[Global_chapter_committee] [Global_conference_committee] OWASP Points for Leaders

Jason Li jason.li at owasp.org
Mon Dec 13 17:01:20 EST 2010


This confusion is exactly why I strongly advocate coming up with a different
name for what currently represents an "Honorary Membership"

OWASP Memberships were originally a way that anyone can support the OWASP
community through what essentially amounts to a paid donation of $50. There
are some fringe benefits associated with this donation (right now, just
discounts at conferences - http://www.owasp.org/index.php/Member_Offers).

What we are talking about here with the "honorary membership", OPoints, free
conference attendance, etc is a way to recognize and otherwise differentiate
people in the OWASP community.

These are two separate ideas and we are confusing people and clouding the
goals by using the term "honorary membership".

I wholly agree that we need *some* way to recognize the community - but in
order to prevent unnecessary confusion, I think we need a different term for
this role.

-Jason

On Mon, Dec 13, 2010 at 3:34 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> There is a way for you to pay as an Honorary member, it can be done simply
> by going to the OWASP website and buying a membership :)
>
> And here is the catch, speaking personally (but I know a lot of other
> leaders would share this same felling), *I would feel very offended with
> OWASP if I had to 'pay' to be a member (since I already 'pay' a lot to OWASP
> with my time), but ... if I receive from OWASP ... the recognition (and
> virtual hug) ... to be given an OWASP Honorary membership ... I would be
> (and am) ... happy to pay the 50 USD* :)
>
> In fact, there are a lot of OWASP Leaders that are also paid OWASP Members
>
> The key is the dynamic between  HAVING to pay and CHOOSING to pay :)
>
> The requirement to pay to be a leader would also create a barrier of entry
> to OWASP, and this would be (in my point of view) contrary to OWASP's values
>
> Dinis Cruz
>
>
>
> On 13 December 2010 20:20, Mark Bristow <mark.bristow at owasp.org> wrote:
>
>> Sorry, "Official" OWASP member, paid or honorary.  I said paid but I did
>> not speak precisely.
>>
>> I am for Honorary memberships, although I wish there was a way to pay
>> anyway if you are an honorary member (I think you can do this with the new
>> system), but this is a separate conversation.
>>
>> On Mon, Dec 13, 2010 at 3:07 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>>
>>> Mark, are you defending that OWASP leaders will have to pay to become
>>> OWASP members? (last year we gave all our leaders a 'Honorary Membership')
>>>
>>> Or, that they can't even become an OWASP leader (and get points) if they
>>> are not a paid OWASP member?
>>>
>>> What about someone that has been a major co-organizer of an OWASP
>>> AppSec conference, will they only get their points if they pay OWASP the
>>> membership fee? (in the current case 50 USD)
>>>
>>> In this discussion, please take into consideration that there is a big
>>> moral issue with
>>>
>>>    - OWASP asking its leaders (who make OWASP OWASP) to pay any amount
>>>    (and the exact amount doesn't matter), and
>>>    - the fact that there are only a couple countries in the world where
>>>    50 USD is not a significant amount (that one would pay without thinking
>>>    twice)
>>>
>>> Dinis Cruz
>>>
>>>
>>> On 13 December 2010 16:30, Mark Bristow <mark.bristow at owasp.org> wrote:
>>>
>>>> I'd contend you have to be a paid member in order to earn points.
>>>>
>>>> On Mon, Dec 13, 2010 at 11:29 AM, Kate Hartmann <
>>>> kate.hartmann at owasp.org> wrote:
>>>>
>>>>> *Great stuff.  I think this is a good start and may be applicable for
>>>>> the Summit.  I have some questions on the list as noted.  I also think,
