[Owasp-board] Board, please take the two issues raised seriously and spend the time

Jeff Williams jeff.williams at owasp.org
Wed Jun 2 14:18:14 UTC 2010

Dinis - I'd like to speak with you.  And maybe get mike on the line.   
When can you talk today?


Jeff Williams
Aspect Security
work: 410-707-1487
main: 301-604-4882

On Jun 2, 2010, at 8:05 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> Sorry to be blunt on this one, BUT you guys really need to focus on
> the two issues we have at hand here (OWASP Commercial Services and
> Mike B)
> I have spent quite a lot of time coming up with a working model for
> the OWASP Commercial Services and I don't fell that you are grasping
> the importance of what I have delivered.
> We spend a lot of time as the OWASP Board dealing with minor issues in
> which the lack of focus and time to spend on an issue are not that
> important (as long as there is a board member focused on it)
> BUT this time is different, If there is a reason why you are in the
> board of OWASP is to make decisions like this, and if there is a
> reason why we are here and have (so far) the trust of the community is
> because we are seen as good guardians of OWASP.
> Of course that it is not easy to take a stand! it is easier to ignore
> or threat it as a minor problem.
> Unfortunately it takes time to understand the issues and really get a
> grip on what is going on.
> On issues like these, where we go to the heart of what OWASP is, and
> how it operates, we have to have a strong grip on the events and have
> a decisive voice.
> Ultimately, it is us who have to make decisions and it is us who will
> be judged by the community!
> And if you don't have the time / balls to be involved, or the time to
> ANSWER the solutions proposed (with focused comments), then you need
> to evaluate if you can be on the OWASP Board!
> DON'T underestimate the negative effects that MIke's actions are
> having at OWASP and don't underestimate the power (for good and bad)
> of the OWASP Commercial Services model.
> My view is that we as OWASP need to sort out this commercial model
> since it is really starting to be a problem for OWASP's growth and
> credibility (I also like that solving it will push us to deal with
> other key problems like the 'Commercial attribution of Projects
> sponsorships', the 'Project sponsorship model' and a proper definition
> 'what is an active OWASP Leader and what benefits+responsibilities
> should he/she have')
> Of course that I am not a biased party here. I have spent the last 5
> months self funding the OWASP O2 Platform development and am now in a
> position where I (and O2) needs to be supported by 'compatible to
> OWASP' business models (that will continue funding its development and
> wide use at OWASP and AppSec Communities)
> Jeff, I have mentioned before that both of us (you with ESAPI and me
> with O2) are in a position to use the projects we lead to solve a big
> number of structural problems that OWASP has today. I know you are
> very busy with your other day work, so I've made the personal
> commitment to align myself professional with OWASP (via O2), and I do
> look forward to the moment where you can do the same for ESAPI.
> As board members the next steps for you are:
> 1) read the proposed model I sent for the OWASP Commercial Services
> (the original email still stands since I want to know what you think
> of all of it)
> 2) take a stand on Mike's behaviour.
> Sorry again for being hard on this issue, but these are important
> matters and OWASP needs you to focus.
> Thanks
> Dinis Cruz
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

More information about the Owasp-board mailing list