[Owasp-board] ASVS needs a new leader

Paulo Coimbra paulo.coimbra at owasp.org
Wed Jul 28 16:46:04 UTC 2010


All,

 

I’ve finished a first draft of the wiki templates to deal with the necessity
of replacing ASVS’s leadership and I am sending it off for your review.

 

http://www.owasp.org/index.php/Request_For_Proposals/Seeking_New_Project_Lea
der_For/ASVS

 

Since nobody has refuted Dinis arguments, I’ve opted for open roadmaps.

 

Also, I’ve deliberately not proposed a submission deadline date because
Christian (Google Hacking project leader), when commenting on this issue,
said that “If OWASP wants the inquiry to appear fair then I would recommend
that the decision for the ASVS Project Leader be deferred until after the
inquiry then” and nobody answered back saying otherwise.

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: dinis cruz [mailto:dinis.cruz at owasp.org] 
Sent: quarta-feira, 28 de Julho de 2010 06:43
To: Jason Li
Cc: Paulo Coimbra; Dave Wichers; Eoin; Andrew van der Stock; OWASP
Foundation Board List; Brad Causey; Jeff Williams; Leo Cavallari; Matt
Tesauro; Pravir Chandra; Tom Brennan; Sebastien Deleersnyder
Subject: Re: [Owasp-board] ASVS needs a new leader

 

My experience in having applications posted on the wiki (for example what
happened between the first version of the Season of Code and the 2nd one) is
that the extra visibililty provided by having the entire application online
has one great side effect: it raises the bar of all applicants (I know that
this case is a bit different BUT there are lot of similarities).

I don't think that the scenario that you are presenting a very real. My
expectation is that good solid applicants will be able to present solid
proposals, regardless if they are the first, 2nd or last.

I like the fact that everything is open and transparent (which will make the
decision making much easier) and, somebody that just comes and say "I will
do all that the previous ones have proposed" would not get our vote. 

Again my experience with OWASP has showned me that it is very hard to abuse
open models like this, and that that very openess is brutal to applicants
that are not well prepared and don't spend enough time preparing its
presentation.

Since part of the objective here is also to generate good ideas for this
project, having all info public would also encourage a nice healthy debate
about where it should be going.

Remember that this is an active and quite mature project, so I don't expect
massive Roadmaps in terms of what the project should become in the future
(i.e. I would expect ideas on how the applicant undertands the current state
of the project and what areas he/she feels confortable in tacking in the
near future)

Finally, remember that we want to get as much talent as possible into this
project, so even in the case where we have 10 proposals and 3 of them are
really good (i.e. way above the rest), then my view is that we should put
those 3 as co-leaders.

Dinis Cruz



On 27 July 2010 21:45, Jason Li <jason.li at owasp.org> wrote:

Dinis - I don't see any advantage to exposing the proposed roadmaps early.

The proposed roadmaps will of course be opened eventually - I'm not
proposing a closed selection process. Just waiting until after the
submission deadline.

Otherwise, publicly posting roadmaps before the submission deadline
just encourages plagiarism and favors the person who waits until the
last minute and aggregates everyone else's good ideas.

