[Global_chapter_committee] [Global_conference_committee] OWASP Points for Leaders

dinis cruz dinis.cruz at owasp.org
Mon Dec 13 15:34:59 EST 2010


There is a way for you to pay as an Honorary member, it can be done simply
by going to the OWASP website and buying a membership :)

And here is the catch, speaking personally (but I know a lot of other
leaders would share this same felling), *I would feel very offended with
OWASP if I had to 'pay' to be a member (since I already 'pay' a lot to OWASP
with my time), but ... if I receive from OWASP ... the recognition (and
virtual hug) ... to be given an OWASP Honorary membership ... I would be
(and am) ... happy to pay the 50 USD* :)

In fact, there are a lot of OWASP Leaders that are also paid OWASP Members

The key is the dynamic between  HAVING to pay and CHOOSING to pay :)

The requirement to pay to be a leader would also create a barrier of entry
to OWASP, and this would be (in my point of view) contrary to OWASP's values

Dinis Cruz


On 13 December 2010 20:20, Mark Bristow <mark.bristow at owasp.org> wrote:

> Sorry, "Official" OWASP member, paid or honorary.  I said paid but I did
> not speak precisely.
>
> I am for Honorary memberships, although I wish there was a way to pay
> anyway if you are an honorary member (I think you can do this with the new
> system), but this is a separate conversation.
>
> On Mon, Dec 13, 2010 at 3:07 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
>> Mark, are you defending that OWASP leaders will have to pay to become
>> OWASP members? (last year we gave all our leaders a 'Honorary Membership')
>>
>> Or, that they can't even become an OWASP leader (and get points) if they
>> are not a paid OWASP member?
>>
>> What about someone that has been a major co-organizer of an OWASP
>> AppSec conference, will they only get their points if they pay OWASP the
>> membership fee? (in the current case 50 USD)
>>
>> In this discussion, please take into consideration that there is a big
>> moral issue with
>>
>>    - OWASP asking its leaders (who make OWASP OWASP) to pay any amount
>>    (and the exact amount doesn't matter), and
>>    - the fact that there are only a couple countries in the world where
>>    50 USD is not a significant amount (that one would pay without thinking
>>    twice)
>>
>> Dinis Cruz
>>
>>
>> On 13 December 2010 16:30, Mark Bristow <mark.bristow at owasp.org> wrote:
>>
>>> I'd contend you have to be a paid member in order to earn points.
>>>
>>> On Mon, Dec 13, 2010 at 11:29 AM, Kate Hartmann <kate.hartmann at owasp.org
>>> > wrote:
>>>
>>>> *Great stuff.  I think this is a good start and may be applicable for
>>>> the Summit.  I have some questions on the list as noted.  I also think,
>>>> considering the points mentioned by Tom regarding membership, we should add
>>>> “paid member” to the criteria.  Lead by example.*
>>>>
>>>> ·
>>>>
>>>> ·  *Major Active Project Leader 5 points – Which projects are the
>>>> “Major Active Ones?”*
>>>>
>>>> ·  *AppSec organizer in 2009/2010 5 points – Includes the entire
>>>> committee, right?*
>>>>
>>>> ·  *Special Invitation 4 points – What is this?*
>>>>
>>>> ·  *Key Industry player 4 points – What does this mean?*
>>>>
>>>> ·  *Active Chapter leaders 3 points – Define “Active.”*
>>>>
>>>> ·  *New Committee Member 3 points – Less than ?  Three months, one
>>>> year?*
>>>>
>>>> ·  *New  Project Leader 3 points – Define new?*
>>>>
>>>> ·  *Recommit Committee member 2 points – Annual renewal?*
>>>>
>>>> ·  *Past OWASP leaders 2 points – Is this to reengage?*
>>>>
>>>> ·  *Responded by 30th  2 points*
>>>>
>>>> ·  *Participated at AppSec 1 point – attended, spoken?*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Kate Hartmann
>>>>
>>>> Operations Director
>>>>
>>>> 301-275-9403
>>>>
>>>> www.owasp.org
>>>>
>>>> Skype:  Kate.hartmann1
>>>>
>>>>
>>>>
>>>> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
>>>> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *dinis
>>>> cruz
>>>> *Sent:* Monday, December 13, 2010 6:13 AM
>>>> *To:* Tony UV
>>>> *Cc:* Global_membership_committee at lists.owasp.org;
>>>> global_conference_committee; owasp-summit-2011 at lists.owasp.org
>>>> *Subject:* [Global_conference_committee] OWASP Points for Leaders
>>>>
>>>>
>>>>
