[Owasp-website] Website redesign

[Jason Li]

Rory,

On the note of buy-in, I agree that it would be good to get the sense that
the OWASP community at large would be generally positive to any proposed
changes.

But there are only a few critical buy-ins from my perspective in order of
importance:
* Larry Casey
* Chapters Committee
* Projects Committee
* Conferences Committee
* Board

I'll address each of these in reverse chronological order.

Once we have a fully thought out plan, the Board should be presented with
the plan proposal. This is mostly because I'm fairly certain anything we do
will require money. As a result, to do this "right" - we'll need a well
thought out proposal (e.g. http://sl.owasp.org/gpc-budget), outlining what
needs to be acquired/procured/maintained/etc.

The next three are largely because historically, we have used the Wiki for
"everything" at OWASP. Therefore, any change away from the wiki impacts the
three pillars of OWASP (Projects, Conferences, Chapters).

The Conferences Committee should be made aware of the proposal once it's
mostly crystallized. But by and large, they have already moved many
conferences off to standalone independent websites anyhow. They're also
using their own OCMS system along with RegOnline to manage things. So a
change in the website will likely have limited impact that can be easily
managed to.

The Projects Committee (GPC) should be made aware of the proposal once it's
mostly crystallized, as most projects are currently "hosted" on the wiki.
However, this should not be an issue long term because (1) the GPC is
planning on migrating away to our own Projects Portal infrastructure (see
http://sl.owasp.org/project-hosting-rfp if you're curious) and (2) I'm the
chair of the GPC and would like to stay at least somewhat involved in your
efforts, so it'll be easy to keep the GPC apprised ;-)

The Chapters Committee should be made aware of the proposal in the medium
term as almost every chapter makes use of the wiki to maintain their
chapter's web presence. Therefore, any change to the website will likely
have major impacts on the way chapters manage themselves. (I personally have
my own thoughts on this that I'd be happy to share with you if we have time
to sync up at AppSecEU)

And now, most importantly, Larry Casey needs to be involved early and often
in the process. He has been what essentially amounts to the volunteer
administrator of OWASP infrastructure for as long as I can remember. He has
quietly ensured that things like the mailing lists, the wiki, the OWASP
domain name, servers, etc. are up and running - a task for which he receives
little recognition or personal compensation for.

As much as the wiki is a hodgepodge - it is extremely low maintenance and as
a mostly volunteer organization, it has served OWASP well. Many ideas have
been floated in the past (with varying degrees of tangible success). But at
the end of the day, most of the ideas that have been pitched were loosely
thought out (e.g. "oh, we'll just setup XYZ software on a server and call it
a day"). Most of those ideas that have been born and died over the years
have not taken into consideration the long term maintainability of the
system.

In all likelihood, Larry is going to be the one that ends up "tasked" with
maintaining this in the long term and so he needs to involved or at least
aware of the design process. Like I said, he's done some research into
various different _platform_ options (e.g. Jive), so I would try and sync up
with him early and often so that the design perspective and the platform
perspective can easily converge :-)

-Jason

On Thu, Jun 9, 2011 at 11:16 AM, Rory McCune <rory.mccune at owasp.org> wrote:

> Hi jason,
>
> Thanks for the note, very good advice.  Im hoping that i'll be able to walk
> the line between getting some momentum going and making sure that i get the
> right buy-in for any changes.
>
> Ultimately when this gets completed, it's likely to be a very visible
> change to owasps public profile, so im thinking it'll be something people
> will have pretty strong views on.  Luckily everyone i've spoken to so far,
> sees the need for change and considers it important, so at least that part
> seems settled.
>
> Once im back at my desk i'll get a schedule/plan out as a first step :)
>
> Cheers
>
> Rory
>
> Sent from my iPad
>
> On 9 Jun 2011, at 10:35, Jason Li <jason.li at owasp.org> wrote:
>
> Just a cautionary word --- while it's great to get ideas from folks, ideas
> are cheap. People have been voicing their "ideas" for years at conferences,
> summits, on the mailing lists, blogs, tweets, etc.
>
> I don't think there's any shortage of "ideas" out there. What we really
> need is for someone with a vision to just go and "do" it.
>
> I know Larry has done some of this research (even in terms of pricing for
> Jive), but his plate is full already with OWASP things (as is mine).
>
> I don't want to be discouraging, but I've seen several iterations of this
> website redesign process happen over the years. You have all this enthusiasm
> and energy to take up the task. What I don't want to see happen is that you
> get caught in the same sand trap that everyone has gotten stuck in. That
> sand trap is asking for ideas, which winds up getting lots of people
> involved, which ends up slowing down the entire process until the enthusiasm
> and energy runs out.
>
> There's an expression: "too many cooks in the kitchen..."
>
> -Jason
>
> P.S. I'm also at AppSecEU right now if you want to chat
>
> On Thu, Jun 9, 2011 at 10:17 AM, Rory McCune < <rory.mccune at owasp.org>
> rory.mccune at owasp.org> wrote:
>
>> Hi,
>>
>> Cool, i agree, i'd really like to see something done here.  I'm at
>> appseceu at the moment, so i'm trying to get round people to get an idea of
>> peoples views round the leaders community.
>>
>> Definitely any resources on the design side would be useful, and the
>> appearance / usability will be key if we're going to end up with a good
>> result...
>>
>> Cheers
>>
>> Rory
>>
>> Sent from my iPad
>>
>> On 8 Jun 2011, at 19:12, Rohit Sethi < <rklists at gmail.com>
>> rklists at gmail.com> wrote:
>>
>> Rory, I'd be happy if you take this over as well. I just want to make sure
>> something gets done.
>>
>> Arturo mentioned he knows a web designer who can also help with this.
>>
>> I really think this ought to be a funded project with a committee driving
>> it to make sure the website is usable.
>>
>> --
>> Rohit Sethi
>> SD Elements
>> <http://www.sdelements.com> <http://www.sdelements.com>
>> http://www.sdelements.com
>> twitter: rksethi
>>
>>  _______________________________________________
>> Owasp-website mailing list
>> <Owasp-website at lists.owasp.org>Owasp-website at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/owasp-website>
>> https://lists.owasp.org/mailman/listinfo/owasp-website
>>
>>
>> _______________________________________________
>> Owasp-website mailing list
>>  <Owasp-website at lists.owasp.org>Owasp-website at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/owasp-website>
>> https://lists.owasp.org/mailman/listinfo/owasp-website
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-website/attachments/20110609/5cfbe2b3/attachment.html