[Owasp-board] Board, please take the two issues raised seriously and spend the time
dinis.cruz at owasp.org
Wed Jun 2 14:31:16 UTC 2010
I can speak anytime today but 9pm to 10pm (London time)
On 2 June 2010 15:18, Jeff Williams <jeff.williams at owasp.org> wrote:
> Dinis - I'd like to speak with you. And maybe get mike on the line. When
> can you talk today?
> Jeff Williams
> Aspect Security
> work: 410-707-1487
> main: 301-604-4882
> On Jun 2, 2010, at 8:05 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
> Sorry to be blunt on this one, BUT you guys really need to focus on
>> the two issues we have at hand here (OWASP Commercial Services and
>> Mike B)
>> I have spent quite a lot of time coming up with a working model for
>> the OWASP Commercial Services and I don't fell that you are grasping
>> the importance of what I have delivered.
>> We spend a lot of time as the OWASP Board dealing with minor issues in
>> which the lack of focus and time to spend on an issue are not that
>> important (as long as there is a board member focused on it)
>> BUT this time is different, If there is a reason why you are in the
>> board of OWASP is to make decisions like this, and if there is a
>> reason why we are here and have (so far) the trust of the community is
>> because we are seen as good guardians of OWASP.
>> Of course that it is not easy to take a stand! it is easier to ignore
>> or threat it as a minor problem.
>> Unfortunately it takes time to understand the issues and really get a
>> grip on what is going on.
>> On issues like these, where we go to the heart of what OWASP is, and
>> how it operates, we have to have a strong grip on the events and have
>> a decisive voice.
>> Ultimately, it is us who have to make decisions and it is us who will
>> be judged by the community!
>> And if you don't have the time / balls to be involved, or the time to
>> ANSWER the solutions proposed (with focused comments), then you need
>> to evaluate if you can be on the OWASP Board!
>> DON'T underestimate the negative effects that MIke's actions are
>> having at OWASP and don't underestimate the power (for good and bad)
>> of the OWASP Commercial Services model.
>> My view is that we as OWASP need to sort out this commercial model
>> since it is really starting to be a problem for OWASP's growth and
>> credibility (I also like that solving it will push us to deal with
>> other key problems like the 'Commercial attribution of Projects
>> sponsorships', the 'Project sponsorship model' and a proper definition
>> 'what is an active OWASP Leader and what benefits+responsibilities
>> should he/she have')
>> Of course that I am not a biased party here. I have spent the last 5
>> months self funding the OWASP O2 Platform development and am now in a
>> position where I (and O2) needs to be supported by 'compatible to
>> OWASP' business models (that will continue funding its development and
>> wide use at OWASP and AppSec Communities)
>> Jeff, I have mentioned before that both of us (you with ESAPI and me
>> with O2) are in a position to use the projects we lead to solve a big
>> number of structural problems that OWASP has today. I know you are
>> very busy with your other day work, so I've made the personal
>> commitment to align myself professional with OWASP (via O2), and I do
>> look forward to the moment where you can do the same for ESAPI.
>> As board members the next steps for you are:
>> 1) read the proposed model I sent for the OWASP Commercial Services
>> (the original email still stands since I want to know what you think
>> of all of it)
>> 2) take a stand on Mike's behaviour.
>> Sorry again for being hard on this issue, but these are important
>> matters and OWASP needs you to focus.
>> Dinis Cruz
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board