[Owasp-board] (only board) Issue with Mike B Fwd: [Owasp-leaders] Commercial Services Registry -- Live!
dinis.cruz at owasp.org
Fri May 14 00:32:58 UTC 2010
Ok, I have tried to be REALLY patient and politically correct here, but I'm
running out of arguments (and he doesn't read my answers so it is a bit
pointless to try to change his mind)
Please see the thread below and advise on the next steps.
Jeff or Dave, since Mike B is close to you, are you able to talk to him?
In the past, I was never happy with MIke B. lack respect for our community
and his 'way over the top' ASVS promotion (which was never a big issue since
ASVS never really took of), BUT this project (Commercial Services) is WAY to
critical for OWASP to continue like this, so either he changes or we have to
take over it and find a new leader.
What do you think?
---------- Forwarded message ----------
From: dinis cruz <dinis.cruz at owasp.org>
Date: 14 May 2010 01:25
Subject: Re: [Owasp-leaders] Commercial Services Registry -- Live!
To: mike.boberski at gmail.com
Mike we might need to talk this over the phone since you are not
understanding my worries and I don't think we are communicating here.
Also you are confusing the issues.
The email to the leaders list was about the case of *Training Courses around
OWASP projects*, which is an very specific variation of the bigger
'Commercial Services' database that you are working on (for example the
course's have the specific scenario of the leaders doing/selling the
training). Of course that there is overlap, and in fact, this type of
analysis is one of the things I fell is currently missing form the
Services <http://www.owasp.org/index.php/Commercial_Services> project (i.e.
we will need to do similar analysis for the other type of Comercial Services
that can be provided around OWASP Projects))
My direct email to you was about the current state of the 'Commercial
Services' page and my worries about how it is currently being presented.
Mike, I would recommend that you take a deep breath, re-read my emails and
re-think your attitude to your fellow OWASP community members.
The 'Commercial Services' initiative is a very powerful but also very
dangerous endeavour for OWASP, and we have to make sure that our community
supports it. Which means that whoever is leading the 'Commercial Services'
OWASP project (and it is a project) needs to have a LOT of sensitivity (and
diplomacy) when presenting and handling it.
*To be 100% honest with you Mike, it is great that you had the energy to
kick start the OWASP **Commercial
* project, BUT you are being to cavalier, insensitive and apparently not
aware of the massive implications (both good or bad) that this project has
*I REALLY ask you to have a change of heart and change your attitude, since
if you don't, my view is that you can't continue to lead the the OWASP
Services* <http://www.owasp.org/index.php/Commercial_Services>* project.*
Since you probably wont following my advice and will be very annoyed with
me, can I at least recommend that you have a word with Jeff about this? (I
will forward this thread to the board so he will be aware of the issue)
Hopefully we can work this out,
On 14 May 2010 00:55, Mike Boberski <mike.boberski at gmail.com> wrote:
> Let me follow up more on this.
> If you cut the legs out from under this registry before we can get at least
> some people to sign on, you'll kill it.
> Kate's not alone on vetting descriptions, we're going to work together, and
> enlist any additional help needed to get this going as smoothly as possible.
> I don't want to be a dick but your note to leaders pissed me off. Sorry.
> Should've kept chatting with me. I'm ok with discussing publicly if that's
> what you choose.
> On Thu, May 13, 2010 at 7:49 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
>> I don't understand what your objections are. If you're a defender, let's
>> continue on. Certainly we can adapt as we go with criteria. I completely
>> object to this being put into a project criteria, it is the same from an
>> OWASP perspective as jobs page.
>> On Thu, May 13, 2010 at 7:21 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>>> Mike, just to clarify something, you know that I am on the OWASP Board
>>> We have talked several times about this topic at OWASP Board meetings
>>> (and in fact I was one of the big defenders to move this forward and to try
>>> to figure out how to do this (I also have been thinking about this issue for
>>> a couple years now, have a good idea of how we could make this work, and
>>> just like you, have spoken to Jeff about it))
>>> See also below a couple more comments on your answers:
>>> On 13 May 2010 23:18, Mike Boberski <mike.boberski at gmail.com> wrote:
>>>> Hi Dinis, thanks for writing.
>>>> Right now it's being administered *exactly* like the jobs page. The
>>>> page is locked and requests go to Kate. It doesn't really fit the mold as an
>>>> OWASP project per se, is no different than the jobs page basically.
>>> I beg to differ, this is a very different beast when compared with the
>>> Jobs page (with massive good and bad implications)
>>>> So, while initially described as a "project", not really.
>>> Well OWASP projects cover a very wide range of topics and activities
>>> so although this 'initiative' is not really a tool or a document, it has the
>>> same needs for: project leader, description, mailing list, etc.. (i.e. the
>>> information we capture with the Project Informations tab)
>>> So unless you disagree, I will ask Paulo to create this project and put
>>> you and me as the project leaders (anybody else we should invite to the
>>> leadership of this project)
>>>> We're live, waiting for applications.
>>> And this is exactly my worry, I don't think this initiative is ready for
>>> prime-time since we are still quite far away from having a working model
>>> that works (and one that our community is confortable with)
>>> In fact, just the fact that we don't have any real-world data in there
>>> (i.e. real cases of companies/individuals that provide these services)
>>> justifies the use on these pages of BETA or *'we are still trying to
>>> figure out how to do this' *tags
>>>> I actually don't know your affiliation, but please do go ahead and
>>>> submit an application.
>>> I'm raising my concerns and opinions as an OWASP Board member (not as a
>>> company/individual wanting to be listed)
>>>> A Booz Allen one will be forthcoming for example, but I wasn't able to
>>>> start the company machinery until the registry was up. Will take a little
>>>> bit of time for the Booz Allen, since have to describe an approach, rather
>>>> than use a single generic already vetted description. I know a number of
>>>> other companies are in the same state based on inquiries. The example is
>>>> helpful I think to leave up for right now, it will be removed once a first
>>>> listing in each category is ready.
>>> Sure, but please take into consideration that these are not the final
>>> rules of engagement, and only as we try this out, will we be able to figure
>>> out what works (and what is accepted by our community)
>>>> While I completely appreciate that it may look like it was me on my own
>>>> based on the leaders mail list, there have been very lengthly conversations
>>>> with Jeff and Dave, I didn't just toss it up, it was only done with Jeff's
>>>> permission. This is from a certain point of view since we've not chatted on
>>>> this topic (which I'm happy to do, hopefully this email is evidence), a
>>>> culmination of more than two years of conversations with Jeff and Dave and
>>>> others, as I'd tried to stand this up in tandem with ASVS,
>>> I'm aware of that and I fully appreciate the effort you have put into
>>>> so rest assured every detail has been carefully, *painfully*, planned
>>> Where can I see this?
>>> So far I have seen the original document you sent, the emails and the FAQ
>>> on the main 'Commercial Services' page.
>>> Did I miss anything?
>>> There are a lot of unanswered questions (and I have already started to
>>> hear muthed noises/worries about this), so we really need to build up that
>>> FAQ and put as much information as possible on those WIKI Pages
>>>> We did make tweaks after the initial RFC email as well, to take into
>>>> account community input.
>>> yap I saw that.
>>> Let's make this happen :)
>>> Best regards
>>> Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board