[Owasp-board] In case you missed it...

Matt Tesauro matt.tesauro at owasp.org
Thu Apr 12 00:01:50 UTC 2012


I'd like to turn this argument on its head.  Here's what I mean:

Dinis presented a list of issues what will arrise if OWASP pays people to
do work on projects and suggested we should continue the board decision to
keep this ban in place.

We've also heard about how not investing in our projects (including paying
leaders) appears to leave OWASP with stale projects.

We're talking about money - I'm not surprised there are issues.

However, Dinis has been fond, as long as I've known him, of saying that
nobody abuses OWASP. Lets put that to the test.

Why don't we engage with the project's Eoin has enumerated to see what they
need?  To figure out how to get rid of the project's "paper cuts".  Let the
project leader(s) tell us what they need.  This is somewhat an inverse of
the SOC where OWASP said "We need X".  Instead, OWASP would say "Tell us
what you need and how we can help"  I don't see a single, well defined
solution working for this problem.

If project leaders aren't going to abuse OWASP (Dinis's theorem), then let
them ask for what they need - including being paid if it makes sense.  As
long as we have a method of review, where will the abuse come from.
 Letting project leader's decide removes most if not all of the money
issues that have been raised.

OWASP has already done this with the Python Security guy - we asked him
what he needed, spent some $'s to get what he needed and the results have
been great.  Same for Jim Manico and the OWASP podcast - getting the
production guy hired removed a roadblock to him getting episodes out the
door.

</matt's 2 cents>

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Wed, Apr 11, 2012 at 4:29 PM, Eoin <eoin.keary at owasp.org> wrote:

> Thanks jim.
> Board what are your thoughts on this.
> I'd like to put this to bed soon and start planning.
>
>
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
>
>
> On 11 Apr 2012, at 20:06, Jim Manico <jim.manico at owasp.org> wrote:
>
> > Eoin, I'm also 100% in support of this plan.
> >
> > I also would rather see a vote on your plan, instead of a vote that sets
> > up a firewall rule to disallow paying certain people.
> >
> > I feel that your plan supports the OWASP mission! It also has a huge
> > potential to revitalize the organization.
> >
> > I feel that negative financing rule inhibits our mission.
> >
> > - Jim
> >> Not trying to complicate, I just want to understand everything. Plus
> these will be the same questions others will ask, so it's good for us to
> have it flushed out.
> >>
> >> I'm supportive of the overall plan.
> >>
> >>
> >> -------
> >> Michael Coates | OWASP
> >> michael.coates at owasp.org | @_mwc
> >>
> >>
> >>
> >> On Apr 11, 2012, at 10:54 AM, Eoin wrote:
> >>
> >>> Plan is on the wiki and in the document I shared with you last week.
> >>> Outstanding issue is do project leads get paid. 90% of projects have
> only 1 main leader.
> >>> Why are we over complicating things?
> >>>
> >>>
> >>> Eoin Keary
> >>> BCC Risk Advisory
> >>> Owasp Global Board
> >>> +353 87 977 2988
> >>>
> >>>
> >>> On 11 Apr 2012, at 18:47, Jim Manico <jim.manico at owasp.org> wrote:
> >>>
> >>>>> I'd rather vote on a plan rather than a single statement
> >>>> Amen! Whitelisting a good plan, FTW!
> >>>>
> >>>> --
> >>>> Jim Manico
> >>>> VP, Security Architecture
> >>>> WhiteHat Security
> >>>> (808) 652-3805
> >>>>
> >>>> On Apr 11, 2012, at 11:41 AM, Michael Coates <
> michael.coates at owasp.org> wrote:
> >>>>
> >>>>> I'd rather vote on a plan rather than a single statement
> >
> >
> > --
> > Jim Manico
> >
> > Connections Committee Chair
> > Cheatsheet Series Product Manager
> > OWASP Podcast Producer/Host
> >
> > jim at owasp.org
> > www.owasp.org
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120411/9ac90491/attachment.html>


More information about the Owasp-board mailing list