>>>>> considering the points mentioned by Tom regarding membership, we should add
>>>>> “paid member” to the criteria.  Lead by example.*
>>>>>
>>>>> ·
>>>>>
>>>>> ·  *Major Active Project Leader 5 points – Which projects are the
>>>>> “Major Active Ones?”*
>>>>>
>>>>> ·  *AppSec organizer in 2009/2010 5 points – Includes the entire
>>>>> committee, right?*
>>>>>
>>>>> ·  *Special Invitation 4 points – What is this?*
>>>>>
>>>>> ·  *Key Industry player 4 points – What does this mean?*
>>>>>
>>>>> ·  *Active Chapter leaders 3 points – Define “Active.”*
>>>>>
>>>>> ·  *New Committee Member 3 points – Less than ?  Three months, one
>>>>> year?*
>>>>>
>>>>> ·  *New  Project Leader 3 points – Define new?*
>>>>>
>>>>> ·  *Recommit Committee member 2 points – Annual renewal?*
>>>>>
>>>>> ·  *Past OWASP leaders 2 points – Is this to reengage?*
>>>>>
>>>>> ·  *Responded by 30th  2 points*
>>>>>
>>>>> ·  *Participated at AppSec 1 point – attended, spoken?*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Kate Hartmann
>>>>>
>>>>> Operations Director
>>>>>
>>>>> 301-275-9403
>>>>>
>>>>> www.owasp.org
>>>>>
>>>>> Skype:  Kate.hartmann1
>>>>>
>>>>>
>>>>>
>>>>> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
>>>>> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *dinis
>>>>> cruz
>>>>> *Sent:* Monday, December 13, 2010 6:13 AM
>>>>> *To:* Tony UV
>>>>> *Cc:* Global_membership_committee at lists.owasp.org;
>>>>> global_conference_committee; owasp-summit-2011 at lists.owasp.org
>>>>> *Subject:* [Global_conference_committee] OWASP Points for Leaders
>>>>>
>>>>>
>>>>>
>>>>> (I changed the title to reflect the current topic (see thread below for
>>>>> reference)
>>>>>
>>>>>
>>>>>
>>>>> Mark is spot on that the point of the points system :)  , is to
>>>>> recognize the leaders participation (and not to encourage it)
>>>>>
>>>>>
>>>>>
>>>>> The fact that we don't have good visibility into our leaders
>>>>> contribution is a massive problem at OWASP (and one that if don't tackle
>>>>> soon could cause a lot of damage to our community).
>>>>>
>>>>>
>>>>>
>>>>> Since the best way to get something done at OWASP is to have a
>>>>> reason/event creating its need, the OWASP Summit 2011 is the
>>>>> perfect opportunity to have a first pass at doing this.
>>>>>
>>>>>
>>>>>
>>>>> The problem we have at the Summit is *'On which order/priority do we
>>>>> allocate the limited available funds to bring our hard-working leaders to
>>>>> the Summit' *(i.e. if we have an extra 25k, who should get that money
>>>>> first? (as you will see on the spreadsheet below, the current amount needed
>>>>> is 88k)
>>>>>
>>>>>
>>>>>
>>>>> In order to get to this answer we have started creating a solution
>>>>> which is in essence the points model proposed on this list.
>>>>>
>>>>>
>>>>>
>>>>> Please start by reading this thread:
>>>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html which
>>>>> points to this spreadsheet
>>>>> https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en (see
>>>>> sheet #2 called '2nd Batch - Sponsorships')
>>>>>
>>>>>
>>>>>
>>>>> The discussion is currently at *'What types of points should we have
>>>>> and what should be their value?'*
>>>>>
>>>>>
>>>>>
>>>>> Jason (in
>>>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html)
>>>>> proposes the following list (which I agree) . Note that this needs to be
>>>>> merged with the ideas already discussed in this thread:
>>>>>
>>>>> ·  *Major Active Project Leader 5 points*
>>>>>
>>>>> ·  *AppSec organizer in 2009/2010 5 points*
>>>>>
>>>>> ·  *Special Invitation 4 points*
>>>>>
>>>>> ·  *Key Industry player 4 points*
>>>>>
>>>>> ·  *Active Chapter leaders 3 points*
>>>>>
>>>>> ·  *New Committee Member 3 points *
>>>>>
>>>>> ·  *New  Project Leader 3 points*
