[Global_conference_committee] OWASP Points for Leaders

Mark Bristow mark.bristow at owasp.org
Mon Dec 13 15:20:12 EST 2010


Sorry, "Official" OWASP member, paid or honorary.  I said paid but I did not
speak precisely.

I am for Honorary memberships, although I wish there was a way to pay anyway
if you are an honorary member (I think you can do this with the new system),
but this is a separate conversation.

On Mon, Dec 13, 2010 at 3:07 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Mark, are you defending that OWASP leaders will have to pay to become OWASP
> members? (last year we gave all our leaders a 'Honorary Membership')
>
> Or, that they can't even become an OWASP leader (and get points) if they
> are not a paid OWASP member?
>
> What about someone that has been a major co-organizer of an OWASP
> AppSec conference, will they only get their points if they pay OWASP the
> membership fee? (in the current case 50 USD)
>
> In this discussion, please take into consideration that there is a big
> moral issue with
>
>    - OWASP asking its leaders (who make OWASP OWASP) to pay any amount
>    (and the exact amount doesn't matter), and
>    - the fact that there are only a couple countries in the world where 50
>    USD is not a significant amount (that one would pay without thinking twice)
>
> Dinis Cruz
>
>
> On 13 December 2010 16:30, Mark Bristow <mark.bristow at owasp.org> wrote:
>
>> I'd contend you have to be a paid member in order to earn points.
>>
>> On Mon, Dec 13, 2010 at 11:29 AM, Kate Hartmann <kate.hartmann at owasp.org>wrote:
>>
>>> *Great stuff.  I think this is a good start and may be applicable for
>>> the Summit.  I have some questions on the list as noted.  I also think,
>>> considering the points mentioned by Tom regarding membership, we should add
>>> “paid member” to the criteria.  Lead by example.*
>>>
>>> ·
>>>
>>> ·  *Major Active Project Leader 5 points – Which projects are the “Major
>>> Active Ones?”*
>>>
>>> ·  *AppSec organizer in 2009/2010 5 points – Includes the entire
>>> committee, right?*
>>>
>>> ·  *Special Invitation 4 points – What is this?*
>>>
>>> ·  *Key Industry player 4 points – What does this mean?*
>>>
>>> ·  *Active Chapter leaders 3 points – Define “Active.”*
>>>
>>> ·  *New Committee Member 3 points – Less than ?  Three months, one year?
>>> *
>>>
>>> ·  *New  Project Leader 3 points – Define new?*
>>>
>>> ·  *Recommit Committee member 2 points – Annual renewal?*
>>>
>>> ·  *Past OWASP leaders 2 points – Is this to reengage?*
>>>
>>> ·  *Responded by 30th  2 points*
>>>
>>> ·  *Participated at AppSec 1 point – attended, spoken?*
>>>
>>>
>>>
>>>
>>>
>>> Kate Hartmann
>>>
>>> Operations Director
>>>
>>> 301-275-9403
>>>
>>> www.owasp.org
>>>
>>> Skype:  Kate.hartmann1
>>>
>>>
>>>
>>> *From:* global_conference_committee-bounces at lists.owasp.org [mailto:
>>> global_conference_committee-bounces at lists.owasp.org] *On Behalf Of *dinis
>>> cruz
>>> *Sent:* Monday, December 13, 2010 6:13 AM
>>> *To:* Tony UV
>>> *Cc:* Global_membership_committee at lists.owasp.org;
>>> global_conference_committee; owasp-summit-2011 at lists.owasp.org
>>> *Subject:* [Global_conference_committee] OWASP Points for Leaders
>>>
>>>
>>>
>>> (I changed the title to reflect the current topic (see thread below for
>>> reference)
>>>
>>>
>>>
>>> Mark is spot on that the point of the points system :)  , is to recognize
>>> the leaders participation (and not to encourage it)
>>>
>>>
>>>
>>> The fact that we don't have good visibility into our leaders contribution
>>> is a massive problem at OWASP (and one that if don't tackle soon could cause
>>> a lot of damage to our community).
