Not making a statement can be a statement in its own right." -- Tobias Gondrom Earlier this week, OWASP released a statement after an internal debate regarding recent allegations that RSA had weakened its encryption while receiving $10 million dollars from the NSA. There was heated discussion about whether or not to publish a statement. Would it be perceived as political? What is OWASP's responsibility when it comes to defending the trustworthiness of software? I spoke with Tobias Gondrom and Eoin Keary about that debate. Their premise is that this is not a political statement, but a clarification to keep OWASP focused on its original mission.