Monday, April 16, 2018

Board Statement about the AppSec-EU 2018 and related events

[From the OWASP Connector, Wednesday Feburary 14th 2018]

Dear OWASP community,
As there have been quite a number of changes over the last number of months, the Global OWASP Foundation has faced a number of challenges. As you may be aware, three of our staff members have left the foundation, leaving a big gap in our day to day operations. This is not an excuse, but a reason why some processes both slowing down or even came to a complete halt. We are very happy to have found an Executive Director (ED) in Karen Staley. Since joining, Karen has been working hard to turn these challenges into opportunities and to allow OWASP to increase our organizational maturity and professionalism. I think it’s safe to say that the four newly elected board members and new ED, have had the most memorable start in their new position.

We are all extremely passionate about OWASP and with this passion comes frustrations. Your frustration in relation to the lack of information/ communication is understandable. As most of you were celebrating the Christmas and New Year holidays, the board were blindsided by these events. To this end the newly elected and sitting board members, together with our ED, were busy with the matters at hand. Given the time of year and the nature of the matter at hand, it’s easy to forget to communicate. We understand that the lack of communication on our part can make you assume nothing is happening.
Even though there was no communication with the OWASP community at large, we want to ensure you that we were in constant communications with those involved and are working towards an acceptable path forward.

As per previous mailing list communications, the AppSec-EU 2018 conference will take place in the UK. Operational challenges are currently being resolved and information about the conference venue, location will be available as soon possible.

Volunteers who have been working hard on organizing the AppSec-EU 2018 conference in Tel Aviv and the OWASP Israel chapter especially, felt frustrated with the decision to move the conference and way it had been communicated. Those that have previously organized a global OWASP AppSec conference in the past know how much more complex it is to organize compared to a local event, even if the numbers of attendees are more of less the same. The decision to move the AppSec-EU 2018 conference to the UK has been made. We would like to acknowledge the effort of the organizing team, while realizing the required level of support from the foundation was not achieved.

As OWASP board and staff, we see the huge burden it puts on the local chapter and leading volunteers. The OWASP board and staff recognizes the necessity of providing more professional support to the local chapter and volunteers to justify the expectations of our community and sponsors. With her extensive experience in organizing international conferences, our ED is working hard to do so.

As you are aware, the board members are volunteers too and we do our best to act in the best interest of the OWASP community. OWASP is bigger than individuals or the board, OWASP is a community which is driven by it volunteers and we welcome your input in how we can improve OWASP to further our mission. Please be invited to the OWASP Board meetings, the first meeting of the current board is January 24th.

Many times, those who shout the loudest are perceived in representing the community’s opinion. In the succession of the announcement the AppSec-EU to be moved from Tel Aviv to the UK, and the public statement that has been made articulating the frustrations about this decision, people from inside and outside the OWASP community felt the need to vent their opinions. As we are an open organization, I appreciate how forthcoming our community was.

Nevertheless, in OWASP we have a clear policy of ethics, stating the expected professionalism in communication and respect towards each other. We as a community of professionals are required to set an example to the next generation and should therefore lead by example in respecting these ethics when communicating both privately and in the public domain.

We will endeavor to improve our communications going forward and hope that this has not deterred any of the great OWASP community that have spent a countless number of hours volunteering to improve software security as a whole.


On behalf of the OWASP Board of directors,
   Martin Knobloch
___________________
OWASP Chairman of the BOD

No comments: