[Governance] Stepping down from Project Reviews

johanna curiel curiel johanna.curiel at owasp.org
Wed Sep 2 14:18:34 UTC 2015

Members of the board ,

I have decided to step down from the project reviews activities.

I have been doing continues reviews the last 2 years, especially the last
year I was quite involved in a major clean up in the project inventory,
together with other members that participated in and on/off basis.

That does not mean I'll step down from every activity I have been working
on the last years at OWASP. Indeed, now I'll focus my attention in those
activities that I feel have provided me with higher level of reward and a
grateful feeling.

Unfortunately,  I cannot say the same for reviewing projects. The greatest
reward I had from that activity is what I learned from many project for the
last 2 years, not just looking, but download , testing and using them and
volunteering on their activities.

 It is a ticklish activity that have provided me very little satisfaction
but disappointment. Never seems to be enough even when people have little
idea how much time is needed to use an open source project , let alone
understand it. I'm a volunteer , not an OWASP employee. Lets clarify that
for people that might read this.

I think Claudia  , as her predecessor, Kait-Disney did, can surely help
maintain inactive/active projects monitoring. Another ticklish activity
that we hear many complains regarding inactive projects wanted to keep
alive. Political driven necessities to have wiki pages of empty projects,
thats what we finished and hope you can continue for the sake of users.

The actual situation is that Project leaders are definitely on their own,
and they should understand that: when it comes to having a platform at
OWASP for developing projects, they have very little support on this.

It's not about money, is about a platform, a process and a way to be able
to make a project a reality no matter if you are in India, Pakistan, or
Africa. The inequality between these worlds is very obvious when we look at
 projects in US or EU compare to 'developing countries'. Big security
companies are not behind these leaders  to support them with time or

I hope that in the future there is a clear perspective how to help projects
develop better. So far I have not seen major initiatives directed on
improving a platform. A platform is not a wiki page, not a github account,
these things are already free without OWASP support.

I think people hoping to secure their web applications using OWASP tools,
can have better ways for doing it if more energy is directed towards
supporting a better structure for developing OWASP projects.

This is where my energy will be from now on. Hopefully with the right


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20150902/404a170e/attachment.html>

More information about the Governance mailing list