[Global_conference_committee] Amendments to the recently approved GCC Governance Document (was: vote thread)

dinis cruz dinis.cruz at owasp.org
Sun Dec 19 00:49:44 EST 2010

This thread is raising really important issues, and I'm very happy that
finally our Committees are raising these problems (since they can only be
tackled then).

Ok, so in terms of putting any limitations on any terms of any position at
OWASP (i.e. you can only be there for X years), I think you will find very
hard to create a model that is compatible with OWASP's openness model.

My preference is for a model that rewards deliverables (if done in a way
compatible with our values). Basically 'if XYZ is doing a great job, he/she
should continue', if not he/she should go.

Now .... where we currently are not very good, is at creating pragmatic and
objective criteria (and workflows) to 'gently' remove non-performing leaders
from the positions our leaders currently have, namely at the Board,
Committees and Chapters (the projects need special handling due to the
massive connection that exists between a Leader and its project). We have
taken the first baby-steps when we identified the 'Active Committee members'
for the Summit (and 'forced' the non actives to either step-down or
reconfirm their commitment)

Basically the model should be that if *a leader is not being active and
adding value, he/she should be replaced by new blood.*

If we get this model right, we will also get something that I have been
trying hard to implement at OWASP which is to create a model where our
are able to fail smoothly'* . The concept here is that every now and then,
there are *leaders that think that they will be great at a particular role*.
The problem is that sometimes, those leaders are either not suited for that
role, of (unfortunately) simply not good enough.

*So how do you deal with that situation?* Do you block (if you could) that
person from taking that position? What would give you the right in an
Open Organization like OWASP to make that decision? *And what if you are
wrong? *

I much prefer the model that we give that person the chance to make it work:

   - and if they fail, then the damage should be limited,
   - and if they succeeded we all gain.

The failure in this case, is actually quite healthy since in a lot
of organizations people don't get honest feedback on their performance and
never really know how good or bad they are working. It also will prevent
that leader from gaining more positions of responsibility (where the damage
created could be much bigger)

Now.... on the topic of the over AMERICAnization of some of our committees!

Again you will find very hard to create a model that would limit how many
Americans would be on this list, when taking into account the Openness of

And John W., I know that there is a culture difference here (where you will
argue that 'culture wise' the Americans are more proactive than the Swedes),
BUT, I don't think that is the problem here. *The issue here is that the
number of active OWASP leaders is still higher in America than in other
countries. And this is not a problem with America but a problem with us (the

So if we want to have less % of American Committee members in our Committees
the solution is to add more non-American Committee members :)

Note that *we also cannot limit how many Committee members exists* (since
that would be stupid from OWASP point of view since the *applicants are
basically offering their services for free*). If we do reach a case where
there are Committees with more than 10 or 15 member, then the solution
should be a restructure of those committee in (for example) working teams,
instead of closing down the Committee to new members.

I will reply to the 'private vote' issue next using one of the follow-up
emails, since there is a good example there

Dinis Cruz

On 17 December 2010 15:51, Mark Bristow <mark.bristow at owasp.org> wrote:

>  John,
> Inline comments below.
> FYI All, Looped in the GCC list.
> On Fri, Dec 17, 2010 at 10:39 AM, John Wilander <john.wilander at owasp.org>wrote:
>>> 2010/12/17 Mark Bristow <mark.bristow at owasp.org>
>>> So john, some inline comments to your comments below.
>>>> Also, do you approve the doc as is and want to put up separate changes,
>>>> or is this a reject?  If so, we'll re-open for discussion.
>>> I approve as long as we can discuss and get changes in there eventually.
> Doing it now,  Looped in the main GCC list.
>>>  *
>>>>>> *
>>>>> I like Mark but I still think we should have a max on how many years
>>>>> (in a row) you can be chair. My suggestion is three years.
>>>> Fine by me.  If I got elected for 2011, would make it my last year.
>>> To be clear – I think you're doing a great job and I'm not challenging
>>> you. But I think it's healthy to have a max. Would be good for the OWASP
>>> Board too. People tend to deliver their best if they know the timeframe for
>>> their engagement and there's a natural succession when people know there has
>>> to be a new leader/chair chosen. Look at American presidents vs Swedish
>>> ever-prime ministers. I much prefer the American "you get two terms max".
> A) feel free to challenge me
> B) I agree, some term limits are healthy to keep things fresh.  I agree on
> the board comment but that's for the new Governance working session that I
> just found out I'm in......
> C) I don't think that Lifetime MAXes are necessary, but i"m good with only
> 3 consecutive years.
>>>>> We need to comment that scheduling of the meetings have to take into
>>>>> consideration the different time zones we're in. I constantly have trouble
>>>>> attending OWASP phone calls because they're in odd time of the day or night.
>>>>> If I have a Skype meeting until 1 am I will not do a good job the day after.
>>>>> Mark has been good in scheduling so far but we should have a sentence about
>>>>> not only fitting for instance US time zones. I suspect any Asian GCC members
>>>>> will have a lot to say about this.
>>>>> Since a GCC member can be kicked out if not attending enough meetings
>>>>> the scheduling is important.
>>>> I think that "Meetings will be scheduled based on the availability of
>>>> the majority of the members" settles this somewhat. This forces some type of
>>>> "polling" in order to set the meeting date time. Much like I use Doodle now
>>>> for scheduling.
>>> Yeah. As long as we don't end up in the GCC always having a majority of
>>> people in certain time zones so the majority of members constantly prefer
>>> that time zone.
> This is an entirely separate problem.  I'd love to have more people from
> europe, asia and south america on the committee but unfortunately we haven't
> had many takers to date.  I think that we as a committee should not accept
> additional members from the US unless one resigns.
>>>  Add a sentence about the GCC member(s) with conflicting interests to
>>>>>> temporarily leave the meeting during discussion. This is important if we
>>>>>> want to have an open and effective committee. For instance – if AppSec in
>>>>>> Stockholm would have produced a loss and the GCC wanted to discuss this you
>>>>>> would have asked me questions first and then discussed privately for 10
>>>>>> minutes without me hearing.
>>>> Recusal is not a bad idea, however since our meetings are open to anyone
>>>> to join it would be odd for the GCC member to have to leave when anyone in
>>>> OWASP is welcome to stay.
>>> I wouldn't mind. As a formal member I understand that people will need to
>>> discuss freely for the committee to reach the right decision.
> I just feel this is counter to "openness".  It's a tough call, because if I
> wasn't a GCC member, and I knew the GCC was taking something up important to
> me, I'd be on the call anyway to argue my case if needed.  However I find
> that I'm better with mental compartmentalization than most.
>>>  I don't it'll be a problem but gas prices vary a lot around the globe.
>>>>> For instance gas is USD 7 per gallon in Sweden. So we might want to say
>>>>> something about adjusting for local gas prices.
>>>> Do you have an internationally recognized index we can throw in here?
>>> :D. No, but just a note on proving by receipt what your fuel costs were
>>> per km/mile would be fine. Then we can default to the amount you have there.
> Well, on tho the 2011 plan vote so we can ask the board for funds for this
> to matter ;)
>>>    /John
>>> --
>>> John Wilander, https://twitter.com/johnwilander
>>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>>>  <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
>>> http://www.owasp.org/index.php/Summit_2011
>>> <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
>>> http://www.owasp.org/index.php/Global_Conferences_Committee
>> --
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> _______________________________________________
> Global_conference_committee mailing list
> Global_conference_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_conference_committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_conference_committee/attachments/20101219/a7129e67/attachment.html 

More information about the Global_conference_committee mailing list