>>>> (I changed the title to reflect the current topic (see thread below for
>>>> reference)
>>>>
>>>>
>>>>
>>>> Mark is spot on that the point of the points system :)  , is to
>>>> recognize the leaders participation (and not to encourage it)
>>>>
>>>>
>>>>
>>>> The fact that we don't have good visibility into our leaders
>>>> contribution is a massive problem at OWASP (and one that if don't tackle
>>>> soon could cause a lot of damage to our community).
>>>>
>>>>
>>>>
>>>> Since the best way to get something done at OWASP is to have a
>>>> reason/event creating its need, the OWASP Summit 2011 is the
>>>> perfect opportunity to have a first pass at doing this.
>>>>
>>>>
>>>>
>>>> The problem we have at the Summit is *'On which order/priority do we
>>>> allocate the limited available funds to bring our hard-working leaders to
>>>> the Summit' *(i.e. if we have an extra 25k, who should get that money
>>>> first? (as you will see on the spreadsheet below, the current amount needed
>>>> is 88k)
>>>>
>>>>
>>>>
>>>> In order to get to this answer we have started creating a solution which
>>>> is in essence the points model proposed on this list.
>>>>
>>>>
>>>>
>>>> Please start by reading this thread:
>>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html which
>>>> points to this spreadsheet
>>>> https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en (see
>>>> sheet #2 called '2nd Batch - Sponsorships')
>>>>
>>>>
>>>>
>>>> The discussion is currently at *'What types of points should we have
>>>> and what should be their value?'*
>>>>
>>>>
>>>>
>>>> Jason (in
>>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html)
>>>> proposes the following list (which I agree) . Note that this needs to be
>>>> merged with the ideas already discussed in this thread:
>>>>
>>>> ·  *Major Active Project Leader 5 points*
>>>>
>>>> ·  *AppSec organizer in 2009/2010 5 points*
>>>>
>>>> ·  *Special Invitation 4 points*
>>>>
>>>> ·  *Key Industry player 4 points*
>>>>
>>>> ·  *Active Chapter leaders 3 points*
>>>>
>>>> ·  *New Committee Member 3 points *
>>>>
>>>> ·  *New  Project Leader 3 points*
>>>>
>>>> ·  *Recommit Committee member 2 points*
>>>>
>>>> ·  *Past OWASP leaders 2 points *
>>>>
>>>> ·  *Responded by 30th  2 points*
>>>>
>>>> ·  *Participated at AppSec 1 point*
>>>>
>>>> *Rationale:*
>>>>
>>>> *- Committee Members: New committee members are demonstrating energy
>>>> and initiative. Recommitted members are members who for one reason or
>>>> another became inactive but have recommitted themselves to their committee.
>>>> While it's great that they have recommitted, I think we should give a slight
>>>> priority to new committee members over members who have already had an
>>>> opportunity to serve but failed to deliver. In essence, Recommitted
>>>> Committee members are akin to "historic" leaders*
>>>>
>>>> *- Projects: New projects leaders are like new committee in that we
>>>> want to encourage the energy and initiative. Existing project leaders of
>>>> active projects are extremely important to the OWASP ecosystem so they
>>>> should be prioritized.*
>>>>
>>>>
>>>>
>>>> * *Let's see if over the next couple days, we can:
>>>>
>>>>    - agree on a criteria,
>>>>    - complete the spreadsheet formula,
>>>>    - do a first pass at the mappings
>>>>    - and finally open up the discussion and mappings to the
>>>>    owasp-leaders list
>>>>
>>>> Dinis Cruz
>>>>
>>>>
>>>> On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:
>>>>
>>>> Sounds good.  Inline comments below. Overall main concern is the (a)
>>>> development of the point system (b) educating a wide global member base on
>>>> the point system (despite the most clear and concise wiki, etc to accompany
>>>> it) (c) marketing this reward system to the point that adoption ramps up
>>>> effectively. In either case, I’m all in.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>>
>>>> *Chapter Lead*
>>>>
>>>> *OWASP Atlanta*
>>>>
>>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>>
>>>> Twitter: *@versprite*
>>>>
>>>>
>>>>
>>>> *From:* Mark Bristow [mailto:mark.bristow at owasp.org]
>>>> *Sent:* Sunday, December 12, 2010 7:34 PM
>>>> *To:* Tony UV
>>>> *Cc:* Michael Coates; global_conference_committee;
>>>> Global_membership_committee at lists.owasp.org
>>>>
>>>>
>>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships -
>>>> Vote Scheduled for 12/21 @ Membership Meeting
>>>>
>>>>
>>>>
>>>> The point is't to motivate people to contribute, *[Tony UcedaVelez] * No
>>>> arguments on the need and goal to motivate folks.  Agree there.
>>>>
>>>>
>>>>
>>>> it's to recognize people who do and provide some metrics that can be
>>>> pointed to (Like CISSP CPEs) to demonstrate involvement.  *[Tony
>>>> UcedaVelez] * Wouldn’t issuing CPE certs (a) achieve the same thing in
>>>> terms of metrics (number issued to, what they did, etc) and (b) give
>>>> volunteers something that they actually need? Otherwise we’ll have to
>>>> develop a fairly point redeeming system AND educate them (more time) in
>>>> order to get them to understand what those points translate into.  All good
>>>> if we want to do that, but simply speaking on the logistics and time to be
>>>> taken vs tapping into an existing solution that they already know.  Currently
>>>> there is no measure of this.
>>>>
>>>>
>>>>
>>>> This is why I was shouldering the responsibility for individual points
>>>> awards/tracking on each Committee.  *[Tony UcedaVelez] * Would it make
>>>> sense that there would be a dedicated global points coordinator for all of
>>>> this or even team to do this across the board?  Just thinking of the
>>>> scalability of leaders of those committees to have to set yet something else
>>>> up as well.  Conference Volunteers is
>>>> actually something not difficult for me to track (as they get in free, need
>>>> shirts ordered for them et all, they are identified early).*[Tony
>>>> UcedaVelez] * Sounds good then.  As long as this and other proposed use
>>>> cases doesn’t introduce a fuzzy, non-credible point system where points are
>>>> awarded w/o proper accountability.
>>>>
>>>>
>>>>
>>>> Each committee knows what's measurable and what's not.
>>>>
>>>> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
>>>>
>>>> My .02 late in the game is as follows:  (please excuse any redundancy)
>>>>
>>>>
>>>>
>>>> -          Main point, if people need a point system to lead or
>>>> contribute, then there is something wrong here. This is my main gut feeling.
>>>>
>>>> -          Points would be difficult to track and maintain the
>>>> accountability and integrity of. He/She said could ensue, particularly if
>>>> points are awarded to relatively simple actions that are not well defined
>>>> (i.e. – OWASP Conference Volunteer)
>>>>
>>>> -          Don’t think that the point system would have much clout with
>>>> employers.  We could simply do the CPE thing for those that nurse those
>>>> certifications.  They have to find hours anyway and they may as well get
>>>> credit.  All depends on how active we’ve socialized the idea of awarding
>>>> CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
>>>>
>>>> -          Point system may work best to cash in to a reward point
>>>> system (which may have already been discussed) where members turn in points
>>>> for freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
>>>>
>>>> -          Corporate level point system may work by letting them rack
>>>> up points so that they could get a free 2 day training from an OWASP lead or
>>>> trainer.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>>
>>>> *Chapter Lead*
>>>>
>>>> *OWASP Atlanta*
>>>>
>>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>>
>>>> Twitter: *@versprite*
>>>>
>>>>
>>>>
>>>> *From:* global_membership_committee-bounces at lists.owasp.org [mailto:
>>>> global_membership_committee-bounces at lists.owasp.org] *On Behalf Of *Mark
>>>> Bristow
>>>> *Sent:* Sunday, December 12, 2010 4:36 PM
>>>> *To:* Michael Coates
>>>> *Cc:* global_conference_committee;
>>>> Global_membership_committee at lists.owasp.org
>>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships -
>>>> Vote Scheduled for 12/21 @ Membership Meeting
>>>>
>>>>
>>>>
>>>> <inject>
>>>>
>>>>
>>>>
>>>> I actually was talking to Jason Li and Dinis about this at AppSec BR.
>>>>  We were thinking that we could develop a "OWASP Points" System that assigns
>>>> points to people based on the OWASP Activities they do.  Ultimately We'd
>>>> might work out member "levels" or some benefits to add to this, but i
>>>> digress.
>>>>
>>>>
>>>>
>>>> You all would set "global" point values for things like, being a