>>>
>>>
>>>
>>> Since the best way to get something done at OWASP is to have a
>>> reason/event creating its need, the OWASP Summit 2011 is the
>>> perfect opportunity to have a first pass at doing this.
>>>
>>>
>>>
>>> The problem we have at the Summit is *'On which order/priority do we
>>> allocate the limited available funds to bring our hard-working leaders to
>>> the Summit' *(i.e. if we have an extra 25k, who should get that money
>>> first? (as you will see on the spreadsheet below, the current amount needed
>>> is 88k)
>>>
>>>
>>>
>>> In order to get to this answer we have started creating a solution which
>>> is in essence the points model proposed on this list.
>>>
>>>
>>>
>>> Please start by reading this thread:
>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html which
>>> points to this spreadsheet
>>> https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en (see
>>> sheet #2 called '2nd Batch - Sponsorships')
>>>
>>>
>>>
>>> The discussion is currently at *'What types of points should we have and
>>> what should be their value?'*
>>>
>>>
>>>
>>> Jason (in
>>> https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html)
>>> proposes the following list (which I agree) . Note that this needs to be
>>> merged with the ideas already discussed in this thread:
>>>
>>> ·  *Major Active Project Leader 5 points*
>>>
>>> ·  *AppSec organizer in 2009/2010 5 points*
>>>
>>> ·  *Special Invitation 4 points*
>>>
>>> ·  *Key Industry player 4 points*
>>>
>>> ·  *Active Chapter leaders 3 points*
>>>
>>> ·  *New Committee Member 3 points *
>>>
>>> ·  *New  Project Leader 3 points*
>>>
>>> ·  *Recommit Committee member 2 points*
>>>
>>> ·  *Past OWASP leaders 2 points *
>>>
>>> ·  *Responded by 30th  2 points*
>>>
>>> ·  *Participated at AppSec 1 point*
>>>
>>> *Rationale:*
>>>
>>> *- Committee Members: New committee members are demonstrating energy and
>>> initiative. Recommitted members are members who for one reason or another
>>> became inactive but have recommitted themselves to their committee. While
>>> it's great that they have recommitted, I think we should give a slight
>>> priority to new committee members over members who have already had an
>>> opportunity to serve but failed to deliver. In essence, Recommitted
>>> Committee members are akin to "historic" leaders*
>>>
>>> *- Projects: New projects leaders are like new committee in that we want
>>> to encourage the energy and initiative. Existing project leaders of active
>>> projects are extremely important to the OWASP ecosystem so they should be
>>> prioritized.*
>>>
>>>
>>>
>>> * *Let's see if over the next couple days, we can:
>>>
>>>    - agree on a criteria,
>>>    - complete the spreadsheet formula,
>>>    - do a first pass at the mappings
>>>    - and finally open up the discussion and mappings to the
>>>    owasp-leaders list
>>>
>>> Dinis Cruz
>>>
>>>
>>> On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:
>>>
>>> Sounds good.  Inline comments below. Overall main concern is the (a)
>>> development of the point system (b) educating a wide global member base on
>>> the point system (despite the most clear and concise wiki, etc to accompany
>>> it) (c) marketing this reward system to the point that adoption ramps up
>>> effectively. In either case, I’m all in.
>>>
>>>
>>>
>>>
>>>
>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>
>>> *Chapter Lead*
>>>
>>> *OWASP Atlanta*
>>>
>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>
>>> Twitter: *@versprite*
>>>
>>>
>>>
>>> *From:* Mark Bristow [mailto:mark.bristow at owasp.org]
>>> *Sent:* Sunday, December 12, 2010 7:34 PM
>>> *To:* Tony UV
>>> *Cc:* Michael Coates; global_conference_committee;
>>> Global_membership_committee at lists.owasp.org
>>>
>>>
>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
>>> Scheduled for 12/21 @ Membership Meeting
>>>
>>>
>>>
>>> The point is't to motivate people to contribute, *[Tony UcedaVelez] * No
>>> arguments on the need and goal to motivate folks.  Agree there.
