[Owasp-board] 1st OWASP hire - Admin Support?

Andrew van der Stock vanderaj at owasp.org
Thu Oct 18 05:50:08 UTC 2007


We do need to eventually become a representative democracy to provide  
transparency. I said at the OWASP EU 2006 conference that I'd like  
for our positions to be open for annual or bi-annual elections a la  
Apache Foundation or any number of other successful open source  
projects. I should extract the digit and get that proposal under way.

But outside of those elections, we have to trust in ourselves to be  
guardians of OWASP's best interests, and be accountable for our  
decisions. Therefore, I personally don't see much point in taking  
every decision to the members for a vote. We can't go to them every  
time a decision has to be taken. For example, voting on whether to  
spend $100k on SPOC and then waiting for enough to weigh in, and then  
after that getting enough folks to vote on each and every recipient.  
We'd be constantly stalled (more than now) whilst second guessing  
ourselves. None of the OSS Foundations do this with the exception of  
Debian, and we shouldn't follow Debian's path as it provably did not  
work. Debian totally bogged down in internal naval gazing and license  
purity flame fests, eventually the founders left - the ultimate sign  
of no confidence, another distro (Ubuntu) took Debian, forked it and  
made it into the #1 distro, and now Debian is practically irrelevant  
to this process. They wasted so much time on politics rather than  
coding and missed the boat. They could have been #1 for the longest  
time and totally blew it. We are #1 in our field, and I don't want to  
relinquish that any time soon.

We can only lead when people want to follow our choices. So far,  
we're doing a great job - we've experienced massive growth, mind  
share, projects and tools are flocking to us, and ultimately this has  
resulted in widespread official recognition and adoption. Let's not  
second guess this decision - or any other. This doesn't mean we have  
to be secretive - we should put out ideas and goals out there  
regularly - at conferences, in our blogs, and so on.

thanks,
Andrew

On Oct 17, 2007, at 11:57 PM, Dave Wichers wrote:

> I’m glad everyone is on board. I was not envisioning this person as  
> a technical person, thus I don’t quite understand your comment  
> about it being someone recommended by an OWASP contributor. If it’s  
> a secretarial type admin person, I wouldn’t imagine that they’d  
> easily be able to recommend someone from the Baltimore DC area, and  
> I’m also not sure about this whole voting business either.
>
> Can you explain more your thoughts in this regard? I’m all for free  
> and open, but I don’t think it always makes sense in all cases.  
> (like voting on who we hire).
>
> -Dave
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071018/abedd3a1/attachment-0002.bin>


More information about the Owasp-board mailing list