[Owasp-board] In case you missed it...

Seba seba at owasp.org
Thu Apr 12 04:20:47 UTC 2012


Eoin,

I see this as a "focused SoC", with a couple of phases where
1) all the leaders vote on a certain number of projects that need to be
pushed forward (roughly done last week: list in ppt Eoin)
2) now the respective project leaders have to come up with a project plan
on how to achieve the next level, release, ...
3) if they don't come up with a plan: look for other projects or project
leaders
4) if they have a plan that needs funding: let's provide them that funding.
    I am not against paying the project leader.
    but it needs to have a very good reason. because I don't think that
scales
    funding should go to facilitation, mini-summits, marketing, technical
writing, I18N, book publishing, ...
5) the devil is in the details and execution: we need a Paulo II to turn
this around.

We are not going to solve stale or stagnant project by throwing money at
it, we need to empower the current leaders, contributor and look for new
blood

--seba
On Thu, Apr 12, 2012 at 2:01 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:

> I'd like to turn this argument on its head.  Here's what I mean:
>
> Dinis presented a list of issues what will arrise if OWASP pays people to
> do work on projects and suggested we should continue the board decision to
> keep this ban in place.
>
> We've also heard about how not investing in our projects (including paying
> leaders) appears to leave OWASP with stale projects.
>
> We're talking about money - I'm not surprised there are issues.
>
> However, Dinis has been fond, as long as I've known him, of saying that
> nobody abuses OWASP. Lets put that to the test.
>
> Why don't we engage with the project's Eoin has enumerated to see what
> they need?  To figure out how to get rid of the project's "paper cuts".
>  Let the project leader(s) tell us what they need.  This is somewhat an
> inverse of the SOC where OWASP said "We need X".  Instead, OWASP would say
> "Tell us what you need and how we can help"  I don't see a single, well
> defined solution working for this problem.
>
> If project leaders aren't going to abuse OWASP (Dinis's theorem), then let
> them ask for what they need - including being paid if it makes sense.  As
> long as we have a method of review, where will the abuse come from.
>  Letting project leader's decide removes most if not all of the money
> issues that have been raised.
>
> OWASP has already done this with the Python Security guy - we asked him
> what he needed, spent some $'s to get what he needed and the results have
> been great.  Same for Jim Manico and the OWASP podcast - getting the
> production guy hired removed a roadblock to him getting episodes out the
> door.
>
> </matt's 2 cents>
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
>
> On Wed, Apr 11, 2012 at 4:29 PM, Eoin <eoin.keary at owasp.org> wrote:
>
>> Thanks jim.
>> Board what are your thoughts on this.
>> I'd like to put this to bed soon and start planning.
>>
>>
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 11 Apr 2012, at 20:06, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> > Eoin, I'm also 100% in support of this plan.
>> >
>> > I also would rather see a vote on your plan, instead of a vote that sets
>> > up a firewall rule to disallow paying certain people.
>> >
>> > I feel that your plan supports the OWASP mission! It also has a huge
>> > potential to revitalize the organization.
>> >
>> > I feel that negative financing rule inhibits our mission.
>> >
>> > - Jim
>> >> Not trying to complicate, I just want to understand everything. Plus
>> these will be the same questions others will ask, so it's good for us to
>> have it flushed out.
>> >>
>> >> I'm supportive of the overall plan.
>> >>
>> >>
>> >> -------
>> >> Michael Coates | OWASP
>> >> michael.coates at owasp.org | @_mwc
>> >>
>> >>
>> >>
>> >> On Apr 11, 2012, at 10:54 AM, Eoin wrote:
>> >>
>> >>> Plan is on the wiki and in the document I shared with you last week.
>> >>> Outstanding issue is do project leads get paid. 90% of projects have
>> only 1 main leader.
>> >>> Why are we over complicating things?
>> >>>
>> >>>
>> >>> Eoin Keary
>> >>> BCC Risk Advisory
>> >>> Owasp Global Board
>> >>> +353 87 977 2988
>> >>>
>> >>>
>> >>> On 11 Apr 2012, at 18:47, Jim Manico <jim.manico at owasp.org> wrote:
>> >>>
>> >>>>> I'd rather vote on a plan rather than a single statement
>> >>>> Amen! Whitelisting a good plan, FTW!
>> >>>>
>> >>>> --
>> >>>> Jim Manico
>> >>>> VP, Security Architecture
>> >>>> WhiteHat Security
>> >>>> (808) 652-3805
>> >>>>
>> >>>> On Apr 11, 2012, at 11:41 AM, Michael Coates <
>> michael.coates at owasp.org> wrote:
>> >>>>
>> >>>>> I'd rather vote on a plan rather than a single statement
>> >
>> >
>> > --
>> > Jim Manico
>> >
>> > Connections Committee Chair
>> > Cheatsheet Series Product Manager
>> > OWASP Podcast Producer/Host
>> >
>> > jim at owasp.org
>> > www.owasp.org
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120412/d0a5988d/attachment-0001.html>


More information about the Owasp-board mailing list