[Owasp-board] ASVS needs a new leader

Paulo Coimbra paulo.coimbra at owasp.org
Tue Jul 27 20:31:12 UTC 2010


I was precisely on my way to create a couple of wiki templates to articulate
a process that seems to me very similar to what Jason is proposing.

 

I’ve started off on the newly created ‘request for services template’ and
was thinking in the following tabs:

 

-          Request For Proposals – (Project  Leadership need description)

-          Applications (Applicant name + Roadmap)

-          GPC’s recommendation

-          OWASP Board’s decision.

 

I have already talked with Dinis and while I support Jason’s vision that we
should only be ‘posting these roadmaps to the OWASP wiki until *after* the
submission deadline’, he disagrees. 

 

http://www.owasp.org/index.php/Seeking_New_Project_Leader_For/ASVS

 

http://www.owasp.org/index.php/OWASP_Request_for_Proposals/Training_Manager

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of Jason
Li
Sent: terça-feira, 27 de Julho de 2010 21:05
To: Dave Wichers
Cc: dinis cruz; Paulo Coimbra; Eoin; Andrew van der Stock; OWASP Foundation
Board List; Brad Causey; Jeff Williams; Leo Cavallari; Matt Tesauro; Pravir
Chandra
Subject: Re: [Owasp-board] ASVS needs a new leader

 

*Because* it's such a flagship project, I personally think that it would be
a good idea to get someone from outside the Board and the global committees
to lead the ASVS. I think it's important to show that becoming a big project
leader @ OWASP is not tied to being in the exclusive Board/Committee club.

 

Obviously we need to balance the need to ensure quality in one of our
flagship projects, and certainly original authors and contributors should
stay involved. Perhaps we can revive the "Mentor" role that we never really
finished flushing out with the GPC for this purpose?

 

I believe the process for choosing the new project leader(s) should follow
roughly the same process as creating a new project.

Specifically, the potential project lead should submit a Project Roadmap for
where they would like to take the project, their goals, an outline of
reasonable depth to show how they plan to get there, etc.

In the past, since there has not been an outpouring of people rushing to
lead an inactive project, we have not had to go through a formal evaluation
of roadmaps. But since there are multiple people vying for project
leadership, we should solicit these roadmaps and evaluate them as the
Board/GPC as appropriate.

 

I would suggest that we establish a due date and have applicants submit
their roadmap to Paulo before then. (Note I would not support posting these
roadmaps to the OWASP wiki until *after* the submission deadline to prevent
blatant copy and paste of ideas/agendas by applicants). We can review these
and choose a project leader (or two) and appoint relevant project mentors
(we should also set a date to announce this by). I personally would advocate
have fewer leaders over many --- too many cooks in the pot is just a recipe
for bogging down progress in my opinion.

 

My $0.02 (or equivalent world currency).

 

-Jason

 

On Tue, Jul 27, 2010 at 1:55 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> I already volunteered and Eoin was agreeable (since he volunteered 

> too) but if there is enough activity on the project to warrant a team 

> of leaders, that’s perfectly fine with me.

> 

> 

> 

> -Dave

> 

> 

> 

> From: dinis cruz [mailto:dinis.cruz at owasp.org]

> Sent: Tuesday, July 27, 2010 12:49 PM

> To: Paulo Coimbra

> Cc: Dave Wichers; Eoin; Andrew van der Stock; OWASP Foundation Board 

> List; Brad Causey; Jason Li; Jeff Williams; Leo Cavallari; Matt 

> Tesauro; Pravir Chandra

> 

> Subject: Re: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> Since Tom sent out his 'we need a new leader for ASVS' in Linked in:

> 

> "#3 - HELP WANTED - We are seeking a new project leader for OWASP 

> ASVS, if you want to help us change the world of application security 

> we could use your help in this volunteer role."

> http://www.linkedin.com/groupAnswers?trk=view_disc
<http://www.linkedin.com/groupAnswers?trk=view_disc&gid=36874&commentID>
&gid=36874&commentID

> =-1&viewQuestionAndAnswers=&discussionID=25691211

> 

> ...which generated a number of potential applications, we need to take 

> this oportunity to define some methodology (which Paulo is working on) 

> for leaders to be appointed to mature OWASP projects.

> 

> Given the current state of affairs, and the type of project that ASVS 

> is, we are probably looking at having a joint leadership of at least 4 

> leaders (if not 5 co-leaders to allow for majority voting)

> 

> Dinis

> 

> On 27 July 2010 16:27, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:

> 

> Dave, Eoin, Andrew, GPC and Board,

> 

> 

> 

> I am currently working on a general methodology to deal with this kind 

> of issues. I will do my best to have it concluded today. If you agree, 

> as soon as it is ready, I will send it off for your assessment.

> 

> 

> 

> Thanks,

> 

> 

> 

> Paulo Coimbra,

> 

> OWASP Project Manager

> 

> 

> 

> From: Dave Wichers [mailto:dave.wichers at owasp.org]

> Sent: terça-feira, 27 de Julho de 2010 16:27

> To: 'Eoin'

> Cc: 'Andrew van der Stock'; 'Paulo Coimbra'

> Subject: RE: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> Thanks Eoin. I appreciate your willingness to step into the breach and 

> certainly if you have any specific ideas for moving ASVS forward that 

> you want to participate in, please let me know.

> 

> 

> 

> I’ll update the wiki page to indicate who the current leader is. 

> Paulo, if you want to indicate on the leaders list that we have 

> ‘changed our mind’, please do, or I can if you like.

