[Owasp-board] (only board) Issue with Mike B Fwd: [Owasp-leaders] Commercial Services Registry -- Live!

dinis cruz dinis.cruz at owasp.org
Fri May 14 02:24:15 UTC 2010


(note: before you reply read my follow-up email regarding this thread (since
me and Mike spoken on the phone and sorted the main issues I was worried
about))


On 14 May 2010 01:32, dinis cruz <dinis.cruz at owasp.org> wrote:

> Ok, I have tried to be REALLY patient and politically correct here, but I'm
> running out of arguments (and he doesn't read my answers so it is a bit
> pointless to try to change his mind)
>
> Please see the thread below and advise on the next steps.
>
> Jeff or Dave, since Mike B is close to you, are you able to talk to him?
>
> In the past, I was never happy with MIke B. lack respect for our community
> and his 'way over the top' ASVS promotion (which was never a big issue since
> ASVS never really took of), BUT this project (Commercial Services) is WAY to
> critical for OWASP to continue like this, so either he changes or we have to
> take over it and find a new leader.
>
> What do you think?
>
> Dinis
>
>
> ---------- Forwarded message ----------
> From: dinis cruz <dinis.cruz at owasp.org>
> Date: 14 May 2010 01:25
> Subject: Re: [Owasp-leaders] Commercial Services Registry -- Live!
> To: mike.boberski at gmail.com
>
>
> Mike we might need to talk this over the phone since you are not
> understanding my worries and I don't think we are communicating here.
>
> Also you are confusing the issues.
>
> The email to the leaders list was about the case of *Training Courses
> around OWASP projects*, which is an very specific variation of the bigger
> 'Commercial Services' database that you are working on (for example the
> course's have the specific scenario of the leaders doing/selling the
> training). Of course that there is overlap, and in fact, this type of
> analysis is one of the things I fell is currently missing form the OWASP Commercial
> Services <http://www.owasp.org/index.php/Commercial_Services> project
> (i.e. we will need to do similar analysis for the other type of Comercial
> Services that can be provided around OWASP Projects))
>
> My direct email to you was about the current state of the 'Commercial
> Services' page and my worries about how it is currently being presented.
>
> Mike, I would recommend that you take a deep breath, re-read my emails and
> re-think your attitude to your fellow OWASP community members.
>
> The 'Commercial Services' initiative is a very powerful but also very
> dangerous endeavour for OWASP, and we have to make sure that our community
> supports it. Which means that whoever is leading the 'Commercial Services'
> OWASP project (and it is a project) needs to have a LOT of sensitivity (and
> diplomacy) when presenting and handling it.
>
> *To be 100% honest with you Mike, it is great that you had the energy to
> kick start the OWASP **Commercial Services*<http://www.owasp.org/index.php/Commercial_Services>
> * project, BUT you are being to cavalier, insensitive and apparently not
> aware of the massive implications (both good or bad) that this project has
> for OWASP.*
> *
> *
> *I REALLY ask you to have a change of heart and change your attitude,
> since if you don't, my view is that you can't continue to lead the
> the OWASP **Commercial Services*<http://www.owasp.org/index.php/Commercial_Services>
> * project.*
>
> Since you probably wont following my advice and will be very annoyed with
> me, can I at least recommend that you have a word with Jeff about this? (I
> will forward this thread to the board so he will be aware of the issue)
>
> Hopefully we can work this out,
>
> Best regards
>
> Dinis Cruz
>
>
>
> On 14 May 2010 00:55, Mike Boberski <mike.boberski at gmail.com> wrote:
>
>> Let me follow up more on this.
>>
>> If you cut the legs out from under this registry before we can get at
>> least some people to sign on, you'll kill it.
>>
>> Kate's not alone on vetting descriptions, we're going to work together,
>> and enlist any additional help needed to get this going as smoothly as
>> possible.
>>
>> I don't want to be a dick but your note to leaders pissed me off. Sorry.
>> Should've kept chatting with me. I'm ok with discussing publicly if that's
>> what you choose.
>>
>>  Mike
>>
>>
>>
>> On Thu, May 13, 2010 at 7:49 PM, Mike Boberski <mike.boberski at gmail.com>wrote:
>>
>>> I don't understand what your objections are. If you're a defender, let's
>>> continue on. Certainly we can adapt as we go with criteria. I completely
>>> object to this being put into a project criteria, it is the same from an
>>> OWASP perspective as jobs page.
>>>
>>> Mike
>>>
>>>
>>>
>>> On Thu, May 13, 2010 at 7:21 PM, dinis cruz <dinis.cruz at owasp.org>wrote:
>>>
>>>> Mike, just to clarify something, you know that I am on the OWASP Board
>>>> right?
>>>>
>>>> We have talked several times about this topic at OWASP Board meetings
>>>> (and in fact I was one of the big defenders to move this forward and to try
>>>> to figure out how to do this (I also have been thinking about this issue for
>>>> a couple years now, have a good idea of how we could make this work, and
>>>> just like you, have spoken to Jeff about it))
>>>>
>>>> See also below a couple more comments on your answers:
>>>>
>>>> On 13 May 2010 23:18, Mike Boberski <mike.boberski at gmail.com> wrote:
>>>>
>>>>> Hi Dinis, thanks for writing.
>>>>>
>>>>> Right now it's being administered *exactly* like the jobs page. The
>>>>> page is locked and requests go to Kate. It doesn't really fit the mold as an
>>>>> OWASP project per se, is no different than the jobs page basically.
>>>>>
>>>>
>>>> I beg to differ, this is a very different beast when compared with the
>>>> Jobs page (with massive good and bad implications)
>>>>
>>>>
>>>>> So, while initially described as a "project", not really.
>>>>>
>>>>
>>>> Well OWASP projects cover a very wide range of topics and activities
>>>> so although this 'initiative' is not really a tool or a document, it has the
>>>> same needs for: project leader, description, mailing list, etc.. (i.e. the
>>>> information we capture with the Project Informations tab)
>>>>
>>>>
>>>> So unless you disagree, I will ask Paulo to create this project and put
>>>> you and me as the project leaders (anybody else we should invite to the
>>>> leadership of this project)
>>>>
>>>>
>>>>>
>>>>> We're live, waiting for applications.
>>>>>
>>>>
>>>> And this is exactly my worry, I don't think this initiative is ready for
>>>> prime-time since we are still quite far away from having a working model
>>>> that works (and one that our community is confortable with)
>>>>
>>>> In fact, just the fact that we don't have any real-world data in there
>>>> (i.e. real cases of companies/individuals that provide these services)
>>>> justifies the use on these pages of BETA or *'we are still trying to
>>>> figure out how to do this' *tags
>>>>
>>>>
>>>>> I actually don't know your affiliation, but please do go ahead and
>>>>> submit an application.
>>>>>
>>>>
>>>> I'm raising my concerns and opinions as an OWASP Board member (not as a
>>>> company/individual wanting to be listed)
>>>>
>>>>
>>>>> A Booz Allen one will be forthcoming for example, but I wasn't able to
>>>>> start the company machinery until the registry was up. Will take a little
>>>>> bit of time for the Booz Allen, since have to describe an approach, rather
>>>>> than use a single generic already vetted description. I know a number of
>>>>> other companies are in the same state based on inquiries. The example is
>>>>> helpful I think to leave up for right now, it will be removed once a first
>>>>> listing in each category is ready.
>>>>>
>>>>
>>>> Sure, but please take into consideration that these are not the final
>>>> rules of engagement, and only as we try this out, will we be able to figure
>>>> out what works (and what is accepted by our community)
>>>>
>>>>>
>>>>> While I completely appreciate that it may look like it was me on my own
>>>>> based on the leaders mail list, there have been very lengthly conversations
>>>>> with Jeff and Dave, I didn't just toss it up, it was only done with Jeff's
>>>>> permission. This is from a certain point of view since we've not chatted on
>>>>> this topic (which I'm happy to do, hopefully this email is evidence), a
>>>>> culmination of more than two years of conversations with Jeff and Dave and
>>>>> others, as I'd tried to stand this up in tandem with ASVS,
>>>>>
>>>>
>>>> I'm aware of that and I fully appreciate the effort you have put into
>>>> this.
>>>>
>>>>
>>>>>  so rest assured every detail has been carefully, *painfully*, planned
>>>>> out.
>>>>>
>>>>
>>>> Where can I see this?
>>>>
>>>> So far I have seen the original document you sent, the emails and the
>>>> FAQ on the main 'Commercial Services' page.
>>>>
>>>> Did I miss anything?
>>>>
>>>> There are a lot of unanswered questions (and I have already started to
>>>> hear muthed noises/worries about this), so we really need to build up that
>>>> FAQ and put as much information as possible on those WIKI Pages
>>>>
>>>>
>>>>> We did make tweaks after the initial RFC email as well, to take into
>>>>> account community input.
>>>>>
>>>>
>>>> yap I saw that.
>>>>
>>>> Let's make this happen :)
>>>>
>>>> Best regards
>>>>
>>>> Dinis Cruz
>>>>
>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100514/593174ce/attachment-0002.html>


More information about the Owasp-board mailing list