[Owasp-board] (removing myself from the process) Re: Core Purpose Submissions

dinis cruz dinis.cruz at owasp.org
Fri Jan 21 13:41:47 UTC 2011

never and it should never be that, but If I'm not contributing or adding
value I should not be involved

Dinis Cruz

On 21 January 2011 13:23, Thomas Brennan <tomb at owasp.org> wrote:

> Dinis, when did we start calling OWASP "ODinis"
> On Jan 21, 2011, at 7:56 AM, Seba wrote:
> Dinis,
> That's not really fair: you are criticizing the values we have reached thus
> far and removing yourself from the process to discuss them?
> --Seba
> On Fri, Jan 21, 2011 at 11:38 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> Hi Richard (and the rest of the board)
>> As you probably noticed* I have not been involved in this process* for
>> the past weeks/month. Although I am hyper busy with the planning of the
>> OWASP Summit and my work commitments,* the main reason is that I don't
>> agree with the current direction *(that this exercise is taking)* and
>> that the final outcome is going to be much smaller/valuable than it could be
>> *.
>> Sorry I just can't commit energy and ideas to a process I don't believe
>> in, and one were the other side is not listening. Yes I know I could had
>> been much more vocal, but I did raise a number of concerns and did spend
>> almost 1h on the phone with Richard last December.
>> *For me the core problem is that Richard doesn't understand Open Source*
>> *and *(more specifically/importantly) *Open Source Communities*. I did
>> try to explain this to Richard (and other board members I spoke to) that
>> *unless we separated from the 'values discussion' the core values that
>> are intrinsic to ANY (decent) Open Source Community (like OWASP), we would
>> end up with a subset of values from those Communities, AND even worse, no
>> values about what make OWASP OWASP.*
>> Just look at http://www.owasp.org/index.php/Core_Values_and_Definitions and
>> tell me if you honestly believe that those 4 items are anywhere close from
>> representing the number of values that everyday are at play inside our
>> community (aren't some of the ones that we removed from there as
>> important?). Also, I would like to understand how any Open Source community
>> can BE an open source community if it is not GLOBAL (since being GLOBAL is
>> part of the open source 'definition')
>> *I guess what push me over the edge was when I realized that Richard
>> didn't even understand that an Open Source license, means that the Source
>> code is* (amongst other things) *freely available* (Yes, Richard, I know
>> it is a very alien concept for a lot of other industries, but in the Open
>> Source world, we freely distribute and open our most
>> valuable intellectual property asset: The Source Code).
>> The other problem is that I was hoping that our values could be used to
>> deal swiftly with ideas from certain parts of our Community that would be
>> against our current 'undocumented' culture/values. For example, the NDA
>> requirement/idea from the Industry Committee (via Yiannis). My hope was that
>> once such question would arise, it could be stopped almost immediately by
>> pointing to our values. This didn't happen, in fact the NDA question CAME
>> from the thread talking about OWASP's values!
>> *In fact, have we even asked the question: "Why we need these values?".*
>> *
>> *
>> *What are the use cases (or questions that need answers) where the
>> 'values definition' (and all the other bits) are needed? *
>> Shouldn't we have created by now a list of questions whose answer would
>> come by making reference to the 'owasp values'? (my recommendation for the
>> ones that will complete this exercise with Richard is that you do such a
>> thing, For example looking at
>> http://www.owasp.org/index.php/Core_Values_and_Definitions I can use
>> those Values to make the case/argument that the OWASP Industry Committee
>> should be allowed to sign NDAs so it can have 'more in-depth' conversations
>> with other organizations (lets ignore for now how impossible that would be
>> to actually implement in practice).
>> Other questions that should be quickly dealt by values our should be:
>>    - OWASP & Certification
>>    - use/abuse of OWASP Brand
>>    - employment strategies for OWASP
>>    - how OWASP invests its funds
>>    - how OWASP assigns/removes its leaders
>>    - how OWASP deals with conflict
>>    - how OWASP manages its projects
>>    - how OWASP deals with the WebAppSec industry vendors
>>    - how OWASP deals with government body
>>    - should OWASP provide 'labels' for applications
>>    - what is the role of the OWASP Board
>>    - who is the guardian of OWASP's values
>>    - what is the role of OWASP's community
>>    - how important to OWASP are events like the Summit
>>    - etc.....
>> For me a good 'Values' definition would provide very strong directions on
>> each one of those questions (and 'directions' which would currently match
>> our community understanding of our 'undocumented' OWASP's values)
>> *Just to be clear*, and so that I don't have to find excuses NOT to make
>> these calls (although for the past two weeks I DID had a client call booked
>> during that time), *I am removing myself from this process.*
>> I'm sure you guys will be able to finish it just fine, and in the end will
>> create an interesting document which will be a good starting point for
>> debate for our community.
>> And, if you fell you will have something ready by the Summit, then lets
>> add a Working Session for it
>> Good luck
>> Dinis Cruz
>> On 18 January 2011 17:24, Richard Tesauro <tesauros at mac.com> wrote:
>>> The Core Purpose submissions from Tom, Matt, Seba, Eoin and Jeff offer a
>>> productive discussion and Board call this Friday. The submissions will be
>>> post on the TMC wiki page shortly. A call agenda will be emailed later by
>>> Kate.
>>>  Enjoy your day,
>>> Richard A. (Dick) Tesauro
>>> President and Founder
>>> *Tesauro Management Counselors (TMC)*
>>> *Trusted Advisor and Catalyst*
>>> *
>>> Helping Leaders Create Enduring, Growing, "Great" Organizations
>>> *
>>> 3124 Trevolle Place
>>> Dallas, Texas 75204-5537
>>> 214-823-6028 (Phone)
>>> 214-924-1154 (Cell)
>>> RA at TesauroMC.com
>>> www.TesauroMC.com <http://www.tesauromc.com/>
>>>   *
>>> The information contained in this transmission may be privileged and
>>> confidential and is intended only for the use of the person(s) named above.
>>> If you are not the intended recipient, or an employee or agent responsible
>>> for delivering this message to the intended recipient, any review,
>>> dissemination, distribution or duplication of this communication is strictly
>>> prohibited.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110121/649c3bae/attachment-0002.html>

More information about the Owasp-board mailing list