[Global_chapter_committee] [Global_conference_committee] OWASP Points for Leaders

Michael Coates michael.coates at owasp.org
Mon Dec 13 17:45:47 EST 2010


I concur, there is certainly confusion about "honorary membership". I also think it needs to be renamed to clarify the status.  Please take a look at these notes in the meantime to better understand the differences in membership options.  Note: This is still under discussion and will be more formally decided at the next membership committee vote.

http://www.owasp.org/index.php/GlobalMembershipCommittee_2011_SummitGoals

-Michael

On Dec 13, 2010, at 2:01 PM, Jason Li wrote:

> This confusion is exactly why I strongly advocate coming up with a different name for what currently represents an "Honorary Membership"

> OWASP Memberships were originally a way that anyone can support the OWASP community through what essentially amounts to a paid donation of $50. There are some fringe benefits associated with this donation (right now, just discounts at conferences - http://www.owasp.org/index.php/Member_Offers).
> 
> What we are talking about here with the "honorary membership", OPoints, free conference attendance, etc is a way to recognize and otherwise differentiate people in the OWASP community.
> 
> These are two separate ideas and we are confusing people and clouding the goals by using the term "honorary membership".
> 
> I wholly agree that we need *some* way to recognize the community - but in order to prevent unnecessary confusion, I think we need a different term for this role.
> 
> -Jason
> 




> On Mon, Dec 13, 2010 at 3:34 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> There is a way for you to pay as an Honorary member, it can be done simply by going to the OWASP website and buying a membership :)
> 
> And here is the catch, speaking personally (but I know a lot of other leaders would share this same felling), I would feel very offended with OWASP if I had to 'pay' to be a member (since I already 'pay' a lot to OWASP with my time), but ... if I receive from OWASP ... the recognition (and virtual hug) ... to be given an OWASP Honorary membership ... I would be (and am) ... happy to pay the 50 USD :)  
> 
> In fact, there are a lot of OWASP Leaders that are also paid OWASP Members
> 
> The key is the dynamic between  HAVING to pay and CHOOSING to pay :) 
> 
> The requirement to pay to be a leader would also create a barrier of entry to OWASP, and this would be (in my point of view) contrary to OWASP's values
> 
> Dinis Cruz
> 
> 
> 
> On 13 December 2010 20:20, Mark Bristow <mark.bristow at owasp.org> wrote:
> Sorry, "Official" OWASP member, paid or honorary.  I said paid but I did not speak precisely.  
> 
> I am for Honorary memberships, although I wish there was a way to pay anyway if you are an honorary member (I think you can do this with the new system), but this is a separate conversation.
> 
> On Mon, Dec 13, 2010 at 3:07 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> Mark, are you defending that OWASP leaders will have to pay to become OWASP members? (last year we gave all our leaders a 'Honorary Membership')
> 
> Or, that they can't even become an OWASP leader (and get points) if they are not a paid OWASP member?
> 
> What about someone that has been a major co-organizer of an OWASP AppSec conference, will they only get their points if they pay OWASP the membership fee? (in the current case 50 USD)
> 
> In this discussion, please take into consideration that there is a big moral issue with
> OWASP asking its leaders (who make OWASP OWASP) to pay any amount (and the exact amount doesn't matter), and 
> the fact that there are only a couple countries in the world where 50 USD is not a significant amount (that one would pay without thinking twice)
> Dinis Cruz
> 
> 
> On 13 December 2010 16:30, Mark Bristow <mark.bristow at owasp.org> wrote:
> I'd contend you have to be a paid member in order to earn points.
> 
> On Mon, Dec 13, 2010 at 11:29 AM, Kate Hartmann <kate.hartmann at owasp.org> wrote:
> Great stuff.  I think this is a good start and may be applicable for the Summit.  I have some questions on the list as noted.  I also think, considering the points mentioned by Tom regarding membership, we should add “paid member” to the criteria.  Lead by example.
> 
> ·   
> 
> ·  Major Active Project Leader 5 points – Which projects are the “Major Active Ones?”
> 
> ·  AppSec organizer in 2009/2010 5 points – Includes the entire committee, right?
> 
> ·  Special Invitation 4 points – What is this?
> 
> ·  Key Industry player 4 points – What does this mean?
> 
> ·  Active Chapter leaders 3 points – Define “Active.”
> 
> ·  New Committee Member 3 points – Less than ?  Three months, one year?
> 
> ·  New  Project Leader 3 points – Define new?
> 
> ·  Recommit Committee member 2 points – Annual renewal?
> 
> ·  Past OWASP leaders 2 points – Is this to reengage?
> 
> ·  Responded by 30th  2 points
> 
> ·  Participated at AppSec 1 point – attended, spoken?
> 
>  
>  
> Kate Hartmann
> 
> Operations Director
> 
> 301-275-9403
> 
> www.owasp.org
> 
> Skype:  Kate.hartmann1
> 
>  
> From: global_conference_committee-bounces at lists.owasp.org [mailto:global_conference_committee-bounces at lists.owasp.org] On Behalf Of dinis cruz
> Sent: Monday, December 13, 2010 6:13 AM
> To: Tony UV
> Cc: Global_membership_committee at lists.owasp.org; global_conference_committee; owasp-summit-2011 at lists.owasp.org
> Subject: [Global_conference_committee] OWASP Points for Leaders
> 
>  
> (I changed the title to reflect the current topic (see thread below for reference)
> 
>  
> Mark is spot on that the point of the points system :)  , is to recognize the leaders participation (and not to encourage it)
> 
>  
> The fact that we don't have good visibility into our leaders contribution is a massive problem at OWASP (and one that if don't tackle soon could cause a lot of damage to our community).
> 
>  
> Since the best way to get something done at OWASP is to have a reason/event creating its need, the OWASP Summit 2011 is the perfect opportunity to have a first pass at doing this.
> 
>  
> The problem we have at the Summit is 'On which order/priority do we allocate the limited available funds to bring our hard-working leaders to the Summit' (i.e. if we have an extra 25k, who should get that money first? (as you will see on the spreadsheet below, the current amount needed is 88k)
> 
>  
> In order to get to this answer we have started creating a solution which is in essence the points model proposed on this list.
> 
>  
> Please start by reading this thread: https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html which points to this spreadsheet https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en (see sheet #2 called '2nd Batch - Sponsorships')
> 
>  
> The discussion is currently at 'What types of points should we have and what should be their value?'
> 
>  
> Jason (in https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html) proposes the following list (which I agree) . Note that this needs to be merged with the ideas already discussed in this thread:
> 
> ·  Major Active Project Leader 5 points
> 
> ·  AppSec organizer in 2009/2010 5 points
> 
> ·  Special Invitation 4 points
> 
> ·  Key Industry player 4 points
> 
> ·  Active Chapter leaders 3 points
> 
> ·  New Committee Member 3 points
> 
> ·  New  Project Leader 3 points
> 
> ·  Recommit Committee member 2 points
> 
> ·  Past OWASP leaders 2 points
> 
> ·  Responded by 30th  2 points
> 
> ·  Participated at AppSec 1 point
> 
> Rationale:
> 
> - Committee Members: New committee members are demonstrating energy and initiative. Recommitted members are members who for one reason or another became inactive but have recommitted themselves to their committee. While it's great that they have recommitted, I think we should give a slight priority to new committee members over members who have already had an opportunity to serve but failed to deliver. In essence, Recommitted Committee members are akin to "historic" leaders
> 
> - Projects: New projects leaders are like new committee in that we want to encourage the energy and initiative. Existing project leaders of active projects are extremely important to the OWASP ecosystem so they should be prioritized.
> 
>  
>  Let's see if over the next couple days, we can:
> 
> agree on a criteria, 
> complete the spreadsheet formula, 
> do a first pass at the mappings 
> and finally open up the discussion and mappings to the owasp-leaders list
> Dinis Cruz
> 
> 
> 
> On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:
> 
> Sounds good.  Inline comments below. Overall main concern is the (a) development of the point system (b) educating a wide global member base on the point system (despite the most clear and concise wiki, etc to accompany it) (c) marketing this reward system to the point that adoption ramps up effectively. In either case, I’m all in.
> 
>  
>  
> Tony UcedaVelez, CISM, CISA, GSEC
> 
> Chapter Lead
> 
> OWASP Atlanta
> 
> http://www.owasp.org/index.php/Atlanta_Georgia
> 
> Twitter: @versprite
> 
>  
> From: Mark Bristow [mailto:mark.bristow at owasp.org] 
> Sent: Sunday, December 12, 2010 7:34 PM
> To: Tony UV