>>>>>
>>>>> ·  *Recommit Committee member 2 points*
>>>>>
>>>>> ·  *Past OWASP leaders 2 points *
>>>>>
>>>>> ·  *Responded by 30th  2 points*
>>>>>
>>>>> ·  *Participated at AppSec 1 point*
>>>>>
>>>>> *Rationale:*
>>>>>
>>>>> *- Committee Members: New committee members are demonstrating energy
>>>>> and initiative. Recommitted members are members who for one reason or
>>>>> another became inactive but have recommitted themselves to their committee.
>>>>> While it's great that they have recommitted, I think we should give a slight
>>>>> priority to new committee members over members who have already had an
>>>>> opportunity to serve but failed to deliver. In essence, Recommitted
>>>>> Committee members are akin to "historic" leaders*
>>>>>
>>>>> *- Projects: New projects leaders are like new committee in that we
>>>>> want to encourage the energy and initiative. Existing project leaders of
>>>>> active projects are extremely important to the OWASP ecosystem so they
>>>>> should be prioritized.*
>>>>>
>>>>>
>>>>>
>>>>> * *Let's see if over the next couple days, we can:
>>>>>
>>>>>    - agree on a criteria,
>>>>>    - complete the spreadsheet formula,
>>>>>    - do a first pass at the mappings
>>>>>    - and finally open up the discussion and mappings to the
>>>>>    owasp-leaders list
>>>>>
>>>>> Dinis Cruz
>>>>>
>>>>>
>>>>> On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:
>>>>>
>>>>> Sounds good.  Inline comments below. Overall main concern is the (a)
>>>>> development of the point system (b) educating a wide global member base on
>>>>> the point system (despite the most clear and concise wiki, etc to accompany
>>>>> it) (c) marketing this reward system to the point that adoption ramps up
>>>>> effectively. In either case, I’m all in.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>>>
>>>>> *Chapter Lead*
>>>>>
>>>>> *OWASP Atlanta*
>>>>>
>>>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>>>
>>>>> Twitter: *@versprite*
>>>>>
>>>>>
>>>>>
>>>>> *From:* Mark Bristow [mailto:mark.bristow at owasp.org]
>>>>> *Sent:* Sunday, December 12, 2010 7:34 PM
>>>>> *To:* Tony UV
>>>>> *Cc:* Michael Coates; global_conference_committee;
>>>>> Global_membership_committee at lists.owasp.org
>>>>>
>>>>>
>>>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships -
>>>>> Vote Scheduled for 12/21 @ Membership Meeting
>>>>>
>>>>>
>>>>>
>>>>> The point is't to motivate people to contribute, *[Tony UcedaVelez] * No
>>>>> arguments on the need and goal to motivate folks.  Agree there.
>>>>>
>>>>>
>>>>>
>>>>> it's to recognize people who do and provide some metrics that can be
>>>>> pointed to (Like CISSP CPEs) to demonstrate involvement.  *[Tony
>>>>> UcedaVelez] * Wouldn’t issuing CPE certs (a) achieve the same thing in
>>>>> terms of metrics (number issued to, what they did, etc) and (b) give
>>>>> volunteers something that they actually need? Otherwise we’ll have to
>>>>> develop a fairly point redeeming system AND educate them (more time) in
>>>>> order to get them to understand what those points translate into.  All good
>>>>> if we want to do that, but simply speaking on the logistics and time to be
>>>>> taken vs tapping into an existing solution that they already know.  Currently
>>>>> there is no measure of this.
>>>>>
>>>>>
>>>>>
>>>>> This is why I was shouldering the responsibility for individual points
>>>>> awards/tracking on each Committee.  *[Tony UcedaVelez] * Would it make
>>>>> sense that there would be a dedicated global points coordinator for all of
>>>>> this or even team to do this across the board?  Just thinking of the
>>>>> scalability of leaders of those committees to have to set yet something else
>>>>> up as well.  Conference Volunteers is
>>>>> actually something not difficult for me to track (as they get in free, need