>>>
>>>
>>>
>>> it's to recognize people who do and provide some metrics that can be
>>> pointed to (Like CISSP CPEs) to demonstrate involvement.  *[Tony
>>> UcedaVelez] * Wouldn’t issuing CPE certs (a) achieve the same thing in
>>> terms of metrics (number issued to, what they did, etc) and (b) give
>>> volunteers something that they actually need? Otherwise we’ll have to
>>> develop a fairly point redeeming system AND educate them (more time) in
>>> order to get them to understand what those points translate into.  All good
>>> if we want to do that, but simply speaking on the logistics and time to be
>>> taken vs tapping into an existing solution that they already know.  Currently
>>> there is no measure of this.
>>>
>>>
>>>
>>> This is why I was shouldering the responsibility for individual points
>>> awards/tracking on each Committee.  *[Tony UcedaVelez] * Would it make
>>> sense that there would be a dedicated global points coordinator for all of
>>> this or even team to do this across the board?  Just thinking of the
>>> scalability of leaders of those committees to have to set yet something else
>>> up as well.  Conference Volunteers is
>>> actually something not difficult for me to track (as they get in free, need
>>> shirts ordered for them et all, they are identified early).*[Tony
>>> UcedaVelez] * Sounds good then.  As long as this and other proposed use
>>> cases doesn’t introduce a fuzzy, non-credible point system where points are
>>> awarded w/o proper accountability.
>>>
>>>
>>>
>>> Each committee knows what's measurable and what's not.
>>>
>>> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
>>>
>>> My .02 late in the game is as follows:  (please excuse any redundancy)
>>>
>>>
>>>
>>> -          Main point, if people need a point system to lead or
>>> contribute, then there is something wrong here. This is my main gut feeling.
>>>
>>> -          Points would be difficult to track and maintain the
>>> accountability and integrity of. He/She said could ensue, particularly if
>>> points are awarded to relatively simple actions that are not well defined
>>> (i.e. – OWASP Conference Volunteer)
>>>
>>> -          Don’t think that the point system would have much clout with
>>> employers.  We could simply do the CPE thing for those that nurse those
>>> certifications.  They have to find hours anyway and they may as well get
>>> credit.  All depends on how active we’ve socialized the idea of awarding
>>> CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
>>>
>>> -          Point system may work best to cash in to a reward point
>>> system (which may have already been discussed) where members turn in points
>>> for freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
>>>
>>> -          Corporate level point system may work by letting them rack up
>>> points so that they could get a free 2 day training from an OWASP lead or
>>> trainer.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Tony UcedaVelez, CISM, CISA, GSEC
>>>
>>> *Chapter Lead*
>>>
>>> *OWASP Atlanta*
>>>
>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>>
>>> Twitter: *@versprite*
>>>
>>>
>>>
>>> *From:* global_membership_committee-bounces at lists.owasp.org [mailto:
>>> global_membership_committee-bounces at lists.owasp.org] *On Behalf Of *Mark
>>> Bristow
>>> *Sent:* Sunday, December 12, 2010 4:36 PM
>>> *To:* Michael Coates
>>> *Cc:* global_conference_committee;
>>> Global_membership_committee at lists.owasp.org
>>> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
>>> Scheduled for 12/21 @ Membership Meeting
>>>
>>>
>>>
>>> <inject>
>>>
>>>
>>>
>>> I actually was talking to Jason Li and Dinis about this at AppSec BR.  We
>>> were thinking that we could develop a "OWASP Points" System that assigns
>>> points to people based on the OWASP Activities they do.  Ultimately We'd
>>> might work out member "levels" or some benefits to add to this, but i
>>> digress.
