[Owasp-board] IMPORTANT: Proposed (revised) model for the 'OWASP Commercial Services' pages

Tom Brennan - OWASP tomb at owasp.org
Tue Jun 1 12:08:41 UTC 2010

Great clarrification, good framework.

Has this draft been shared with mike yet? Perhaps we should share  
this, request his proposal in a similar write up and then invite him  
to the next board meeting to compare models "open" and a final vote on  
the topic after hearing both sides. Typically this would be a GPC focus.

Might be politically correct, but we want to encourage volenteerism  
and use this as another example of how OWASP really works.

On Jun 1, 2010, at 4:49 AM, Eoin <eoin.keary at owasp.org> wrote:

> Dinis/Board,
> also as discussed in London,
> There needs to be minimum number of feedback entries (3 or so?)  
> before any feedback is posted to ensure fairness and avoid targeted  
> emotive reviews.
> Eoin
> On 31 May 2010 20:17, dinis cruz <dinis.cruz at owasp.org> wrote:
> Board
> After much discussion with a lot of OWASP leaders (both online and  
> personally) and after receiving a lot of direct comments/worries  
> about how it was currently being set-up (and lead), I think we (the  
> OWASP Leaders in London last week) have come up with a model that  
> should work, and is VERY compatible with OWASP values and focus on  
> visibility.
> Here are the proposed model (read it twice (since the first couple  
> Articles will only really make sense the 2nd time round :)  )
> ------------------------------
> Article 1: The OWASP Commercial Services (hosted at http://www.owasp.org/index.php/Commercial_Services 
> ) is a service provided by OWASP to its community aimed at:
>                         a) exposing the OWASP Community to companies  
> providing commercial services (good or bad) around one or more OWASP  
> Projects (Tools or Documents)
>                         b) reward companies, individuals or OWASP  
> Leaders that provide successful commercial (i.e. paid for) services  
> around OWASP Projects (with the hope that this will create a  
> positive investment cycle that will greatly benefit those OWASP  
> Projects and community)
> Article 2: The Companies or Individuals providing these commercial  
> services ARE NOT ALLOWED to post on the 'OWASP Commercial Services'  
> area any details about the services they currently provide
> Article 3: The only 'entities' that ARE ALLOWED to post on the  
> 'OWASP Commercial Services' area are existing OWASP Members who are/ 
> were CLIENTS of those services, and who, ON THE RECORD, have to  
> provide a comment (good or bad) about the services they receive.
> Article 4: The Companies or Individuals providing these commercial  
> services ARE ALLOWED to comment on the comments made about them  
> (i.e. from Article 3.)
> Article 5: ONLY the OWASP Project/Chapter Leaders ARE ALLOWED, at  
> their discretion, good taste and common sense, to regularly  
> communicate (i.e. advertise) to THEIR PROJECT MAILING LIST the  
> commercial services provided around their project/chapter
> Article 6: There will be very clear points of contact for the  
> reporting of any abuses on the 'OWASP Commercial Services' model  
> (which optionally can be made anonymously). Any reports will will be  
> investigated by a team made of several OWASP Committee and Board  
> members, with their findings and recommendations acted upon.
> Article 7: The first phase of the 'OWASP Commercial Services' will  
> be implemented on top of the existing OWASP Website engine (i.e.  
> MediaWiki) and as the transaction volume grows, and if needed, the  
> service will move to a more powerful community/social web solution
> ------------------------------
> And that's it :)
> Here is what I like about this model and the problems it solves/ 
> prevents:
> it puts our community at the heard of this service in a way they  
> they also have a lot to benefit from its existence (in fact, we do  
> this right and some companies could even join because of this)
> It only allows existing and (hopefully) successful commercial  
> deliveries of 'OWASP Projects related services' to be listed (i.e.  
> there is a hard requirement that the listings start with a 'real  
> world' delivery of one of these services)
> prevents the proactive existence  of 'Marketing Speak', of the  
> tendency to write a 'Super list of ALL potential OWASP related  
> services provided by Company XYZ' and (more importantly) the  
> exaggeration of the type of services provided
> It creates a way for our projects/chapter leaders to advertise to  
> their communities the services being provided around their project  
> (including the ones they (the project leader) are providing and  
> delivering)
> The room for abuse is quite limited by the fact that everything is  
> on the record (although we have to leave an obvious open channel   
> for direct reports on such abuses)
> The fact that we put the onus of managing these commercial  
> communities on the project/chapter leader (or whoever he delegates  
> to), creates a nice 'self protecting system'. This happens because  
> the project/chapter leaders are 'by design' pressured to have an  
> independent and balance opinion/position (since if he/she abuses his/ 
> her community he/she will be killing it)
> finally if we get this right, we should see a huge increase in the  
> number of OWASP Leaders being directly paid to work on OWASP  
> projects, which has to be a good thing :)
> What do you think?
> Lets see if we can get a consensus from the board on this one, so  
> that we can present this to the owasp-leaders and, vote on it at the  
> OWASP Board meeting next week.
> (Btw, I just called Mike Boberski to explain him this 'revised'  
> model and he was NOT happy with this model, but that is the topic  
> for another email)
> Dinis Cruz
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> -- 
> Eoin Keary
> OWASP Global Board Member
> OWASP Code Review Guide Lead Author
> http://asg.ie/
> https://twitter.com/EoinKeary
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100601/c259236a/attachment-0002.html>

More information about the Owasp-board mailing list