>>>>> shirts ordered for them et all, they are identified early).*[Tony
>>>>> UcedaVelez] * Sounds good then.  As long as this and other proposed
>>>>> use cases doesn’t introduce a fuzzy, non-credible point system where points
>>>>> are awarded w/o proper accountability.
>>>>>
>>>>>
>>>>>
>>>>> Each committee knows what's measurable and what's not.
>>>>>
>>>>> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
>>>>>
>>>>> My .02 late in the game is as follows:  (please excuse any redundancy)
>>>>>
>>>>>
>>>>>
>>>>> -          Main point, if people need a point system to lead or
>>>>> contribute, then there is something wrong here. This is my main gut feeling.
>>>>>
>>>>> -          Points would be difficult to track and maintain the
>>>>> accountability and integrity of. He/She said could ensue, particularly if
>>>>> points are awarded to relatively simple actions that are not well defined
>>>>> (i.e. – OWASP Conference Volunteer)
>>>>>
>>>>> -          Don’t think that the point system would have much clout
>>>>> with employers.  We could simply do the CPE thing for those that nurse those
>>>>> certifications.  They have to find hours anyway and they may as well get
>>>>> credit.  All depends on how active we’ve socialized the idea of awarding
>>>>> CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
>>>>>
>>>>> -          Point system may work best to cash in to a reward point
>>>>> system (which may have already been discussed) where members turn in points
>>>>> for freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
>>>>>
>>>>> -          Corporate level point system may work by letting them rack
>>>>> up points so that they could get a free 2 day training from an OWASP lead or
>>>>> trainer.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>>>
>>>>> *Chapter Lead*
>>>>>
>>>>> *OWASP Atlanta*
>>>>>
>>>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>>>
>>>>> Twitter: *@versprite*
>>>>>
>>>>>
>>>>>
>>>>> *From:* global_membership_committee-bounces at lists.owasp.org [mailto:
>>>>> global_membership_committee-bounces at lists.owasp.org] *On Behalf Of *Mark
>>>>> Bristow
>>>>> *Sent:* Sunday, December 12, 2010 4:36 PM
>>>>> *To:* Michael Coates
>>>>> *Cc:* global_conference_committee;
>>>>> Global_membership_committee at lists.owasp.org
>>>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships -
>>>>> Vote Scheduled for 12/21 @ Membership Meeting
>>>>>
>>>>>
>>>>>
>>>>> <inject>
>>>>>
>>>>>
>>>>>
>>>>> I actually was talking to Jason Li and Dinis about this at AppSec BR.
>>>>>  We were thinking that we could develop a "OWASP Points" System that assigns
>>>>> points to people based on the OWASP Activities they do.  Ultimately We'd
>>>>> might work out member "levels" or some benefits to add to this, but i
>>>>> digress.
>>>>>
>>>>>
>>>>>
>>>>> You all would set "global" point values for things like, being a
>>>>> committee member, committee chair, board member, and other general member
>>>>> stuff.  The thought would be each committee would assign the point values
>>>>> for their respective AORs but it would be a Membership
>>>>> Committee initiative (see how I volunteered you?).  Committee Chairs would
>>>>> have to report in points say, quarterly and they would be assigned on
>>>>> completion of the activity.
>>>>>
>>>>>
>>>>>
>>>>> As an Example for the GCC we do something like (point values are
>>>>> nominal, we'd have to get together and normalize them):
>>>>>
>>>>>    - OWASP Conference (Core) Organizer: 50 Pts
>>>>>    - OWASP Conference Planning Committee Members: 20 Pts
>>>>>    - OWASP Conference Voluenteer: 10 Pts
>>>>>    - Attend an OWASP Conference: 5pts
>>>>>    - Attend OWASP Training Class: 5pts
>>>>>    - Host an OWASP Event: 10 Pts
>>>>>