> 

> 

> 

> Thanks, Dave

> 

> 

> 

> From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of 

> Eoin

> Sent: Tuesday, July 27, 2010 10:57 AM

> 

> To: Dave Wichers

> Cc: Andrew van der Stock; Paulo Coimbra

> 

> Subject: Re: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> There is no transparency issue here that I see (forgive the pun)

> 

> Dave seen as you are one of the original leaders I shall give way to 

> your decision to lead this.

> 

> 

> 

> I simply did not want someone with no track record leading such an 

> important guide/checklist

> 

> 

> 

> Eoin

> 

> 

> 

> 

> 

> 

> 

> 

> 

> On 27 July 2010 14:25, Dave Wichers <dave.wichers at owasp.org> wrote:

> 

> I don’t mind transparency. Most projects are led by their lead 

> contributors and if the current lead steps aside I would certainly 

> expect the other lead contributors to be offered the position first. I 

> was on vacation last week so wasn’t really paying much attention to 

> emails. When I got back yesterday I talked it over with Jeff and 

> that’s why you first heard about this from me.

> 

> 

> 

> I certainly would love to have others like you and Eoin and Christian 

> contribute to the project if we want to move it forward somehow, and 

> if the project gets too big for me to handle, and someone like Eoin or 

> whomever wants to lead that larger effort because I chose to step 

> aside I’m OK with that too.

> 

> 

> 

> -Dave

> 

> 

> 

> From: Andrew van der Stock [mailto:vanderaj at gmail.com]

> 

> Sent: Monday, July 26, 2010 8:55 PM

> To: Dave Wichers

> Cc: 'Eoin'; 'Paulo Coimbra'

> 

> 

> 

> Subject: Re: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> Hi Dave,

> 

> 

> 

> Although in broad strokes I support your decision, I'd really like the 

> process OWASP uses to change leadership to be a bit more transparent 

> and consistent than this.

> 

> 

> 

> I know the ASVS grew out of the Aspect checklist, and realistically it 

> would be nice to have one of the original authors work on the project, 

> I just want to make sure everyone is aware of how the project is 

> changing hands and that it is as transparent as possible, and it's the 

> same process for all change overs.

> 

> 

> 

> thanks,

> 

> Andrew

> 

> 

> 

> On 27/07/2010, at 6:48 AM, Dave Wichers wrote:

> 

> 

> 

> Eoin,

> 

> 

> 

> If you don’t mind, I’ll volunteer to lead the ASVS project in Mike’s
stead.

> This project, like the Top 10 in my opinion, is something that 

> probably won’t change much except once every 2-3 years.

> 

> 

> 

> I’m one of the original authors, along with Jeff, so I figure it would 

> be best for he or I to lead it.

> 

> 

> 

> That OK with you? Regardless, did you have any specific things you 

> wanted done with the ASVS project that haven’t happened already? I’m 

> encouraging alignment of the 3 guides with ASVS already and that seems 

> to be moving forward.

> 

> 

> 

> -Dave

> 

> 

> 

> From: owasp-board-bounces at lists.owasp.org 

> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo 

> Coimbra

> 

> Sent: Friday, July 23, 2010 1:27 PM

> To: 'OWASP Foundation Board List'; 'Global Projects Committee'; 'Eoin'

> Cc: 'Andrew van der Stock'

> 

> Subject: Re: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> In terms of new leadership, is this issue solved and closed?

> 

> 

> 

> Thanks,

> 

> 

> 

> Paulo Coimbra,

> 

> OWASP Project Manager

> 

> 

> 

> From: Eoin [mailto:eoinkeary at gmail.com]

> Sent: sexta-feira, 23 de Julho de 2010 12:29

> To: Paulo Coimbra

> Cc: Global Projects Committee; Andrew van der Stock; OWASP Foundation 

> Board List

> Subject: Re: [Owasp-board] ASVS needs a new leader

> 

> 

> 

> I am happy to take a part lead role in asvs if required but ctf is 

> going to take the rest of my time.

> 

> On 23 Jul 2010 00:29, "Paulo Coimbra" <paulo.coimbra at owasp.org> wrote:

> 

> Hi Andrew,

> 

> I will - thank you for the heads-up. I had already put this issue to 

> Board's and GPC's consideration and it seems that Mike has indeed quit 

> OWASP and therefore a new ASVS's leadership is needed. Please give me 

> a couple of days to deal with the matter.

> 

> Thanks,

> 

> Paulo Coimbra,

> OWASP Project Manager

> 

> 

>> >-----Original Message-----

>> >From: Andrew van der Stock [mailto:vanderaj at gmail.com]

>> >Sent: quinta-feira, 22 de Julho de 2010 23:27

>> >To: Paulo Coimbra

>> >Subject: ASVS needs a new leader

>> >

>> >Hi Paulo,

>> >

>> >Can you also take charge of the ASVS project's leadership change. 

>> >I've only got one potential person to put their hand up, and it's 

>> >Christian Heinrich. I think for various reasons, we should try to 

>> >get more folks interested in the position.

>> >

>> >thanks,

>> >Andrew=

> 

> _______________________________________________

> Owasp-board mailing list

> Owasp-board at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/owasp-board

> 

> 

> 

> 

> --

> Eoin Keary

> OWASP Global Board Member

> OWASP Code Review Guide Lead Author

> 

> Sent from my i-Transmogrifier

> http://asg.ie/

> https://twitter.com/EoinKeary

> 

> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100727/202f0c59/attachment-0002.html>


More information about the Owasp-board mailing list