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span><<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t"><a class="moz-txt-link-freetext" href="https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t">https://www.cerias.purdue.edu/site/blog/post/deja_vu_all_over_again_t</a></a></span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>he_attack_on_encryption/>
                                                          the USACM is
                                                          going through
                                                          this same this
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>this
                                                          again. Like I
                                                          said, I am not
                                                          a lawyer and
                                                          maybe this
                                                          attempt to
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>influence
                                                          public policy
                                                          doesn't
                                                          strictly
                                                          qualify as
                                                          "lobbying" in
                                                          the
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>eyes
                                                          of the IRS.
                                                          But it
                                                          certainly
                                                          doesn't seem
                                                          impossible.</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>Also,
                                                          we can--and
                                                          should--all
                                                          speak out
                                                          strongly
                                                          against things
                                                          that
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>we
                                                          believe are
                                                          against the
                                                          OWASP mission,
                                                          but we don't
                                                          have to do it
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>in
                                                          a manner as
                                                          representing
                                                          OWASP. Do that
                                                          on your
                                                          personal blogs
                                                          or
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>social
                                                          media instead
                                                          of OWASP
                                                          mailing lists
                                                          and there
                                                          shouldn't be
                                                          an
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>issue,
                                                          especially if
                                                          you add a
                                                          short
                                                          disclaimer as
                                                          to how your
                                                          opinion
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>does
                                                          not
                                                          necessarily
                                                          affect the
                                                          opinion of
                                                          OWASP overall
                                                          (in the cases
                                                          when there
                                                          might be some
                                                          doubt).</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>So
                                                          perhaps if we
                                                          decide that we
                                                          officially
                                                          want to speak
                                                          out on
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>certain
                                                          public policy
                                                          as an
                                                          organization
                                                          in order to
                                                          influence
                                                          public
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>policy
                                                          in accordance
                                                          with our
                                                          mission
                                                          statements,
                                                          then someone
                                                          who
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>understands
                                                          the nuances of
                                                          the 501(c)(3)
                                                          IRS
                                                          regulations
                                                          could help
                                                          </span><br>
                                                        </blockquote>
                                                        <blockquote><span>OWASP
                                                          navigate these
                                                          waters.</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span></span><br>
                                                        </blockquote>
                                                        <blockquote><span>-kevin</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>--</span>
                                                          <br>
                                                        </blockquote>
                                                        <blockquote><span>Blog:
                                                          <a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="http://off-the-wall-security.blogspot.com/">
<a class="moz-txt-link-freetext" href="http://off-the-wall-security.blogspot.com/">http://off-the-wall-security.blogspot.com/</a></a></span> <br>
                                                        </blockquote>
                                                        <blockquote><span>NSA:
                                                          All your
                                                          crypto bit are
                                                          belong to us.</span>
