[Governance] [Owasp-leaders] Request - Survey - Implementation process on higher decisions

Christian Heinrich christian.heinrich at cmlh.id.au
Tue Aug 18 02:38:13 UTC 2015


Jim,

I would appreciate you response to the direct e-mail I sent to you
just over an hour ago.

On Tue, Aug 18, 2015 at 11:56 AM, Jim Manico <jim.manico at owasp.org> wrote:
> The other thing to note is, how much money do successful projects really
> need? I manage four OWASP projects and they all pretty much have zero
> funding yet I feel they are successful. Most of the tools we need to manage a > successful project these days are cheap and free.

Putting aside the conflict of interest as an OWASP Board Member, the
driver for this upkeep of your OWASP Projects is the reputation of
https://manicode.com/ is it not?

On Tue, Aug 18, 2015 at 11:56 AM, Jim Manico <jim.manico at owasp.org> wrote:
> Let me give you an example.  Jeremy Long runs the Dependency Check project, a very amazing tool which earned OWASP Flagship status. I see regular check-in's from him super early in the morning because he wakes up at the crack of dawn to get some coding time in before he starts his day. You can't buy dedication like that. You need to have it in your gut - the burning desire to make something happen regardless of the bull$hit happening around you. I know of several in our community who have that fire. Jeremy. Simon. Abraham Aranguren, Bharadwaj Machiraju, John Melton, Colin Watson, Ryan Barnett and many others who just dig in and do it.

These contributors are from different communities i.e. vendor,
consultant, end user and you need to assess each one.

As far as I am aware Simon's contribution is dependent on his role at
Mozilla i.e. https://blog.mozilla.org/security/2012/09/13/owasp-zap-the-firefox-of-web-security-tools/
as is Ryan's role with Akami, whose WAF is based on ModSecurity.

Jeremy driver would be of interest since his project was related to
our complaint of the inclusion of A9 in the OWASP Top Ten 2013 i.e.
http://lists.owasp.org/pipermail/owasp-topten/2013-May/001009.html and
yet prior to this received support outside of OWASP (prior to this
incident) i.e. http://krvw.com/pipermail/sc-l/2012/002786.html and
http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-November/008596.html


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Governance mailing list