>>>>> Projects would then do something similar for their stuff (take a
>>>>> project to alpha release, lead a project, submit code .... whatever they
>>>>> want)
>>>>>
>>>>>
>>>>>
>>>>> Industry, Connections, Education, Chapters and so on.
>>>>>
>>>>>
>>>>>
>>>>> This serves 2 functions.  You would be able to show off how many OWASP
>>>>> points you'e earned..... and for employers, employees,
>>>>> having substantial OWASP points could be a reason to get a raise, job et
>>>>> all.
>>>>>
>>>>>
>>>>>
>>>>> OFC, you'd have to be a individual member of the organization for any
>>>>> of this to be tracked.
>>>>>
>>>>>
>>>>>
>>>>> </inject>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <
>>>>> michael.coates at owasp.org> wrote:
>>>>>
>>>>>
>>>>>
>>>>> In terms of the self assessment, where you thinking of having a
>>>>> specific date for it (i.e. every november) or would it be X months from the
>>>>> last review or when the leader was appointed?
>>>>>
>>>>>
>>>>>
>>>>> Either way could work, but I think we could keep our heads around it
>>>>> better if its at a set date every year. Also we can easily advertise/remind
>>>>> the leaders list each time that window roles around.
>>>>>
>>>>>
>>>>>
>>>>> Workload-wise it might be better to have this on a rolling basis.  That
>>>>> way it could be a recurring task (“we need to review these applications by
>>>>> the first of the month”) rather than a huge project (“review ALL the
>>>>> applications by Nov 1”)  Also I believe that there will be increased OWASP
>>>>> activity for most folks just before their renewals come up and it would be
>>>>> better to have that spread throughout the year rather than centered at one
>>>>> point on the calendar.
>>>>>
>>>>>
>>>>>
>>>>> Good point on the ramp up of OWASP activity that might occur prior to
>>>>> the deadline.  I'm for the rolling model, we just need to make sure we have
>>>>> a good tracking system in place and have several methods to contact each
>>>>> individual.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> In terms of the review period, what do you think of making it smaller,
>>>>> i.e: at least every 6 months?
>>>>>
>>>>>
>>>>>
>>>>> Benefits: Cause individuals to reevaluate their contributions more
>>>>> often. Possibly leading to people doing more work for OWASP.
>>>>>
>>>>> Negatives: More work for individuals, more work for reviewers
>>>>> (committees analyzing these docs).  May frustrate people to keep filling out
>>>>> these docs. Also, sometimes people just get busy at work and have to do less
>>>>> OWASP.  Not sure how they'd feel to loose their Honorary Status.
>>>>>
>>>>>
>>>>>
>>>>> Might make sense to start with an annual model and increase the tempo
>>>>> if we think it will increase involvement and it won’t overload the folks
>>>>> doing the reviewing.
>>>>>
>>>>>
>>>>>
>>>>> I'm for starting this on an annual basis too.
>>>>>
>>>>>
>>>>>
>>>>> -Michael
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Global_membership_committee mailing list
>>>>> Global_membership_committee at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Mark Bristow
>>>>> (703) 596-5175
>>>>> mark.bristow at owasp.org
>>>>>
>>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Mark Bristow
>>>>> (703) 596-5175
>>>>> mark.bristow at owasp.org
>>>>>
>>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Global_membership_committee mailing list
>>>>> Global_membership_committee at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Global_conference_committee mailing list
>>>>> Global_conference_committee at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>>
>>
>
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101213/cff0b4b3/attachment-0001.html 


More information about the Global_chapter_committee mailing list