>>>
>>>
>>>
>>> You all would set "global" point values for things like, being a
>>> committee member, committee chair, board member, and other general member
>>> stuff.  The thought would be each committee would assign the point values
>>> for their respective AORs but it would be a Membership
>>> Committee initiative (see how I volunteered you?).  Committee Chairs would
>>> have to report in points say, quarterly and they would be assigned on
>>> completion of the activity.
>>>
>>>
>>>
>>> As an Example for the GCC we do something like (point values are nominal,
>>> we'd have to get together and normalize them):
>>>
>>>    - OWASP Conference (Core) Organizer: 50 Pts
>>>    - OWASP Conference Planning Committee Members: 20 Pts
>>>    - OWASP Conference Voluenteer: 10 Pts
>>>    - Attend an OWASP Conference: 5pts
>>>    - Attend OWASP Training Class: 5pts
>>>    - Host an OWASP Event: 10 Pts
>>>
>>> Projects would then do something similar for their stuff (take a project
>>> to alpha release, lead a project, submit code .... whatever they want)
>>>
>>>
>>>
>>> Industry, Connections, Education, Chapters and so on.
>>>
>>>
>>>
>>> This serves 2 functions.  You would be able to show off how many OWASP
>>> points you'e earned..... and for employers, employees,
>>> having substantial OWASP points could be a reason to get a raise, job et
>>> all.
>>>
>>>
>>>
>>> OFC, you'd have to be a individual member of the organization for any of
>>> this to be tracked.
>>>
>>>
>>>
>>> </inject>
>>>
>>>
>>>
>>> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <
>>> michael.coates at owasp.org> wrote:
>>>
>>>
>>>
>>> In terms of the self assessment, where you thinking of having a specific
>>> date for it (i.e. every november) or would it be X months from the last
>>> review or when the leader was appointed?
>>>
>>>
>>>
>>> Either way could work, but I think we could keep our heads around it
>>> better if its at a set date every year. Also we can easily advertise/remind
>>> the leaders list each time that window roles around.
>>>
>>>
>>>
>>> Workload-wise it might be better to have this on a rolling basis.  That
>>> way it could be a recurring task (“we need to review these applications by
>>> the first of the month”) rather than a huge project (“review ALL the
>>> applications by Nov 1”)  Also I believe that there will be increased OWASP
>>> activity for most folks just before their renewals come up and it would be
>>> better to have that spread throughout the year rather than centered at one
>>> point on the calendar.
>>>
>>>
>>>
>>> Good point on the ramp up of OWASP activity that might occur prior to the
>>> deadline.  I'm for the rolling model, we just need to make sure we have a
>>> good tracking system in place and have several methods to contact each
>>> individual.
>>>
>>>
>>>
>>>
>>>
>>> In terms of the review period, what do you think of making it smaller,
>>> i.e: at least every 6 months?
>>>
>>>
>>>
>>> Benefits: Cause individuals to reevaluate their contributions more often.
>>> Possibly leading to people doing more work for OWASP.
>>>
>>> Negatives: More work for individuals, more work for reviewers (committees
>>> analyzing these docs).  May frustrate people to keep filling out these docs.
>>> Also, sometimes people just get busy at work and have to do less OWASP.  Not
>>> sure how they'd feel to loose their Honorary Status.
>>>
>>>
>>>
>>> Might make sense to start with an annual model and increase the tempo if
>>> we think it will increase involvement and it won’t overload the folks doing
>>> the reviewing.
>>>
>>>
>>>
>>> I'm for starting this on an annual basis too.
>>>
>>>
>>>
>>> -Michael
>>>
>>>
>>> _______________________________________________
>>> Global_membership_committee mailing list
>>> Global_membership_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>
>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>> _______________________________________________
>>> Global_membership_committee mailing list
>>> Global_membership_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>>>
>>>
>>>
>>> _______________________________________________
>>> Global_conference_committee mailing list
>>> Global_conference_committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global_conference_committee
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>>
>>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101213/9b136acb/attachment-0001.html 


More information about the Global_conference_committee mailing list