[Owasp-board] (removing myself from the process) Re: Core Purpose Submissions

Thomas Brennan tomb at owasp.org
Fri Jan 21 13:46:16 UTC 2011


Your a member of the board.  We agreed as a team to approve this and to work on this effort.  Are you stepping down from that team then and simply focused on being a individual?


On Jan 21, 2011, at 8:41 AM, dinis cruz wrote:

> never and it should never be that, but If I'm not contributing or adding value I should not be involved
> 
> Dinis Cruz
> 
> 
> On 21 January 2011 13:23, Thomas Brennan <tomb at owasp.org> wrote:
> Dinis, when did we start calling OWASP "ODinis"
> 
> 
> On Jan 21, 2011, at 7:56 AM, Seba wrote:
> 
>> Dinis,
>>  
>> That's not really fair: you are criticizing the values we have reached thus far and removing yourself from the process to discuss them?
>>  
>> --Seba
>> 
>>  
>> On Fri, Jan 21, 2011 at 11:38 AM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> Hi Richard (and the rest of the board)
>> 
>> As you probably noticed I have not been involved in this process for the past weeks/month. Although I am hyper busy with the planning of the OWASP Summit and my work commitments, the main reason is that I don't agree with the current direction (that this exercise is taking) and that the final outcome is going to be much smaller/valuable than it could be.
>> 
>> Sorry I just can't commit energy and ideas to a process I don't believe in, and one were the other side is not listening. Yes I know I could had been much more vocal, but I did raise a number of concerns and did spend almost 1h on the phone with Richard last December.
>> 
>> For me the core problem is that Richard doesn't understand Open Source and (more specifically/importantly) Open Source Communities. I did try to explain this to Richard (and other board members I spoke to) that unless we separated from the 'values discussion' the core values that are intrinsic to ANY (decent) Open Source Community (like OWASP), we would end up with a subset of values from those Communities, AND even worse, no values about what make OWASP OWASP.
>> 
>> Just look at http://www.owasp.org/index.php/Core_Values_and_Definitions and tell me if you honestly believe that those 4 items are anywhere close from representing the number of values that everyday are at play inside our community (aren't some of the ones that we removed from there as important?). Also, I would like to understand how any Open Source community can BE an open source community if it is not GLOBAL (since being GLOBAL is part of the open source 'definition')
>> 
>> I guess what push me over the edge was when I realized that Richard didn't even understand that an Open Source license, means that the Source code is (amongst other things) freely available (Yes, Richard, I know it is a very alien concept for a lot of other industries, but in the Open Source world, we freely distribute and open our most valuable intellectual property asset: The Source Code). 
>> 
>> The other problem is that I was hoping that our values could be used to deal swiftly with ideas from certain parts of our Community that would be against our current 'undocumented' culture/values. For example, the NDA requirement/idea from the Industry Committee (via Yiannis). My hope was that once such question would arise, it could be stopped almost immediately by pointing to our values. This didn't happen, in fact the NDA question CAME from the thread talking about OWASP's values!
>> 
>> In fact, have we even asked the question: "Why we need these values?".
>> 
>> What are the use cases (or questions that need answers) where the 'values definition' (and all the other bits) are needed? 
>> 
>> Shouldn't we have created by now a list of questions whose answer would come by making reference to the 'owasp values'? (my recommendation for the ones that will complete this exercise with Richard is that you do such a thing, For example looking at http://www.owasp.org/index.php/Core_Values_and_Definitions I can use those Values to make the case/argument that the OWASP Industry Committee should be allowed to sign NDAs so it can have 'more in-depth' conversations with other organizations (lets ignore for now how impossible that would be to actually implement in practice). 
>> 
>> Other questions that should be quickly dealt by values our should be: 
>> OWASP & Certification
>> use/abuse of OWASP Brand 
>> employment strategies for OWASP 
>> how OWASP invests its funds 
>> how OWASP assigns/removes its leaders 
>> how OWASP deals with conflict 
>> how OWASP manages its projects
>> how OWASP deals with the WebAppSec industry vendors
>> how OWASP deals with government body 
>> should OWASP provide 'labels' for applications
>> what is the role of the OWASP Board
>> who is the guardian of OWASP's values 
>> what is the role of OWASP's community 
>> how important to OWASP are events like the Summit
>> etc..... 
>> For me a good 'Values' definition would provide very strong directions on each one of those questions (and 'directions' which would currently match our community understanding of our 'undocumented' OWASP's values) 
>> 
>> Just to be clear, and so that I don't have to find excuses NOT to make these calls (although for the past two weeks I DID had a client call booked during that time), I am removing myself from this process.
>> 
>> I'm sure you guys will be able to finish it just fine, and in the end will create an interesting document which will be a good starting point for debate for our community.
>> 
>> And, if you fell you will have something ready by the Summit, then lets add a Working Session for it
>> 
>> Good luck
>> 
>> Dinis Cruz
>> 
>> 
>> On 18 January 2011 17:24, Richard Tesauro <tesauros at mac.com> wrote:
>> The Core Purpose submissions from Tom, Matt, Seba, Eoin and Jeff offer a productive discussion and Board call this Friday. The submissions will be post on the TMC wiki page shortly. A call agenda will be emailed later by Kate.
>> 
>> Enjoy your day,
>> Richard A. (Dick) Tesauro
>> President and Founder
>> Tesauro Management Counselors (TMC)
>> Trusted Advisor and Catalyst
>> 
>> Helping Leaders Create Enduring, Growing, "Great" Organizations
>> 
>> 3124 Trevolle Place
>> Dallas, Texas 75204-5537
>> 214-823-6028 (Phone)
>> 214-924-1154 (Cell)
>> RA at TesauroMC.com
>> www.TesauroMC.com
>> 
>> 
>> 
>> 
>> 
>> 
>> The information contained in this transmission may be privileged and confidential and is intended only for the use of the person(s) named above. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, any review, dissemination, distribution or duplication of this communication is strictly prohibited.
>> 
>> 
>> 
>> 
>> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110121/16471eae/attachment-0002.html>


More information about the Owasp-board mailing list