<div dir="ltr">"<span style="font-size:12.8000001907349px">we should be helping set a better platform for just that kind of experimentation. I agree with his sentiment here and will use that idea as one of my primary directives as a board member moving forward." </span><div><span style="font-size:12.8000001907349px">I think instead of trying to influence legislation we can support projects that focus on technology and not politics.<br></span><div><span style="font-size:12.8000001907349px">What we can do though is support projects that are outside of the USA that strive to develop strong crypto technology and support the use of such technology. One such project which is based in Canada where exporting crypto software is not prohibited (not affiliated with OWASP) is the OpenBSD project which develops: LibreSSL(fork of OpenSSL),OpenSSH etc. </span></div><div><span style="font-size:12.8000001907349px">They have very limited funding yet they one of the best Opensource projects in terms of quality in the world. I'd encourage anyone with philanthropic tendencies to donate some money to this project.  Funny enough DARPA use to fund this project, then dropped the funding after the project leader made a comment about the War in Iraq at the time.</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Regards.</span></div><div><span style="font-size:12.8000001907349px">Timo</span></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 23, 2015 at 7:49 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Lucas,<br>
    <br>
    Check out this thread on the board list.<br>
    <br>
    <a href="http://lists.owasp.org/pipermail/owasp-board/2015-June/015608.html" target="_blank">http://lists.owasp.org/pipermail/owasp-board/2015-June/015608.html</a><br>
    <br>
    <div>Lobbying is actually ok within
      reasonable limits. The US Tax Service (IRS) sets clear financial
      limits for that activity which we are very unlikely to get even
      close to, something Tobias pointed out to me.<br>
      
      <pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><i>In short:
OWASP can engage in legislative advocacy and issue-related advocacy, as long as it follows certain rules and steers clear of political campaigning. A non-profit may not have a "substantial part" of its overall activities relates to influencing legislation or carrying on propaganda. Roughly anything under 5% of the overall budget is considered not substantial, while expenditures of above 15% would probably be considered substantial - e.g. 5% would be with our current  budget size spending of more than USD 100.000(!) on lobbying....</i></pre>
      So rock on!<br>
      <br>
      I again wanted to state that something Jeff Williams said on this
      thread was very spot and I heard him clearly. The board should not
      be getting in the way of Application Security awareness
      experimentation; we should be helping set a better platform for
      just that kind of experimentation. I agree with his sentiment here
      and will use that idea as one of my primary directives as a board
      member moving forward.<br>
      <br>
      Aloha,<br>
      Jim<br>
      <br>
    </div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Jim,
        <div><br>
        </div>
        <div>thanks for you kind words. I have almost no knowledge of US
          legislation, so I cannot comment about specifics. But I know
          legislators need help in understanding more technical and
          specialized topics and we need to find a way to educate them.</div>
        <div><br>
        </div>
        <div>Unfortunately the line between educating and lobbying can
          be blurry...</div>
        <div><br>
        </div>
        <div>Regards,</div>
        <div><br>
        </div>
        <div>Lucas</div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Tue, Jun 23, 2015 at 1:16 PM Jim Manico <<a href="mailto:jim.manico@owasp.org" target="_blank"></a><a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div dir="auto">
            <div>Lucas,</div>
            <div><br>
            </div>
            <div>This is very well done and I'm glad you are taking such
              a sensible and education-centric position here.</div>
            <div><br>
            </div>
            <div>Lucas, the more I think about this and research this
              topic the more I realize my position was wrong.</div>
            <div><br>
            </div>
            <div>1) There is plenty of room for us to influence
              legislation up to a certain point</div>
            <div>2) The board should be very accommodating in
              encouraging experimentation</div>
            <div><br>
            </div>
            <div>A little warning is reasonable, but this thread got out
              of hand.</div>
            <div><br>
            </div>
            <div>I get it now and will be certain to encourage more of
              these activities in the future.</div>
            <div><br>
            </div>
            <div>Aloha Lucas,</div>
          </div>
          <div dir="auto">
            <div><br>
              <div>--</div>
              <div>Jim Manico</div>
              <div>
                <div>
                  <div style="word-wrap:break-word">
                    <div><span style="background-color:rgba(255,255,255,0)">Global
                        Board Member</span></div>
                    <span style="background-color:rgba(255,255,255,0)">OWASP
                      Foundation</span>
                    <div><a href="https://www.owasp.org/" style="background-color:rgba(255,255,255,0)" target="_blank"><font color="#000000">https://www.owasp.org</font></a></div>
                  </div>
                </div>
                <div><span style="background-color:rgba(255,255,255,0)">Join
                    me at <a href="http://appsecusa.org/" target="_blank">AppSecUSA</a> 2015!</span></div>
              </div>
            </div>
          </div>
          <div dir="auto">
            <div><br>
              On Jun 23, 2015, at 3:57 AM, Lucas Ferreira <<a href="mailto:lucas.ferreira@owasp.org" target="_blank"></a><a href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>>
              wrote:<br>
              <br>
            </div>
            <blockquote type="cite">
              <div>
                <div dir="ltr">Jonathan,
                  <div><br>
                  </div>
                  <div>not exactly what you are looking for, I guess: <a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank">https://www.owasp.org/index.php/OWASP_Brasil_Manifesto</a></div>