>>>> committee member, committee chair, board member, and other general member
>>>> stuff.  The thought would be each committee would assign the point values
>>>> for their respective AORs but it would be a Membership
>>>> Committee initiative (see how I volunteered you?).  Committee Chairs would
>>>> have to report in points say, quarterly and they would be assigned on
>>>> completion of the activity.
>>>>
>>>>
>>>>
>>>> As an Example for the GCC we do something like (point values are
>>>> nominal, we'd have to get together and normalize them):
>>>>
>>>>    - OWASP Conference (Core) Organizer: 50 Pts
>>>>    - OWASP Conference Planning Committee Members: 20 Pts
>>>>    - OWASP Conference Voluenteer: 10 Pts
>>>>    - Attend an OWASP Conference: 5pts
>>>>    - Attend OWASP Training Class: 5pts
>>>>    - Host an OWASP Event: 10 Pts
>>>>
>>>> Projects would then do something similar for their stuff (take a project
>>>> to alpha release, lead a project, submit code .... whatever they want)
>>>>
>>>>
>>>>
>>>> Industry, Connections, Education, Chapters and so on.
>>>>
>>>>
>>>>
>>>> This serves 2 functions.  You would be able to show off how many OWASP
>>>> points you'e earned..... and for employers, employees,
>>>> having substantial OWASP points could be a reason to get a raise, job et
>>>> all.
>>>>
>>>>
>>>>
>>>> OFC, you'd have to be a individual member of the organization for any of
>>>> this to be tracked.
>>>>
>>>>
>>>>
>>>> </inject>
>>>>
>>>>
>>>>
>>>> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <
>>>> michael.coates at owasp.org> wrote:
>>>>
>>>>
>>>>
>>>> In terms of the self assessment, where you thinking of having a specific
>>>> date for it (i.e. every november) or would it be X months from the last
>>>> review or when the leader was appointed?
>>>>
>>>>
>>>>
>>>> Either way could work, but I think we could keep our heads around it
>>>> better if its at a set date every year. Also we can easily advertise/remind
>>>> the leaders list each time that window roles around.
>>>>
>>>>
>>>>
>>>> Workload-wise it might be better to have this on a rolling basis.  That
>>>> way it could be a recurring task (“we need to review these applications by
>>>> the first of the month”) rather than a huge project (“review ALL the
>>>> applications by Nov 1”)  Also I believe that there will be increased OWASP
>>>> activity for most folks just before their renewals come up and it would be
>>>> better to have that spread throughout the year rather than centered at one
>>>> point on the calendar.
>>>>
>>>>
>>>>
>>>> Good point on the ramp up of OWASP activity that might occur prior to
>>>> the deadline.  I'm for the rolling model, we just need to make sure we have
>>>> a good tracking system in place and have several methods to contact each
>>>> individual.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> In terms of the review period, what do you think of making it smaller,
>>>> i.e: at least every 6 months?
>>>>
>>>>
>>>>
>>>> Benefits: Cause individuals to reevaluate their contributions more
>>>> often. Possibly leading to people doing more work for OWASP.
>>>>
>>>> Negatives: More work for individuals, more work for reviewers
>>>> (committees analyzing these docs).  May frustrate people to keep filling out
>>>> these docs. Also, sometimes people just get busy at work and have to do less
>>>> OWASP.  Not sure how they'd feel to loose their Honorary Status.
>>>>
>>>>
>>>>
>>>> Might make sense to start with an annual model and increase the tempo if
>>>> we think it will increase involvement and it won’t overload the folks doing
>>>> the reviewing.
>>>>
>>>>
>>>>
>>>> I'm for starting this on an annual basis too.
>>>>
>>>>
>>>>
>>>> -Michael
>>>>
>>>>
>>>> _______________________________________________
>>>> Global_membership_committee mailing list
>>>> Global_membership_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>> _______________________________________________
>>>> Global_membership_committee mailing list
>>>> Global_membership_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Global_conference_committee mailing list
>>>> Global_conference_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101213/1adf2c8a/attachment-0001.html 


More information about the Global_chapter_committee mailing list