[Owasp-belgium] FW: [Owasp-leaders] What do you want OWASP to become?
Sebastien Deleersnyder
seba at deleersnyder.eu
Thu Nov 1 03:17:31 EDT 2007
Hi,
Please take some time to read the mail below.
These are not simple (yes/no) questions.
You can answer to the list or me personally by Nov 7: I will summarize this
towards the OWASP leaders.
Your opinion does count!
Thx
Seba
_____
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: donderdag 1 november 2007 3:41
To: jinxpuppy at gmail.com
Cc: OWASP Leaders
Subject: Re: [Owasp-leaders] What do you want OWASP to become?
Following Tom's (i.e. Jinxpuppy) suggestion below, let's set the review time
for these questions to 5 working days, and the deadline for submissions next
Thursday, the 8th of November
Regarding how you can submit these ideas, there are two main ways I see this
working: a) we all use this page
https://www.owasp.org/index.php/What_do_you_want_OWASP_to_be or b) we set
up some kind of online questionnaire
Recapping, the plan is for both OWASP projects and chapters leaders to
consult their communities and answer the following question:
As it grows: what do you want OWASP to become?
1. A certifying and CBK type pseudo-company like (ISC)2?
2. An open source project organized along the lines of Debian, Apache,
or a similar group that owns a set of projects?
3. Does OWASP want to certify apps, testers, both or none? (I've seen
all POV advocated)
4. Who will be required to pay what kind of dues, if any?
5. How formal of an organization will OWASP become?
6. Is the status quo preferable to the proposed change?
7. Other?
Thanks for participating and I look forward to your answers
Dinis Cruz
On 11/1/07, Jinxpuppy <jinxpuppy at gmail.com> wrote:
Dinis/all
I propose a review period for each chapter and a submission by each chapter
by (insert deadline) to collect such feedback. There are 101 chapters
right? So we we should use the wizdom of crowds agreement on issues
worldwide to send a message to the current OWASP Foundation board of what
the chapter leads need/want etc.
Then you can easily formulate a tally and do a membership (6223 members
right) survey to get a majority direction. (You could do this 1st however
the membership is frag'ed - mailing list member does not equal active member
such as tool dev, book dev, chapter lead etc...
As a example, I have 9 boardmembers in NY/NJ Metro and only 3 of us are on
this mailing list hence at the local chapter level I propose time to gather
that info...
Then we can submit a "statement from chapter A, chapter B etc etc etc to
whom ever is going to tally it.
Good questions all of them ~ I hope to discuss them all at the San Jose 2007
OWASP event at the chapter leader dinner or have a deadline set for the
questions so in our case we can ask our 571 mailing list members then take
that info and compress it, then vote at the board level and finally submit
answers - "that's how we roll in metro"
-Brennan
Sent from my Verizon Wireless BlackBerry. To contact the sender, please call
973-202-0122.
-----Original Message-----
From: "Dinis Cruz" <dinis at ddplus.net >
Date: Thu, 1 Nov 2007 00:34:01
To:"OWASP Leaders" <owasp-leaders at lists.owasp.org>
Subject: [Owasp-leaders] What do you want OWASP to become?
Taking Adam's question head on (Adam's original email is included at the
end),
OWASP Leaders, please answer these questions:
As it grows: what do you want OWASP to become?
* A certifying and CBK type pseudo-company like (ISC)2?
* An open source project organized along the lines of Debian, Apache, or a
similar group that owns a set of projects?
* Does OWASP want to certify apps, testers, both or none? (I've seen all POV
advocated)
* Who will be required to pay what kind of dues, if any?
* How formal of an organization will OWASP become?
* Is the status quo preferable to the proposed change?
* Other?
For the newer members of this list, here are some pages from our
www.owasp.org <http://www.owasp.org> website which you might find
interesting:
* https://www.owasp.org/index.php/About_OWASP
<https://www.owasp.org/index.php/About_OWASP>
*
https://www.owasp.org/index.php/How_OWASP_Works
<https://www.owasp.org/index.php/How_OWASP_Works>
* https://www.owasp.org/index.php?title=How_OWASP_Works
<https://www.owasp.org/index.php?title=How_OWASP_Works&diff=22690&ol
did=15689> &diff=22690&oldid=15689
<https://www.owasp.org/index.php?title=How_OWASP_Works
<https://www.owasp.org/index.php?title=How_OWASP_Works&diff=22690&ol
did=15689> &diff=22690&oldid=15689 > (this is a previous version of
the 'How OWASP Works' page which contains some ideas about the future)
* https://www.owasp.org/index.php/OWASP_brand_usage_rules
<https://www.owasp.org/index.php/OWASP_brand_usage_rules>
* https://www.owasp.org/index.php/Chapter_Rules
<https://www.owasp.org/index.php/Chapter_Rules>
* https://www.owasp.org/index.php/Chapter_Leader_Handbook
<https://www.owasp.org/index.php/Chapter_Leader_Handbook>
* https://www.owasp.org/index.php/Category:Chapter_Resources
<https://www.owasp.org/index.php/Category:Chapter_Resources>
* http://www.owasp.org/index.php/Tutorial#Editing_OWASP
<http://www.owasp.org/index.php/Tutorial#Editing_OWASP>
And finally, if you haven't seen this amazing page created by Sebastien a
while back with descirptions and links to past OWASP presentations, you must
check it out now:
http://www.owasp.org/index.php/OWASP_Education_Presentation
<http://www.owasp.org/index.php/OWASP_Education_Presentation >
Back to the topic at hand. Now is the time to present and defend your ideas
and vision for OWASP (if you not are comfortable in sending them to the
list, send them to me directly on dinis.cruz at owasp.net
<mailto:dinis.cruz at owasp.net> )
Thanks Adam for kickstarting this conversation :)
Dinis Cruz
On 10/31/07, Adam Muntner < adam.muntner at quietmove.com
<mailto:adam.muntner at quietmove.com> > wrote: There is a lot of conversation
about how to best organize OWASP -
interesting discussion but if we take that approach we may end up with
an OWASP that doesn't meet anyone's needs goal-wise, just
structure-wise. Which doesn't mean much.
It sounds like more fundamantally theres a debate going on about the
direction of OWASP -as it grows, what's it to become?
- A certifying and CBK type pseudo-company like (ISC)2?
- An open source project organized along the lines of Debian, Apache, or
a similar group that owns a set of projects?
- Does OWASP want to certify apps, testers, both or none? (I've seen all
POV advocated)
- Who will be required to pay what kind of dues, if any?
- How formal of an organization will OWASP become?
- Is the status quo preferable to the proposed change?
These are some of the more basic questions I've seen bubble to
the surface... IMO better to address these big questions and then
figure out how the structure could best support it... rather than end up
with a bunch of rules and regs that don't fit anyone in particular.
Just my .02!
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-belgium/attachments/20071101/8c45a135/attachment.html
More information about the Owasp-belgium
mailing list