-Jason


On Tue, Jul 27, 2010 at 4:31 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:
> I was precisely on my way to create a couple of wiki templates to
articulate
> a process that seems to me very similar to what Jason is proposing.
>
>
>
> I’ve started off on the newly created ‘request for services template’ and
> was thinking in the following tabs:
>
>
>
> -          Request For Proposals – (Project  Leadership need description)
>
> -          Applications (Applicant name + Roadmap)
>
> -          GPC’s recommendation
>
> -          OWASP Board’s decision.
>
>
>
> I have already talked with Dinis and while I support Jason’s vision that
we
> should only be ‘posting these roadmaps to the OWASP wiki until *after* the
> submission deadline’, he disagrees.
>
>
>
> http://www.owasp.org/index.php/Seeking_New_Project_Leader_For/ASVS
>
>
>
>
http://www.owasp.org/index.php/OWASP_Request_for_Proposals/Training_Manager
>
>
>
> Thanks,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> From: li.jason.c at gmail.com [mailto:li.jason.c at gmail.com] On Behalf Of
Jason
> Li
> Sent: terça-feira, 27 de Julho de 2010 21:05
> To: Dave Wichers
> Cc: dinis cruz; Paulo Coimbra; Eoin; Andrew van der Stock; OWASP
Foundation
> Board List; Brad Causey; Jeff Williams; Leo Cavallari; Matt Tesauro;
Pravir
> Chandra
>
> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>
>
> *Because* it's such a flagship project, I personally think that it would
be
> a good idea to get someone from outside the Board and the global
committees
> to lead the ASVS. I think it's important to show that becoming a big
project
> leader @ OWASP is not tied to being in the exclusive Board/Committee club.
>
>
>
> Obviously we need to balance the need to ensure quality in one of our
> flagship projects, and certainly original authors and contributors should
> stay involved. Perhaps we can revive the "Mentor" role that we never
really
> finished flushing out with the GPC for this purpose?
>
>
>
> I believe the process for choosing the new project leader(s) should follow
> roughly the same process as creating a new project.
>
> Specifically, the potential project lead should submit a Project Roadmap
for
> where they would like to take the project, their goals, an outline of
> reasonable depth to show how they plan to get there, etc.
>
> In the past, since there has not been an outpouring of people rushing to
> lead an inactive project, we have not had to go through a formal
evaluation
> of roadmaps. But since there are multiple people vying for project
> leadership, we should solicit these roadmaps and evaluate them as the
> Board/GPC as appropriate.
>
>
>
> I would suggest that we establish a due date and have applicants submit
> their roadmap to Paulo before then. (Note I would not support posting
these
> roadmaps to the OWASP wiki until *after* the submission deadline to
prevent
> blatant copy and paste of ideas/agendas by applicants). We can review
these
> and choose a project leader (or two) and appoint relevant project mentors
> (we should also set a date to announce this by). I personally would
advocate
> have fewer leaders over many --- too many cooks in the pot is just a
recipe
> for bogging down progress in my opinion.
>
>
>
> My $0.02 (or equivalent world currency).
>
>
>
> -Jason
>
>
>
> On Tue, Jul 27, 2010 at 1:55 PM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
>
>> I already volunteered and Eoin was agreeable (since he volunteered
>
>> too) but if there is enough activity on the project to warrant a team
>
>> of leaders, that’s perfectly fine with me.
>
>>
>
>>
>
>>
>
>> -Dave
>
>>
>
>>
>
>>
>
>> From: dinis cruz [mailto:dinis.cruz at owasp.org]
>
>> Sent: Tuesday, July 27, 2010 12:49 PM
>
>> To: Paulo Coimbra
>
>> Cc: Dave Wichers; Eoin; Andrew van der Stock; OWASP Foundation Board
>
>> List; Brad Causey; Jason Li; Jeff Williams; Leo Cavallari; Matt