                                                          <br>
                                                        </blockquote>
                                                        <span>_______________________________________________</span>
                                                        <br>
                                                        <span>Owasp-community
                                                          mailing list</span>
                                                        <br>
                                                        <span><a
                                                          moz-do-not-send="true"
class="moz-txt-link-abbreviated"
                                                          href="mailto:Owasp-community@lists.owasp.org"><a class="moz-txt-link-abbreviated" href="mailto:Owasp-community@lists.owasp.org">Owasp-community@lists.owasp.org</a></a></span>
                                                        <br>
                                                        <span><a
                                                          moz-do-not-send="true"
class="moz-txt-link-freetext"
                                                          href="https://lists.owasp.org/mailman/listinfo/owasp-community"><a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-community">https://lists.owasp.org/mailman/listinfo/owasp-community</a></a></span>
                                                        <br>
                                                      </div>
                                                    </blockquote>
                                                    <br>
                                                    <br>
                                                  </div>
                                                </div>
                                              </blockquote>
                                            </div>
                                          </blockquote>
                                        </div>
                                      </blockquote>
                                      <br>
                                    </div>
                                  </blockquote>
                                  <blockquote type="cite">
                                    <div><span>_______________________________________________</span><br>
                                      <span>OWASP-Leaders mailing list</span><br>
                                      <span><a moz-do-not-send="true"
                                          href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
                                      <span><a moz-do-not-send="true"
                                          href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
                                    </div>
                                  </blockquote>
                                </blockquote>
                                <br>
                              </div>
                            </blockquote>
                          </blockquote>
                          <br>
                        </div>
                      </blockquote>
                    </div>
                  </blockquote>
                  <br>
                  <br>
                  <fieldset class="mimeAttachmentHeader"></fieldset>
                  <br>
                  <pre wrap="">_______________________________________________
Owasp-board mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
                </blockquote>
                <br>
              </div>
            </blockquote>
            <blockquote type="cite">
              <div><span>_______________________________________________</span><br>
                <span>Owasp-board mailing list</span><br>
                <span><a moz-do-not-send="true"
                    href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br>
                <span><a moz-do-not-send="true"
                    href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br>
              </div>
            </blockquote>
          </div>
        </blockquote>
        <blockquote type="cite">
          <div><span>_______________________________________________</span><br>
            <span>OWASP-Leaders mailing list</span><br>
            <span><a moz-do-not-send="true"
                href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a></span><br>
            <span><a moz-do-not-send="true"
                href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a></span><br>
          </div>
        </blockquote>
      </div>
      <div>
        <p id="yui-gen4">
          <style>
<!--
 /* Font Definitions */
@font-face
        {font-family:"MS 明朝";
        mso-font-charset:78;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
        {font-family:"MS 明朝";
        mso-font-charset:78;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;
        mso-font-charset:0;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:-520092929 1073786111 9 0 415 0;}
@font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;
        mso-font-charset:0;
        mso-generic-font-family:auto;
        mso-font-pitch:variable;
        mso-font-signature:-536870145 1073743103 0 0 415 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-unhide:no;
        mso-style-qformat:yes;
        mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:Cambria;
        mso-ascii-font-family:Cambria;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"MS 明朝";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Cambria;
        mso-hansi-theme-font:minor-latin;
        mso-bidi-font-family:"Times New Roman";
        mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
        {mso-style-type:export-only;
        mso-default-props:yes;
        font-family:Cambria;
        mso-ascii-font-family:Cambria;
        mso-ascii-theme-font:minor-latin;
        mso-fareast-font-family:"MS 明朝";
        mso-fareast-theme-font:minor-fareast;
        mso-hansi-font-family:Cambria;
        mso-hansi-theme-font:minor-latin;
        mso-bidi-font-family:"Times New Roman";
        mso-bidi-theme-font:minor-bidi;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.WordSection1
        {page:WordSection1;}
-->
</style></p>
        <p class="MsoNormal"><span
            style="font-size:14.0pt;font-family:Calibri;
            mso-bidi-font-family:Calibri"><br>
          </span></p>
        <p class="MsoNormal"><span
            style="font-size:14.0pt;font-family:Calibri;
            mso-bidi-font-family:Calibri"><br>
          </span></p>
        <p class="MsoNormal"><span
            style="font-size:14.0pt;font-family:Calibri;
            mso-bidi-font-family:Calibri"><br>
          </span></p>
        <p id="yui-gen3" class="MsoNormal"><span
            style="font-size:14.0pt;font-family:Calibri;
            mso-bidi-font-family:Calibri">______________________________________________________________________<br>
          </span></p>
        <p class="MsoNormal"><span
            style="font-size:14.0pt;font-family:Calibri;
            mso-bidi-font-family:Calibri">The contents of this
            electronic message, including
            any attachments, are intended only for the use of the
            individual or entity to
            which they are addressed and may contain confidential
            information. If you are
            not the intended recipient, you are hereby notified that any
            use,
            dissemination, distribution, or copying of this message or
            any attachment is
            strictly prohibited. If you have received this transmission
            in error, please
            send an e-mail to <a moz-do-not-send="true"
              href="mailto:postmaster@whitehatsec.com"><span
                style="color:#0000E9">postmaster@whitehatsec.com</span></a> and
            delete
            this message, along with any attachments, from your computer<span
              style="font-family: Cambria;">.</span></span></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </body>
</html>