The open web application security protocol (OWASP) board has announced that it is to cancel its marketing agreement with RSA Conference, as well as a planned training programme.
In an announcement on the OWASP discussion board, Michael Coates, chair of the OWASP Board, said that OWASP would terminate the co-marketing agreement with RSA for RSA 2014. “This may place our training at risk, but if permitted we will still provide the free training at RSA and the OWASP speaking slot.” This decision was backed by seven members of the OWASP board.
One of those board members, Eoin Keary, said in a tweet that he had to cancel his delivery of secure coding training at the event “due to recent developments”. Keary said in a statement to CSO online that as a board member and individual he could not put his head in the sand “and attend an event hosted by an organisation which may be linked to erosion of software security, individual privacy and possible freedom”.
He said: “I feel we are getting to a tipping point in this area. I want my kids to have a right to privacy. I feel corporations are selling and governments are disrespecting our rights as individuals. I want secure code/technologies developed which protects people’s rights not violates them.
“My training class has been free at RSA such to enable awareness and help developers make informed decisions, such like not using crypto which is proven to be weak. I was also asked by the event organisers not to deliver the training with any other organisation whilst in San Francisco, this goes against my open values.”
However the decision was not met with complete agreement. OWASP co-founder Dennis Groves said on the discussion board that he was “deeply divided by this issue” and the decision forced him to think about the future of both the OWASP organisation and the community.
“I too am disappointed by the allegations against RSA, but currently not enough information is known to hold informed judgment. However the NSA is hurting everyone, and I have to wonder if RSA even had a choice given the situation with Quest communications,” he said.
“Partnerships are very important to OWASP, and we need to tread carefully or we will be forced to walk alone in areas we simply cannot afford to be competitive.”
The announcement came after eight speakers cancelled their speaking slots at next month’s conference. RSA had not responded to a request for comment at the time of writing. John Bumgarner, CTO at the US Cyber Consequences Unit said in a tweet that the current speaker boycotts of RSA Conference 2014 “will likely have little impact on the conference, unless the other 500 speakers drop out too”.