>
>> Tesauro; Pravir Chandra
>
>>
>
>> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> Since Tom sent out his 'we need a new leader for ASVS' in Linked in:
>
>>
>
>> "#3 - HELP WANTED - We are seeking a new project leader for OWASP
>
>> ASVS, if you want to help us change the world of application security
>
>> we could use your help in this volunteer role."
>
>> http://www.linkedin.com/groupAnswers?trk=view_disc
<http://www.linkedin.com/groupAnswers?trk=view_disc&gid=36874&commentID>
&gid=36874&commentID
>
>> =-1&viewQuestionAndAnswers=&discussionID=25691211
>
>>
>
>> ...which generated a number of potential applications, we need to take
>
>> this oportunity to define some methodology (which Paulo is working on)
>
>> for leaders to be appointed to mature OWASP projects.
>
>>
>
>> Given the current state of affairs, and the type of project that ASVS
>
>> is, we are probably looking at having a joint leadership of at least 4
>
>> leaders (if not 5 co-leaders to allow for majority voting)
>
>>
>
>> Dinis
>
>>
>
>> On 27 July 2010 16:27, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:
>
>>
>
>> Dave, Eoin, Andrew, GPC and Board,
>
>>
>
>>
>
>>
>
>> I am currently working on a general methodology to deal with this kind
>
>> of issues. I will do my best to have it concluded today. If you agree,
>
>> as soon as it is ready, I will send it off for your assessment.
>
>>
>
>>
>
>>
>
>> Thanks,
>
>>
>
>>
>
>>
>
>> Paulo Coimbra,
>
>>
>
>> OWASP Project Manager
>
>>
>
>>
>
>>
>
>> From: Dave Wichers [mailto:dave.wichers at owasp.org]
>
>> Sent: terça-feira, 27 de Julho de 2010 16:27
>
>> To: 'Eoin'
>
>> Cc: 'Andrew van der Stock'; 'Paulo Coimbra'
>
>> Subject: RE: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> Thanks Eoin. I appreciate your willingness to step into the breach and
>
>> certainly if you have any specific ideas for moving ASVS forward that
>
>> you want to participate in, please let me know.
>
>>
>
>>
>
>>
>
>> I’ll update the wiki page to indicate who the current leader is.
>
>> Paulo, if you want to indicate on the leaders list that we have
>
>> ‘changed our mind’, please do, or I can if you like.
>
>>
>
>>
>
>>
>
>> Thanks, Dave
>
>>
>
>>
>
>>
>
>> From: eoinkeary at gmail.com [mailto:eoinkeary at gmail.com] On Behalf Of
>
>> Eoin
>
>> Sent: Tuesday, July 27, 2010 10:57 AM
>
>>
>
>> To: Dave Wichers
>
>> Cc: Andrew van der Stock; Paulo Coimbra
>
>>
>
>> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> There is no transparency issue here that I see (forgive the pun)
>
>>
>
>> Dave seen as you are one of the original leaders I shall give way to
>
>> your decision to lead this.
>
>>
>
>>
>
>>
>
>> I simply did not want someone with no track record leading such an
>
>> important guide/checklist
>
>>
>
>>
>
>>
>
>> Eoin
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>>
>
>> On 27 July 2010 14:25, Dave Wichers <dave.wichers at owasp.org> wrote:
>
>>
>
>> I don’t mind transparency. Most projects are led by their lead
>
>> contributors and if the current lead steps aside I would certainly
>
>> expect the other lead contributors to be offered the position first. I
>
>> was on vacation last week so wasn’t really paying much attention to
>
>> emails. When I got back yesterday I talked it over with Jeff and
>
>> that’s why you first heard about this from me.
>
>>
>
>>
>
>>
>
>> I certainly would love to have others like you and Eoin and Christian
>
>> contribute to the project if we want to move it forward somehow, and
>
>> if the project gets too big for me to handle, and someone like Eoin or
>
>> whomever wants to lead that larger effort because I chose to step
>
>> aside I’m OK with that too.
>
>>
>
>>
>
>>
>
>> -Dave
>
>>
>
>>
>
>>
>
>> From: Andrew van der Stock [mailto:vanderaj at gmail.com]
>
>>
>
>> Sent: Monday, July 26, 2010 8:55 PM
>
>> To: Dave Wichers
>
>> Cc: 'Eoin'; 'Paulo Coimbra'