                  <div><br>
                  </div>
                  <div>From my understanding of the whole discussion,
                    our manifesto is Jim's nightmare come true... :-)</div>
                  <div><br>
                  </div>
                  <div>Regards,</div>
                  <div><br>
                  </div>
                  <div>Lucas<br>
                    <br>
                    <div class="gmail_quote">
                      <div dir="ltr">On Mon, Jun 22, 2015 at 4:16 PM
                        Jonathan Carter <<a href="mailto:jonathan.carter@owasp.org" target="_blank">jonathan.carter@owasp.org</a>>
                        wrote:<br>
                      </div>
                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                        <div dir="ltr">On a slightly related note, are
                          there any OWASP projects that focus on law? 
                          It would be interesting to have a project that
                          focuses on current legislation and makes
                          authoritative statements on the efficacy /
                          ramifications of law.</div>
                        <div class="gmail_extra"><br>
                          <div class="gmail_quote">On Fri, Jun 19, 2015
                            at 11:38 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank"></a><a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
                            wrote:<br>
                            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                              <div dir="auto">
                                <div>One of the very few ways we can
                                  lose our tax exempt 501(c)3 status -
                                  the status of a charity - is to engage
                                  in lobbying activities. </div>
                                <div><br>
                                </div>
                                <div>These activities are loosely
                                  defined, but we have a responsibility
                                  to avoid trying to influence
                                  legislation at OWASP •if• we wish to
                                  maintain our tax exempt status.</div>
                                <div><br>
                                </div>
                                <div><a href="http://www.irs.gov/Charities-&-Non-Profits/Lobbying" target="_blank">http://www.irs.gov/Charities-&-Non-Profits/Lobbying</a><br>
                                  <br>
                                  It is a core part of the boards
                                  fiduciary duty to protect the
                                  foundation from losing its tax exempt
                                  status. </div>
                                <div><br>
                                  However, we can as a foundation and as
                                  a community still participate in this
                                  issue by serving our shared mission
                                  with care. Let our sword be open
                                  source solutions that help achieve
                                  these important security goals. Let
                                  our shields be powerful free
                                  documentation that helps inform all
                                  about application security.</div>
                                <div><br>
                                </div>
                                <div>Aloha,</div>
                                <span>
                                  <div>
                                    <div>--</div>
                                    <div>Jim Manico</div>
                                    <div>@Manicode</div>
                                    <div><a href="tel:%28808%29%20652-3805" value="+18086523805" target="_blank">(808) 652-3805</a></div>
                                  </div>
                                </span>
                                <div>
                                  <div>
                                    <div><br>
                                      On Jun 19, 2015, at 6:49 PM,
                                      Kristian Erik Hermansen <<a href="mailto:kristian.hermansen@gmail.com" target="_blank"></a><a href="mailto:kristian.hermansen@gmail.com" target="_blank">kristian.hermansen@gmail.com</a>>
                                      wrote:<br>
                                      <br>
                                    </div>
                                    <blockquote type="cite">
                                      <div>+1000...with NSA Bullrun and
                                        other secret programs known to
                                        weaken crypto around the world
                                        to a similar end, it is our
                                        responsibility as a community to
                                        stand up and say no. As many of
                                        us have the power to vote in the
                                        USA, we also have the ability to
                                        act as agents for the remainder
                                        of the world that doesn't have
                                        such a privilege to influence US
                                        policy. So we need to take that
                                        role and responsibility very
                                        seriously and make sure that
                                        U.S. policymakers understand
                                        crypto weakening proposals and
                                        actions are unacceptable for the
                                        greater health of the Internet
                                        and autonomy of its citizenry.<br>
                                        <div class="gmail_quote">On Fri,
                                          Jun 19, 2015 at 9:08 PM Jeff
                                          Williams <<a href="mailto:jeff.williams@owasp.org" target="_blank"></a><a href="mailto:jeff.williams@owasp.org" target="_blank">jeff.williams@owasp.org</a>>
                                          wrote:<br>
