[Owasp-leaders] Proposal: OWASP Committees 2.0

Sarah Baso sarah.baso at owasp.org
Wed May 28 01:31:56 UTC 2014

OWASP Leaders and Community Members -

TLDR - Please review, comment and vote on the new committee structure by
June 9, 2014. Wiki page
<https://owasp.org/index.php/Committees_2.0>outlining new structure
for the committees, and google
moderator link <https://www.google.com/moderator/?authuser=1#16/e=2130f2>for
input and voting.


OWASP is an organization that has been built on collaboration and community
involvement. I also hope that OWASP is an organization that can support and
innovation - encouraging the community to try new things and be willing to
look frequently and assess what is working and what isn't.

We have grown to the point where an improved process needs to be
implemented where our leaders can lead and those who wish to participate
can do so easily and productively.

In 2008, the Foundation created committees.  These committees were
successful in that they pushed forward some much needed guidelines and put
some structure around areas that were undefined.

Unfortunately, over time, there were built in flaws with the committee
design that created roadblocks and eventually their failure.

We would like to propose a revamped committee structure based on a solid
foundation that provides the voice and opportunities to the community.
 This structure will depend on a high level of community engagement.

The primary vision is high level committees that focus not on operational
issues, but on the strategic goals as determined by the board of directors.

Below is a side by side comparison of the flaws with the 2008 committees
and a proposal for redesign and implementation of a fresh 2014 model.

'*2008 committee challenges**2014 committee proposal**Platform*

The platform used to "manage" committee activity was limited to the wiki.
This required committee chairs to maintain their wiki page and required
potential members to complete cumbersome wiki pages to apply for the
committee. Both of these activities, over time, became overlooked.
Information was not updated and often potential members were ignored.

OWASP has consolidated its operational platform to work on the Salesforce
platform. The overhauled operational platform provide the staff with the
tools to better facilitate committees (not run them) with the ability to
track members, member activities, topics, and needs in an open to all
format. Additionally, this platform provides a place for committee and
subcommittee engagement to occur.

Committees became an all or nothing group. This created meetings with
months of planning and no real activity. Also, committee members were asked
to participate in all of the committee activities and not just the tasks
(or sub activity) that interested them or that they had time for.

The 2014 committee platform proposes a tiered structure that would allow
the committee to exist at a high level, and have "sub committees" or "task
forces" to be created under the umbrella of the global committee.

Initially, the committee members were recruited for a one year term. The
committee members were to elect a committee chair who would serve as the
point of contact for the committee. Evolution of the committee led to the
perception of "lifetime" terms and members who "signed up" but never
participated and felt like they could never leave.

The tiered committee structure allows a smaller group to lead or steer
initiatives and sub committees. The leadership group will commit to a one
year term, and the initiatives within the group will be task oriented and
therefore have a deadline and a defined end point for the participants. An
open call for participants for each new task or initiative allows for
individuals who are no longer interested in participation to step away.

The selected committee chairs became unwilling recruits who stepped in out
of necessity or default. As such, much of the "objectives" of the
committees fell to the staff to complete.

A key core committed group driving initiatives with variable lengths will
allow the global community to participate in the activities that interest
them for the length of time that it may require.
*Committee Purpose*

For some of the committees and committee chairs, the lack of a defined
objective was a huge roadblock. The committees were created and provided a
very broad segment. This lack of mission created disjointed efforts.

The committees should be assigned, not to a broad area of operations, but
to the strategic goals as set by the Board. By collaborating as a global
community with the opportunity to define a roadmap for a goal will allow
for the committee members to be successful and to see progress.

The 2008 committees worked, for the most part, independently of each other.
This often created duplicate or even conflicting efforts leading to

The core leadership group will work as one unit. Each leader will chose a
particular goal, and the leaders will monitor each other and interact on a
regular basis to develop the initiatives and task force groups.
*Board Involvement*

The 2008 committees were assigned a board member to provide leadership and
oversight. This created some reluctance from committee members to be daring
and definitive.

The committees should not be managed by the board of directors. The board
needs to show trust and encouragement for the community to experiment and
to be successful. Board members can not participate as core committee
members, but can provide input and participate in any of the task force
initiatives as a community member.
*Board Approval*

The final decline of the committees occurred when a committee would bring a
proposal to the board and have the board veto the committee chairs and
members. This sent the message to the chairs that the efforts they were
putting into the committees was done in vain.

Proposals brought forward from the committees should be voted upon by the
community (or community leadership). The community decision should be
considered valid. Implementing a process for a trial period of 6 months to
a year would be sufficient to determine if it was beneficial for the
organization. This also reinstates the sense of ownership the community has
in the organization.


Community Comment and voting period - *May 27 - June 9, 2014 *

Hold an open nomination period until June 30 to establish the core
committee leadership team.  The leadership team will review the 2014
strategic goals and establish an initial set of initiatives to work towards
the goals, "cross pollinating" ideas and successes.

The community will have the opportunity to "sign up" for an initiative or
sub committee and begin work.

Leverage the improved operational platform of the foundation which allows
for open discussions, participation, and visibility while allowing the
staff to provide metrics on participation and progress.

The process will be reviewed and modified as needed in 6 months.

Wiki page outlining structure for the committees 2.0

Most importantly - *We want your input!* not just leaders, or individuals
with an owasp.org email, anyone in the community is encouraged to
participate in this poll of both the general idea of the committees 2.0 and
particular features of the new model. *Participate
here*<https://www.google.com/moderator/?authuser=1#16/e=2130f2> -
anyone can view, you must be logged into a google account (not just
owasp.org) to vote or submit a suggestion.

Thanks and looking forward to here input, improvements, missing information.

Sarah Baso
Executive Director
OWASP Foundation

sarah.baso at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140527/ddbcf0b0/attachment-0001.html>

More information about the OWASP-Leaders mailing list