>
>>
>
>>
>
>>
>
>> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> Hi Dave,
>
>>
>
>>
>
>>
>
>> Although in broad strokes I support your decision, I'd really like the
>
>> process OWASP uses to change leadership to be a bit more transparent
>
>> and consistent than this.
>
>>
>
>>
>
>>
>
>> I know the ASVS grew out of the Aspect checklist, and realistically it
>
>> would be nice to have one of the original authors work on the project,
>
>> I just want to make sure everyone is aware of how the project is
>
>> changing hands and that it is as transparent as possible, and it's the
>
>> same process for all change overs.
>
>>
>
>>
>
>>
>
>> thanks,
>
>>
>
>> Andrew
>
>>
>
>>
>
>>
>
>> On 27/07/2010, at 6:48 AM, Dave Wichers wrote:
>
>>
>
>>
>
>>
>
>> Eoin,
>
>>
>
>>
>
>>
>
>> If you don’t mind, I’ll volunteer to lead the ASVS project in Mike’s
>> stead.
>
>> This project, like the Top 10 in my opinion, is something that
>
>> probably won’t change much except once every 2-3 years.
>
>>
>
>>
>
>>
>
>> I’m one of the original authors, along with Jeff, so I figure it would
>
>> be best for he or I to lead it.
>
>>
>
>>
>
>>
>
>> That OK with you? Regardless, did you have any specific things you
>
>> wanted done with the ASVS project that haven’t happened already? I’m
>
>> encouraging alignment of the 3 guides with ASVS already and that seems
>
>> to be moving forward.
>
>>
>
>>
>
>>
>
>> -Dave
>
>>
>
>>
>
>>
>
>> From: owasp-board-bounces at lists.owasp.org
>
>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo
>
>> Coimbra
>
>>
>
>> Sent: Friday, July 23, 2010 1:27 PM
>
>> To: 'OWASP Foundation Board List'; 'Global Projects Committee'; 'Eoin'
>
>> Cc: 'Andrew van der Stock'
>
>>
>
>> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> In terms of new leadership, is this issue solved and closed?
>
>>
>
>>
>
>>
>
>> Thanks,
>
>>
>
>>
>
>>
>
>> Paulo Coimbra,
>
>>
>
>> OWASP Project Manager
>
>>
>
>>
>
>>
>
>> From: Eoin [mailto:eoinkeary at gmail.com]
>
>> Sent: sexta-feira, 23 de Julho de 2010 12:29
>
>> To: Paulo Coimbra
>
>> Cc: Global Projects Committee; Andrew van der Stock; OWASP Foundation
>
>> Board List
>
>> Subject: Re: [Owasp-board] ASVS needs a new leader
>
>>
>
>>
>
>>
>
>> I am happy to take a part lead role in asvs if required but ctf is
>
>> going to take the rest of my time.
>
>>
>
>> On 23 Jul 2010 00:29, "Paulo Coimbra" <paulo.coimbra at owasp.org> wrote:
>
>>
>
>> Hi Andrew,
>
>>
>
>> I will - thank you for the heads-up. I had already put this issue to
>
>> Board's and GPC's consideration and it seems that Mike has indeed quit
>
>> OWASP and therefore a new ASVS's leadership is needed. Please give me
>
>> a couple of days to deal with the matter.
>
>>
>
>> Thanks,
>
>>
>
>> Paulo Coimbra,
>
>> OWASP Project Manager
>
>>
>
>>
>
>>> >-----Original Message-----
>
>>> >From: Andrew van der Stock [mailto:vanderaj at gmail.com]
>
>>> >Sent: quinta-feira, 22 de Julho de 2010 23:27
>
>>> >To: Paulo Coimbra
>
>>> >Subject: ASVS needs a new leader
>
>>> >
>
>>> >Hi Paulo,
>
>>> >
>
>>> >Can you also take charge of the ASVS project's leadership change.
>
>>> >I've only got one potential person to put their hand up, and it's
>
>>> >Christian Heinrich. I think for various reasons, we should try to
>
>>> >get more folks interested in the position.
>
>>> >
>
>>> >thanks,
>
>>> >Andrew=
>
>>
>
>> _______________________________________________
>
>> Owasp-board mailing list
>
>> Owasp-board at lists.owasp.org
>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>>
>
>>
>
>>
>
>>
>
>> --
>
>> Eoin Keary
>
>> OWASP Global Board Member
>
>> OWASP Code Review Guide Lead Author
>
>>
>
>> Sent from my i-Transmogrifier
>
>> http://asg.ie/
>
>> https://twitter.com/EoinKeary
>
>>
>
>>

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100728/c0d48775/attachment-0002.html>


More information about the Owasp-board mailing list