OWASP has admitted that it could not “sit by idly and zip our mouths shut” and opted for the decision to pull out of a marketing agreement with RSA Conference.
Speaking to IT Security Guru, OWASP board member Eoin Keary said that the decision was not taken lightly and after five days of “heated debate”, the view was that the benefit to people attending the classes and the association and involvement that OWASP had with RSA Conference outweighed the positives. “If any of this is proved to be true, it is a known derision of security for profit and against the core value of what we are trying to fix,” he said.
“Having vulnerabilities in systems by virtue of error is one thing, but if you sell those issues, nothing is ever going to be fixed. So we cancelled the confirmation to speak and had 400 people training at the European conference, and we got a lot more members and lot more people interested in information security from our involvement, but we had to take a stand.”
Keary admitted that there is still a desire to do the training, and while it may not be under the same roof, it will try and be in the same vicinity for an afternoon. “We don’t want to revoke it so everyone loses, but want to do it on our own terms and we don’t need to be in a particular room, we are achieving our mission – it is not about whose badge is over the door,” he said.
He admitted that if the allegations against RSA are proved to be false, then OWASP will not be at the event this year but future plans will be made to “patch things up and move on”. However if the allegations are true, then as an organisation OWASP needs to make a stand on what is right. It isn’t right from a partner perspective, and from an ethics standpoint.
He said that as an organisation who offer testing, assessments and teaches people what to do to stop that bad stuff happening to them, something that its job is to try and prevent “wanton violation of people’s privacy by technical vulnerability” and it had to say “that is not right” and make a stand.
RSA Conference has not responded to requests to comment on those speakers who have cancelled their talks. According to CSO online, 12 speakers have pulled out of speaking slots at the conference.