[Owasp-board] (email to Dan) Fwd: Membership Committee members for the OWASP Summit

dinis cruz dinis.cruz at owasp.org
Sat Dec 11 10:36:03 UTC 2010


Board, FYI, sent in confidence

Dinis Cruz

---------- Forwarded message ----------
From: dinis cruz <dinis.cruz at owasp.org>
Date: 11 December 2010 10:35
Subject: Re: Membership Committee members for the OWASP Summit
To: Dan Cornell <dan at denimgroup.com>


Hi Dan

The reason I proactively pinged you about this topic is because I knew it
had the potential to be a bit sensitive but hopefully I can explain the
reasoning

First of all, the main reason why that email was created with you in the
focus, was because your answer to the survey was not registered (note that
there were 16 Committee member that didn't reply (or who answer was not
captured)).

But the core issue here is that we need to remove from the Committees, the
OWASP leaders that are not being active. In an ideal world this would happen
automatically, but since it is easier to keep the status-quo and not
anything about it, our current Committee structure is basically one where it
is easy to get in and hard to get out. Do you agree that this is a problem
we need to tackle?

Another important concept at OWASP is that things only happen when there is
a deadline or something will happen.

So basically in this case, we (OWASP Board) have the task/responsibility to
go through the committees and checking what is the status of the Committee
members. Hence the email to the Committee list.

The other problem we have here is the current lack of transparency that even
us at OWASP tend to have on this issues. I know that it would had been more
politically correct to email you directly, but we really need to have these
conversations in public mailing lists , so that everybody involved is aware
of what is going on.

Finally, you are a good example of our failure in
recognizing/mapping/visualizing OWASP contributions.* The problem is not
that I didn't felt that you were an active Committee member, the problem was
that I had no data available about your level of contributions* (so that i
could reach that conclusion).

And this is ultimately why I am putting so much energy and focus in
addressing this 'Active Committe' member problem.

My view is that we really need to tackle the issue of 'Visibility into
participation in OWASP / what is an OWASP Leader', because if we don't, we
risk allowing OWASP have 100s or 1000s of leaders and ultimately be driven
by individuals that don't really contribute, that don't understand/respect
our values, but happen to have 'strong' opinions. If you look around OWASP
you will see a significant number of OWASP Leaders that really don't deserve
that status (at least when compared with other leaders that are really
working hard and delivering).

Any organization to work must have some level of hierarchy and levels, my
hope is that at OWASP we can do that based on contributions and value,
instead of established power, connections/friendships/bribes or political
moves.

Wrapping up, sorry if you got caught a little bit on the cross-fire, and if
you have some cycles, this 'What is an OWASP Leader' question is an area
that we really need help with.

Dinis Cruz


On 11 December 2010 02:45, Dan Cornell <dan at denimgroup.com> wrote:

