[Owasp-board] Clarification of OWASP Structure

Eoin eoin.keary at owasp.org
Thu Mar 22 09:05:19 UTC 2012


How do we solve a global security problem if we are not pulling in the same direction. Simple team dynamics.
We may as well have a bunch of hacker spaces and dissolve the foundation if we follow this model. We won't achieve very much as a loose grouping.


Eoin Keary
BCC Risk Advisory
Owasp Global Board
+353 87 977 2988


On 22 Mar 2012, at 04:54, Michael Coates <michael.coates at owasp.org> wrote:

> Board,
> 
> We've provided guidance in the form of recommendations for a new chapters / committee policy as part of the lascon exception vote - see http://owasp.blogspot.com/2012/02/approval-of-lascon-exception.html
> 
> Two additional questions were posed by the chapters committee to clarify the board's view of the OWASP organization. The questions point to a larger issue:
> Is OWASP a group of small chapters and a stronger central foundation? Or is OWASP strong chapters and a decentralized foundation?
> 
> 
> I will state my opinion very clearly.  First, I don't believe OWASP is at either extreme but I do believe that OWASP is a single entity and should be structured as such.
> 
> The OWASP foundation was created to advance the OWASP mission.  One method that we use to advance our mission is the creation of local chapters to grow the OWASP community. We also support an incredibly important array of projects, the OWASP wiki, and various conferences and training events.  To continue be successful OWASP must maintain a strong foundation to advance the mission of OWASP while providing a structure for chapters to grow and explore various methods of success.  In the end, the combined materials that are donated to OWASP are what makes OWASP great.  We have owasp.org, not owasp-wiki-chapterX.org.
> 
> The overall message is that OWASP is a central force and a single mission. All participants contribute to advance this mission.  Policies governing chapters are intended to allow chapters to experiment and grow, but our goal is not to create an environment where the OWASP foundation suffers as a whole while individuals chapters, which are pieces of the OWASP family, succeed to the detriment of the rest.
> 
> I believe the following will setup OWASP for success:
> create policies that allow flexibility
> minimize unnecessary bureaucracy
> design policies to empower leaders and include transparency to minimize concerns of misuse
> recognize that OWASP must continue to operate as a whole and structure policies accordingly
> 
> 
> I hope the above information, combined with guiding principles from http://owasp.blogspot.com/2012/02/approval-of-lascon-exception.html is sufficient to enable our committees to work out  an agreed upon policy. However, I do recognize that they may be unable to reach a decision. If that is the case we may need to explore the possibility of providing specific detailed requirements instead of the guiding principles that we've made thus far.
> 
> 
> 
> 
> 
> -------
> Michael Coates | OWASP
> michael.coates at owasp.org | @_mwc
> OWASP Board
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board


More information about the Owasp-board mailing list