[Owasp-board] OWASP Points for Leaders

dinis cruz dinis.cruz at owasp.org
Mon Dec 13 11:13:01 UTC 2010


(I changed the title to reflect the current topic (see thread below for
reference)

Mark is spot on that the point of the points system :)  , is to recognize
the leaders participation (and not to encourage it)

The fact that we don't have good visibility into our leaders contribution is
a massive problem at OWASP (and one that if don't tackle soon could cause a
lot of damage to our community).

Since the best way to get something done at OWASP is to have a reason/event
creating its need, the OWASP Summit 2011 is the perfect opportunity to have
a first pass at doing this.

The problem we have at the Summit is *'On which order/priority do we
allocate the limited available funds to bring our hard-working leaders to
the Summit' *(i.e. if we have an extra 25k, who should get that money first?
(as you will see on the spreadsheet below, the current amount needed is 88k)

In order to get to this answer we have started creating a solution which is
in essence the points model proposed on this list.

Please start by reading this thread:
https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000339.html
which
points to this spreadsheet
https://spreadsheets.google.com/a/owasp.org/ccc?key=0Amvv_7Gz8Z7TdGNEb0RRUUdfX0tMQ1EwTjY1MzNMWmc&hl=en
(see
sheet #2 called '2nd Batch - Sponsorships')

The discussion is currently at *'What types of points should we have and
what should be their value?'*

Jason (in
https://lists.owasp.org/pipermail/owasp-summit-2011/2010-December/000346.html)
proposes the following list (which I agree) . Note that this needs to be
merged with the ideas already discussed in this thread:

   - *Major Active Project Leader** 5** points*
   - *AppSec organizer in 2009/2010** 5** points*
   - *Special Invitation** **4 points*
   - *Key Industry player** 4** points*
   - *Active Chapter leaders** 3** points*
   - *New Committee Member 3** **points** *
   - *New  Project Leader** 3** points*
   - *Recommit Committee member** 2** points*
   - *Past OWASP leaders** ** **2 points** *
   - *Responded by 30th ** 2** points*
   - *Participated at AppSec** **1 point*

*Rationale:*
*- Committee Members: New committee members are demonstrating energy and
initiative. Recommitted members are members who for one reason or another
became inactive but have recommitted themselves to their committee. While
it's great that they have recommitted, I think we should give a slight
priority to new committee members over members who have already had an
opportunity to serve but failed to deliver. In essence, Recommitted
Committee members are akin to "historic" leaders*
*- Projects: New projects leaders are like new committee in that we want to
encourage the energy and initiative. Existing project leaders of active
projects are extremely important to the OWASP ecosystem so they should be
prioritized.*
*
*
* *Let's see if over the next couple days, we can:

   - agree on a criteria,
   - complete the spreadsheet formula,
   - do a first pass at the mappings
   - and finally open up the discussion and mappings to the owasp-leaders
   list

Dinis Cruz



On 13 December 2010 00:45, Tony UV <tonyuv at owasp.org> wrote:

> Sounds good.  Inline comments below. Overall main concern is the (a)
> development of the point system (b) educating a wide global member base on
> the point system (despite the most clear and concise wiki, etc to accompany
> it) (c) marketing this reward system to the point that adoption ramps up
> effectively. In either case, I’m all in.
>
>
>
>
>
> Tony UcedaVelez, CISM, CISA, GSEC
>
> *Chapter Lead*
>
> *OWASP Atlanta*
>
> http://www.owasp.org/index.php/Atlanta_Georgia
>
> Twitter: *@versprite*
>
>
>
> *From:* Mark Bristow [mailto:mark.bristow at owasp.org]
> *Sent:* Sunday, December 12, 2010 7:34 PM
> *To:* Tony UV
> *Cc:* Michael Coates; global_conference_committee;
> Global_membership_committee at lists.owasp.org
>
> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
> Scheduled for 12/21 @ Membership Meeting
>
>
>
> The point is't to motivate people to contribute, *[Tony UcedaVelez] * No
> arguments on the need and goal to motivate folks.  Agree there.
>
>
>
> it's to recognize people who do and provide some metrics that can be
> pointed to (Like CISSP CPEs) to demonstrate involvement.  *[Tony
> UcedaVelez] * Wouldn’t issuing CPE certs (a) achieve the same thing in
> terms of metrics (number issued to, what they did, etc) and (b) give
> volunteers something that they actually need? Otherwise we’ll have to
> develop a fairly point redeeming system AND educate them (more time) in
> order to get them to understand what those points translate into.  All good
> if we want to do that, but simply speaking on the logistics and time to be
> taken vs tapping into an existing solution that they already know.  Currently
> there is no measure of this.
>
>
>
> This is why I was shouldering the responsibility for individual points
> awards/tracking on each Committee.  *[Tony UcedaVelez] * Would it make
> sense that there would be a dedicated global points coordinator for all of
> this or even team to do this across the board?  Just thinking of the
> scalability of leaders of those committees to have to set yet something else
> up as well.  Conference Volunteers is actually something not difficult for
> me to track (as they get in free, need shirts ordered for them et all, they
> are identified early).*[Tony UcedaVelez] * Sounds good then.  As long as
> this and other proposed use cases doesn’t introduce a fuzzy, non-credible
> point system where points are awarded w/o proper accountability.
>
>
>
> Each committee knows what's measurable and what's not.
>
> On Sun, Dec 12, 2010 at 7:23 PM, Tony UV <tonyuv at owasp.org> wrote:
>
> My .02 late in the game is as follows:  (please excuse any redundancy)
>
>
>
> -          Main point, if people need a point system to lead or
> contribute, then there is something wrong here. This is my main gut feeling.
>
> -          Points would be difficult to track and maintain the
> accountability and integrity of. He/She said could ensue, particularly if
> points are awarded to relatively simple actions that are not well defined
> (i.e. – OWASP Conference Volunteer)
>
> -          Don’t think that the point system would have much clout with
> employers.  We could simply do the CPE thing for those that nurse those
> certifications.  They have to find hours anyway and they may as well get
> credit.  All depends on how active we’ve socialized the idea of awarding
> CPEs to volunteers, etc. Works for ISSA/ ISACA to shepherd them in.
>
> -          Point system may work best to cash in to a reward point system
> (which may have already been discussed) where members turn in points for
> freebies (OWASP merch) or points towards expense paid OWASP cons, etc.
>
> -          Corporate level point system may work by letting them rack up
> points so that they could get a free 2 day training from an OWASP lead or
> trainer.
>
>
>
>
>
>
>
> Tony UcedaVelez, CISM, CISA, GSEC
>
> *Chapter Lead*
>
> *OWASP Atlanta*
>
> http://www.owasp.org/index.php/Atlanta_Georgia
>
> Twitter: *@versprite*
>
>
>
> *From:* global_membership_committee-bounces at lists.owasp.org [mailto:
> global_membership_committee-bounces at lists.owasp.org] *On Behalf Of *Mark
> Bristow
> *Sent:* Sunday, December 12, 2010 4:36 PM
> *To:* Michael Coates
> *Cc:* global_conference_committee;
> Global_membership_committee at lists.owasp.org
> *Subject:* Re: [Global_membership_committee] Honorary Memberships - Vote
> Scheduled for 12/21 @ Membership Meeting
>
>
>
> <inject>
>
>
>
> I actually was talking to Jason Li and Dinis about this at AppSec BR.  We
> were thinking that we could develop a "OWASP Points" System that assigns
> points to people based on the OWASP Activities they do.  Ultimately We'd
> might work out member "levels" or some benefits to add to this, but i
> digress.
>
>
>
> You all would set "global" point values for things like, being a committee
> member, committee chair, board member, and other general member stuff.  The
> thought would be each committee would assign the point values
> for their respective AORs but it would be a Membership
> Committee initiative (see how I volunteered you?).  Committee Chairs would
> have to report in points say, quarterly and they would be assigned on
> completion of the activity.
>
>
>
> As an Example for the GCC we do something like (point values are nominal,
> we'd have to get together and normalize them):
>
>    - OWASP Conference (Core) Organizer: 50 Pts
>    - OWASP Conference Planning Committee Members: 20 Pts
>    - OWASP Conference Voluenteer: 10 Pts
>    - Attend an OWASP Conference: 5pts
>    - Attend OWASP Training Class: 5pts
>    - Host an OWASP Event: 10 Pts
>
> Projects would then do something similar for their stuff (take a project to
> alpha release, lead a project, submit code .... whatever they want)
>
>
>
> Industry, Connections, Education, Chapters and so on.
>
>
>
> This serves 2 functions.  You would be able to show off how many OWASP
> points you'e earned..... and for employers, employees,
> having substantial OWASP points could be a reason to get a raise, job et
> all.
>
>
>
> OFC, you'd have to be a individual member of the organization for any of
> this to be tracked.
>
>
>
> </inject>
>
>
>
> On Sun, Dec 12, 2010 at 4:20 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
>
>
> In terms of the self assessment, where you thinking of having a specific
> date for it (i.e. every november) or would it be X months from the last
> review or when the leader was appointed?
>
>
>
> Either way could work, but I think we could keep our heads around it better
> if its at a set date every year. Also we can easily advertise/remind the
> leaders list each time that window roles around.
>
>
>
> Workload-wise it might be better to have this on a rolling basis.  That way
> it could be a recurring task (“we need to review these applications by the
> first of the month”) rather than a huge project (“review ALL the
> applications by Nov 1”)  Also I believe that there will be increased OWASP
> activity for most folks just before their renewals come up and it would be
> better to have that spread throughout the year rather than centered at one
> point on the calendar.
>
>
>
> Good point on the ramp up of OWASP activity that might occur prior to the
> deadline.  I'm for the rolling model, we just need to make sure we have a
> good tracking system in place and have several methods to contact each
> individual.
>
>
>
>
>
> In terms of the review period, what do you think of making it smaller, i.e:
> at least every 6 months?
>
>
>
> Benefits: Cause individuals to reevaluate their contributions more often.
> Possibly leading to people doing more work for OWASP.
>
> Negatives: More work for individuals, more work for reviewers (committees
> analyzing these docs).  May frustrate people to keep filling out these docs.
> Also, sometimes people just get busy at work and have to do less OWASP.  Not
> sure how they'd feel to loose their Honorary Status.
>
>
>
> Might make sense to start with an annual model and increase the tempo if we
> think it will increase involvement and it won’t overload the folks doing the
> reviewing.
>
>
>
> I'm for starting this on an annual basis too.
>
>
>
> -Michael
>
>
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
> _______________________________________________
> Global_membership_committee mailing list
> Global_membership_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_membership_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101213/70bdbc75/attachment-0002.html>


More information about the Owasp-board mailing list