> Cc: Michael Coates; global_conference_committee; Global_membership_committee at lists.owasp.org
> 
> 
> Subject: Re: [Global_membership_committee] Honorary Memberships - Vote Scheduled for 12/21 @ Membership Meeting
> 
>  
> The point is't to motivate people to contribute, [Tony UcedaVelez]  No arguments on the need and goal to motivate folks.  Agree there. 
> 
>  
> it's to recognize people who do and provide some metrics that can be pointed to (Like CISSP CPEs) to demonstrate involvement.  [Tony UcedaVelez]  Wouldn’t issuing CPE certs (a) achieve the same thing in terms of metrics (number issued to, what they did, etc) and (b) give volunteers something that they actually need? Otherwise we’ll have to develop a fairly point redeeming system AND educate them (more time) in order to get them to understand what those points translate into.  All good if we want to do that, but simply speaking on the logistics and time to be taken vs tapping into an existing solution that they already know.  Currently there is no measure of this. 
> 
>  
> This is why I was shouldering the responsibility for individual points awards/tracking on each Committee.  [Tony UcedaVelez]  Would it make sense that there would be a dedicated global points coordinator for all of this or even team to do this across the board?  Just thinking of the scalability of leaders of those committees to have to set yet something else up as well.  Conference Volunteers is actually something not difficult for me to track (as they get in free, need shirts ordered for them et all, they are identified early).[Tony UcedaVelez]  Sounds good then.  As long as this and other proposed use cases doesn’t introduce a fuzzy, non-credible point system where points are awarded w/o proper accountability. 
> 
>  
> Each committee knows what's measurable and what's not.
> 
> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
> 
> My .02 late in the game is as follows:  (please excuse any redundancy)
> 
>  
> -          Main point, if people need a point system to lead or contribute, then there is something wrong here. This is my main gut feeling.
> 
> -          Points would be difficult to track and maintain the accountability and integrity of. He/She said could ensue, particularly if points are awarded to relatively simple actions that are not well defined (i.e. – OWASP Conference Volunteer)
> 
> -          Don’t think that the point system would have much clout with employers.  We could simply do the CPE thing for those that nurse those certifications.  They have to find hours anyway and they may as well get credit.  All depends on how active we’ve socialized the idea of awarding CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
> 
> -          Point system may work best to cash in to a reward point system (which may have already been discussed) where members turn in points for freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
> 
> -          Corporate level point system may work by letting them rack up points so that they could get a free 2 day training from an OWASP lead or trainer. 
> 
>  
>  
>  
> Tony UcedaVelez, CISM, CISA, GSEC
> 
> Chapter Lead
> 
> OWASP Atlanta
> 
> http://www.owasp.org/index.php/Atlanta_Georgia
> 
> Twitter: @versprite
> 
>  
> From: global_membership_committee-bounces at lists.owasp.org [mailto:global_membership_committee-bounces at lists.owasp.org] On Behalf Of Mark Bristow
> Sent: Sunday, December 12, 2010 4:36 PM
> To: Michael Coates
> Cc: global_conference_committee; Global_membership_committee at lists.owasp.org
> Subject: Re: [Global_membership_committee] Honorary Memberships - Vote Scheduled for 12/21 @ Membership Meeting
> 
>  
> <inject>
> 
>  
> I actually was talking to Jason Li and Dinis about this at AppSec BR.  We were thinking that we could develop a "OWASP Points" System that assigns points to people based on the OWASP Activities they do.  Ultimately We'd might work out member "levels" or some benefits to add to this, but i digress.  
> 
>  
> You all would set "global" point values for things like, being a committee member, committee chair, board member, and other general member stuff.  The thought would be each committee would assign the point values for their respective AORs but it would be a Membership Committee initiative (see how I volunteered you?).  Committee Chairs would have to report in points say, quarterly and they would be assigned on completion of the activity.
> 
>  
> As an Example for the GCC we do something like (point values are nominal, we'd have to get together and normalize them):
> 
> OWASP Conference (Core) Organizer: 50 Pts
> OWASP Conference Planning Committee Members: 20 Pts
> OWASP Conference Voluenteer: 10 Pts
> Attend an OWASP Conference: 5pts
> Attend OWASP Training Class: 5pts
> Host an OWASP Event: 10 Pts
> Projects would then do something similar for their stuff (take a project to alpha release, lead a project, submit code .... whatever they want)
> 
>  
> Industry, Connections, Education, Chapters and so on.
> 
>  
> This serves 2 functions.  You would be able to show off how many OWASP points you'e earned..... and for employers, employees, having substantial OWASP points could be a reason to get a raise, job et all.
> 
>  
> OFC, you'd have to be a individual member of the organization for any of this to be tracked.
> 
>  
> </inject>
> 
>  
> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <michael.coates at owasp.org> wrote:
> 
>  
> In terms of the self assessment, where you thinking of having a specific date for it (i.e. every november) or would it be X months from the last review or when the leader was appointed?
> 
>  
> Either way could work, but I think we could keep our heads around it better if its at a set date every year. Also we can easily advertise/remind the leaders list each time that window roles around.
> 
>  
> Workload-wise it might be better to have this on a rolling basis.  That way it could be a recurring task (“we need to review these applications by the first of the month”) rather than a huge project (“review ALL the applications by Nov 1”)  Also I believe that there will be increased OWASP activity for most folks just before their renewals come up and it would be better to have that spread throughout the year rather than centered at one point on the calendar.
> 
>  
> Good point on the ramp up of OWASP activity that might occur prior to the deadline.  I'm for the rolling model, we just need to make sure we have a good tracking system in place and have several methods to contact each individual.
> 
>  
>  
> In terms of the review period, what do you think of making it smaller, i.e: at least every 6 months?
>  
> Benefits: Cause individuals to reevaluate their contributions more often. Possibly leading to people doing more work for OWASP.
> 
> Negatives: More work for individuals, more work for reviewers (committees analyzing these docs).  May frustrate people to keep filling out these docs. Also, sometimes people just get busy at work and have to do less OWASP.  Not sure how they'd feel to loose their Honorary Status.
> 
>  
> Might make sense to start with an annual model and increase the tempo if we think it will increase involvement and it won’t overload the folks doing the reviewing.
> 
>  
> I'm for starting this on an annual basis too.
> 
>  
> -Michael
> 
> 
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
> 
>  
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
> 
> 
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_chapter_committee/attachments/20101213/ab0f2e72/attachment-0001.html 


More information about the Global_chapter_committee mailing list