> Dinis:
>
>
>
> My apologies but the more I’ve thought about this today the more it has
> bothered me.  After reading through the original email (which I still
> haven’t received – perhaps my forward from dan.cornell at owasp.org to
> dan at denimgroup.com got turned off during the Google Apps conversion) I’m
> not sure what the intended goal was.  The way I read the original email it
> essentially says “Dan’s contributions to the Membership Committee may not be
> enough to justify funding his attendance of the Summit, but he does a lot of
> other stuff so we should probably fund his attendance anyway”  The first
> part of that statement would have been best confirmed via talking to me or
> at least Michael Coates and Kate Hartmann rather than the
> owasp-global-membership-committee and owasp-summit-2011 mailing lists and
> the second part of the statement makes individual-specific questions about
> the first irrelevant.
>
>
>
> What’s done is done and I’m a big boy and we can hug it out over Skype
> later, but I just wanted to let you know that I thought this could have been
> handled better.
>
>
>
> Denim Group will cover my travel and expenses for the Summit so regardless
> it shouldn’t be an issue.
>
>
>
> Thanks,
>
>
>
> Dan
>
>
>
>
>
> *From:* dinis cruz [mailto:dinis.cruz at owasp.org]
> *Sent:* Friday, December 10, 2010 11:05 AM
> *To:* Dan Cornell
> *Cc:* Cornell Dan
> *Subject:* Re: Membership Committee members for the OWASP Summit
>
>
>
> Hey Dan, thanks for following it up
>
>
>
> Re the survey, I was quite convinced that there was something weird going
> on with your response, since you are much better then me at
> managing/following-up emails :)
>
>
>
> In terms of your Active Committee status, I have no problems taking your
> word for your activity, and unless Michael disagree, you deservedly fit in
> the 'Active Committee' group.
>
>
>
> Do you know what Committee you would like to move to? We should take
> this opportunity to make that move :)
>
>
>
> In terms of sponsorship, the plan is for OWASP to cover your expected
> expenses (in this case 2000 USD (1200 travel + 800 hotel)). So I would say
> it is up to you/Demin to chose how much you want to cover (note that we will
> put here http://www.owasp.org/index.php/Summit_2011_Attendee a logo for
> the companies that cover the respective leader's expense and a logo for the
> participant's time (assuming that Denim is paying for your time (i.e. you
> are not taking holidays to go to the Summit) Denim is already going to have
> 1 logo on that page))
>
>
>
> Sorry about sending my original email to a wider list, but your case was a
> perfect example of the multiple dynamics that we have to take into account
> when compiling the 'Active Committee' list, and the fact that we need to be
> careful in doing it . That said, we have to make sure that we remove the
> OWASP Leaders who are part of a Committee but have not participated.
>
>
>
> Thanks :)
>
>
> Dinis Cruz
>
>
>
> On 10 December 2010 16:48, Dan Cornell <dan at denimgroup.com> wrote:
>
> Hey man, I want to make sure you don't take my comments the wrong way!
>
>
>
> Hrm...  For some reason I didn’t receive the original email to the
> distribution lists.  This might have been best handled directly prior to
> opening up the conversation to the lists.
>
>
>
> Please see comments inline in RED below.
>
>
>
> You do amazing work for OWASP, but we are trying to handle the Committees
> as a group, so please don't view this as a criticism on your OWASP work and
> contributions
>
>
>
> Give me a call if you want to talk about this :)
>
>>
> So in order to have some objectivity in this process (and due to the fact
> that OWASP is covering Summit's expenses for the Committee members) a couple
> months ago, we sent out a survey that asked the Committee members to review
> their past contributions:
> https://spreadsheets.google.com/a/owasp.org/viewform?formkey=dHNoWkxhRGJBdXBXVURCMVN4ODd6cXc6MQ
>
>
>
> The results kind of (with some exceptions) matched the current perceived
> levels of participations on the multiple committees (for reference there
> were 16 committee members that didn't reply)
>
>
>
> One of those that didn't reply was Dan :)
>
>
>
> That is interesting because I specifically remember filling this form out.
> Not sure what is up but I did run through all of these questions.
>
>
>
> And here is the current situation, which I need to clarify (note that each
> Board member is assigned to a committee, and I'm assigned this quarter to
> this one)
>
>
>
> Although Dan didn't reply to the survey, he has been a semi-active member
> of this Committee right? From my past experience in dealing with this
> committee I think it is fair to say that Michael has been more involved, but
> Dan's was always there and did actively participated in some of the
> discussion and conference calls.
>
>
>
> Lately Michael has definitely been more involved.  I would say that was
> during the last 3 or so months because I have been on the road and
> scheduling calls has been a nightmare.  Prior to that we were both involved
> and there were a number of calls where it was only Kate and I.
>
>
>
> On the other hand, this committee has lacked (for a while now) a serious
> challenge or 'problem to solve' , so it is probably not fair to penalize
> such lack of committee activity, since there was not 'a lot to do'
>
>
>
> Another important point is that *Dan is a massive OWASP leader and does a
> LOT for OWASP in a number other areas *(outside this committee) *and he
> absolutely falls into the category that should (if required) be sponsored to
> go to the Summit *(note that we currently don't have an approved budget
> for OWASP leaders participation)*.*
>
>
>
> SO....
>
>
>
> My questions to you Dan are (and Michael and others please also comment):
>
>
>
> 1)      do you still want to be a OWASP Global Membership Committee
> member?
>
>
>
> I am happy to keep serving on the Membership Committee but was considering
> moving to another committee to get some new blood into the Membership folks
> as well as to explore other areas of OWASP.
>
>
>
> 2)      can you make it to the OWASP Summit?
>
>
>
> Yes.
>
>
>
> 3)      if so, do you need OWASP to cover your expenses (estimated at 2000
> USD)
>
>
>
> Ideally OWASP would support some of my travel expenses and Denim Group can
> cover the rest.
>
>
>
> 4)      if so, do you feel that your past 6 to 12 months contributions
> would put you into the 'Active Committee' member category that
> would entitle you to be funded by OWASP (*note that your other OWASP
> contributions will also entitle you to be sponsored*, BUT, that is a
> separate discussion and more importantly, note that we (OWASP) currently
> don't have budget approved/available to cover for OWASP
> Leaders participation (where we have already budget allocated to pay for the
> Active Committee members participation)
>
>
>
> I’ll defer to other folks opinions on this issue.
>
>
>
> Thanks,
>
>
>
> Dan
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101211/8ff93cf3/attachment-0002.html>


More information about the Owasp-board mailing list