[Owasp-leaders] Fwd: Stepping down as Board Member
Rex Booth
rex.booth at owasp.org
Mon Feb 14 13:31:53 EST 2011
Agreed 100%.
On 2/14/2011 1:30 PM, Brad Causey wrote:
> Well said Chris.
>
> Personally, I don't care what "technical skills" a given board member
> has, as long as he's a solid leader, and understands how to run the
> business and provide guidance and direction.
>
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
>
>
> On Mon, Feb 14, 2011 at 10:23 AM, Chris Schmidt
> <chris.schmidt at owasp.org <mailto:chris.schmidt at owasp.org>> wrote:
>
> All – I have fought the urge to jump on this thread all morning,
> but I want to point out one *really* important thing here.
>
> There needs to be a *clear* and *distinct* understanding of what
> the responsibilities of board members are. I think that it is the
> job of the Projects Committee to address a lot of Johns specific
> complaints here (and I am in the process of joining said committee
> in an effort to bolster momentum to address a lot of these issues)
>
> My personal opinion is that the board should be a panel of
> *experienced* businessmen who know how to make an organization
> grow and understand the business needs of organizations. OWASP is
> not meant to be a Top-Down Org, and I don’t think that model works
> *at all* for the majority of people that contribute to OWASP in
> any fashion. We should be encouraging the inventors, researchers,
> developers, technical writers, analysts, and chapter leaders to
> all keep bringing everything they can to the organization and in
> no way limit their ability to function as individuals or small
> groups – however, we also need standards and policies that are
> designed for the betterment of the organization as a whole. I
> don’t think it matters if the people who sit on the board are
> coders or if they are highly advanced evangelist aliens – the
> point is that it is the boards responsibility to further the
> organization as whole and the responsibilities of the committees
> and project leaders to direct the content of the organization. It
> is also a primary responsibility of the committees to present the
> details of matters being brought to the board in a manner that
> outlines the details of the matter in a way that is not biased and
> also is understandable by not only the board but the entire OWASP
> community. The Board should not have to dive deep into a matter to
> make a decision – the committees need to be providing the board
> with the information they need to make those decisions.
>
> Basically I equivicate it to this – Having worked in software
> development for the last 6 years and hardware maintenance prior to
> that – given the choice, I would much rather have my boss manage
> the people and let my best developers write the code.
>
> I think that the existing board members (and Dinis) have
> absolutely demonstrated that ability both within and without OWASP
> – and I think that the same should be expected of any *new* board
> members. Generally speaking, I think it is a *bad* idea for board
> members to become so involved in the inner workings of particular
> projects that it distracts them from their duties as board members.
>
> I will have a long and detailed blog posting about my greater
> feelings about this, as well as detailed examples and thoughts
> sometime this week.
>
>
>
>
> On 2/14/11 1:05 PM, "Martin Knobloch" <martin.knobloch at owasp.org
> <http://martin.knobloch@owasp.org>> wrote:
>
> Hi all,
>
> I can definitely see where John is coming from and where he is
> hitting with his wish. Myself, I have been developer quite for
> some time, before I left that area (not without many times
> wishing to be back) and went full time into security consultancy.
>
> Nevertheless, I have my doubts if we should demand any
> specific profession a board member has to come from.
> Of course, all members can and will for sure vote by their
> best opinion. But I my opinion, the board has more
> responsibility then representing the OWASP community.
> You see the same differentiation in the chapters. We have more
> and less technical chapters. Some with more focus on process,
> the other more to implementation. Builders and breakers.
> Developers, tester, auditors. You name it, we got it. Is the
> one more OWASP then the other?
> I can't see how to implement this on a fair manner into the
> election (or we need quite a big board).
>
> Being a board member, as I see this, bring the obligation to
> the whole community. All board members, no matter where they
> come from, have to be able to talk and understand all cultures
> inside and outside OWASP.
>
> To be honest, I have my doubts email is the best way of
> communication in matters like this.
> Maybe it's time we enable a forum on the OWASP site?
>
> We had great thoughts and results in creating an (to be shared
> and agreed on via the whole OWASP community) what we expect of
> the board. Hope we can continue that process via the web!
>
> Cheers,
> ~Martin
>
> On Mon, Feb 14, 2011 at 6:47 PM, John Wilander
> <john.wilander at owasp.org <http://john.wilander@owasp.org>> wrote:
>
> Andre, I said I wanted /two/ board members to write
> production code weekly. Not all board members.
>
> Regarding production code and its definition ... Can you
> do the work of the developers we try to reach out to? The
> guys who implement and maintain Twitter, Facebook, GMail,
> PayPal, Amazon, and YouTube – could you join their team
> and take on tasks from the backlog? At least at 80% speed?
> Are you performing such tasks on a weekly basis? Then you
> fit my frame.
>
> OWASP has no shortage on pentesters (proven by raised
> hands at the summit) so I have full confidence in that
> we'll find one or two pentesters who can run for the board
> too. Since pentesters build up a large part of our
> community I would be happy to have one or two on the board.
>
> The main reason I'm stressing the importance of coders on
> the board is developer outreach. Right now we're failing
> in one of our core missions. I believe hands-on coding
> among the board members will help solve this.
>
> (If there's a silent majority out there either thinking
> I'm totally wrong or right – please speak up. Don't let
> the talkative, myself included, decide for you.)
>
> /John
>
> 2011/2/14 Andre Gironda <andreg at gmail.com
> <http://andreg@gmail.com>>
>
> On Mon, Feb 14, 2011 at 10:06 AM, John Wilander
> <john.wilander at owasp.org
> <http://john.wilander@owasp.org>> wrote:
> > Eoin, if you write production code weekly you're on
> my list of coders for
> > sure. Did not know that. Cred.
> >> So you are of the opinion that writing code is of
> paramount importance
> >> regardless of if its done right?
> >
> > The "done right" addon can be applied to guidelines
> and policies too =>
> > redundant rhetorics. I also believe I wrote
> "production code" which in my
> > view says something about quality.
>
> It says nothing about quality. You seem obsessed with
> this "production
> code" thing, but you don't define it. So if I'm a
> dev-test coder, and
> only write code that works in integration, then
> somehow I'm not
> qualified to be an OWASP board member? What if I write
> 7 kloc a day
> and the production coders I work with only change tens
> of loc's per
> day? What if all of their success in refactorings are
> based on my test
> automation? What if the production coders are
> constantly making
> mistakes and a quality-oriented person is covering for
> them --
> correcting mistakes and making that shipped code
> actually work from a
> user perspective?
>
> > I don't believe in non-coders teaching coders how to
> code better. Many OWASP
> > outreach attempts fail because we're not on the right
> level. Web 1.5 code
> > snippets on a Powerpoint slide won't cut it. "Demo or
> die".
>
> I disagree with this point. Customers and users always
> teach coders
> how to code better. Quality engineers even moreso.
>
> > As I said above, as long as you're writing production
> code weekly you
> > understand coders and can take on that role on the
> board. Good!
>
> I think there is room on the board for more than one
> type of person.
> This seems to over-favor a certain type of application
> developer.
>
> -Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> <http://OWASP-Leaders@lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> Chris Schmidt
> ESAPI Project Manager (http://www.esapi.org)
> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
> Blog: http://yet-another-dev.blogspot.com
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/f89ec5aa/attachment-0001.html
More information about the OWASP-Leaders
mailing list