                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                            <div>
                                              <div>Thanks for pointing
                                                this out.  Totally agree
                                                and I wish OWASP had
                                                come out with a similar
                                                statement of values.<br>
                                                <br>
                                                <div>--Jeff<br>
                                                  <br>
                                                  Jeff Williams | CTO<br>
                                                  Contrast Security<br>
                                                  @planetlevel
                                                  @contrastsec<br>
                                                </div>
                                              </div>
                                            </div>
                                            <div class="gmail_quote">_____________________________<br>
                                              From: Tobias <<a href="mailto:tobias.gondrom@owasp.org" target="_blank"></a><a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>><br>
                                              Sent: Sunday, June 14,
                                              2015 4:44 AM<br>
                                              Subject: [Owasp-community]
                                              IAB Statement on the Trade
                                              in Security Technologies<br>
                                              To: <<a href="mailto:owasp-community@lists.owasp.org" target="_blank"></a><a href="mailto:owasp-community@lists.owasp.org" target="_blank">owasp-community@lists.owasp.org</a>></div>
                                            <div class="gmail_quote"><br>
                                              <br>
                                              <br>
                                              <font face="Arial">I
                                                thought this is
                                                noteworthy. <br>
                                                <br>
                                                <b>IAB Statement on the
                                                  Trade in Security
                                                  Technologies</b><b><br>
                                                </b><br>
                                                <a href="https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/" target="_blank"></a><a href="https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/" target="_blank">https://www.iab.org/documents/correspondence-reports-documents/2015-2/iab-statement-on-the-trade-in-security-technologies/</a><br>
                                                <br>
                                                And I am in strong
                                                agreement with the above
                                                statement. <br>
                                                <br>
                                                What do you think? <br>
                                                <br>
                                                Best regards, <br>
                                                <br>
                                                Tobias<br>
                                                <br>
                                              </font> <br>
                                              <br>
                                            </div>
_______________________________________________<br>
                                            Owasp-community mailing list<br>
                                            <a href="mailto:Owasp-community@lists.owasp.org" target="_blank">Owasp-community@lists.owasp.org</a><br>
                                            <a href="https://lists.owasp.org/mailman/listinfo/owasp-community" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-community</a><br>
                                          </blockquote>
                                        </div>
                                      </div>
                                    </blockquote>
                                    <blockquote type="cite">
                                      <div><span>_______________________________________________</span><br>
                                        <span>Owasp-community mailing
                                          list</span><br>
                                        <span><a href="mailto:Owasp-community@lists.owasp.org" target="_blank">Owasp-community@lists.owasp.org</a></span><br>
                                        <span><a href="https://lists.owasp.org/mailman/listinfo/owasp-community" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-community</a></span><br>
                                      </div>
                                    </blockquote>
                                  </div>
                                </div>
                              </div>
                              <br>
_______________________________________________<br>
                              OWASP-Leaders mailing list<br>
                              <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                              <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                              <br>
                            </blockquote>
                          </div>
                          <br>
                        </div>
                        _______________________________________________<br>
                        OWASP-Leaders mailing list<br>
                        <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                        <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                      </blockquote>
                    </div>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
        </blockquote>
      </div>
    </blockquote>
    <br>
    <pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a href="https://www.owasp.org" target="_blank">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
  </div></div></div>

<br>_______________________________________________<br>
Owasp-board mailing list<br>
<a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
<br></blockquote></div><br></div>