Sunday, March 02, 2008
Does software security and ethics ever clash?
I have been noodling what the right answer is to a situation and would appreciate any perspective others could share...
On Thursday, we had our first local chapter meeting for OWASP which was a big success. In the audience was a recruiter who happened to be employed by a competitor. He pulled me to the side and thought the event was wonderful and was curious if his company could sponsor food and beverages for an upcoming meeting. As the meeting was held on my own employers campus, this made me ask myself several questions:
1. Should local user group meetings allow recruiting? Will this over time either help or hurt attendance.
2. I tend to operate a mental firewall on things I do on the clock vs those off the clock but also am cognizant that the perception management crowd may get it twisted and read into this action negatively regardless of whether I thought this was good or bad.
3. I am not aware of any company in the history of OWASP ever wanting to sponsor a chapter at the local that didn't actually want to sell something. The usual sponsors tend to either be consulting firms or software vendors and at some level I know that this particular company as their primary business model does neither. I guess it could devolve into them pitching auto insurance but of course the one doing the pitching is required to be licensed.
4. My boss is aware of this scenario and hasn't commented one way or another. I can say that declaration is back testable and there is no career risk that is part of the equation.
Any thoughts from the blogosphere at large that can help me refine my perspective or at least form a more mature perspective...
| | View blog reactionsOn Thursday, we had our first local chapter meeting for OWASP which was a big success. In the audience was a recruiter who happened to be employed by a competitor. He pulled me to the side and thought the event was wonderful and was curious if his company could sponsor food and beverages for an upcoming meeting. As the meeting was held on my own employers campus, this made me ask myself several questions:
1. Should local user group meetings allow recruiting? Will this over time either help or hurt attendance.
2. I tend to operate a mental firewall on things I do on the clock vs those off the clock but also am cognizant that the perception management crowd may get it twisted and read into this action negatively regardless of whether I thought this was good or bad.
3. I am not aware of any company in the history of OWASP ever wanting to sponsor a chapter at the local that didn't actually want to sell something. The usual sponsors tend to either be consulting firms or software vendors and at some level I know that this particular company as their primary business model does neither. I guess it could devolve into them pitching auto insurance but of course the one doing the pitching is required to be licensed.
4. My boss is aware of this scenario and hasn't commented one way or another. I can say that declaration is back testable and there is no career risk that is part of the equation.
Any thoughts from the blogosphere at large that can help me refine my perspective or at least form a more mature perspective...
