[Owasp-board] Clarification of OWASP Structure

Jim Manico jim.manico at owasp.org
Sun Mar 25 15:47:49 UTC 2012

I think this is totally reasonable, Eoin.

Michael also said it well - we need a strong central OWASP "government" 
and professional staff, but that needs to be in balance with empowering 
local global chapters.

I hope we can keep the central foundation government "strong" but NOT at 
the expense of local chapters, which I think can and does happen. A lot 
of local chapters feel "alone" and distant from the foundation, 
especially in Europe.

I think if the "central OWASP government" did better chapter outreach, 
and had an initiative to empower chapters more, it may help us all 
strike a better balance.

This is a good conversation. The balance of power and resource 
distribution is never an easy one to achieve.


> How do we solve a global security problem if we are not pulling in the same direction. Simple team dynamics.
> We may as well have a bunch of hacker spaces and dissolve the foundation if we follow this model. We won't achieve very much as a loose grouping.
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
> On 22 Mar 2012, at 04:54, Michael Coates<michael.coates at owasp.org>  wrote:
>> Board,
>> We've provided guidance in the form of recommendations for a new chapters / committee policy as part of the lascon exception vote - see http://owasp.blogspot.com/2012/02/approval-of-lascon-exception.html
>> Two additional questions were posed by the chapters committee to clarify the board's view of the OWASP organization. The questions point to a larger issue:
>> Is OWASP a group of small chapters and a stronger central foundation? Or is OWASP strong chapters and a decentralized foundation?
>> I will state my opinion very clearly.  First, I don't believe OWASP is at either extreme but I do believe that OWASP is a single entity and should be structured as such.
>> The OWASP foundation was created to advance the OWASP mission.  One method that we use to advance our mission is the creation of local chapters to grow the OWASP community. We also support an incredibly important array of projects, the OWASP wiki, and various conferences and training events.  To continue be successful OWASP must maintain a strong foundation to advance the mission of OWASP while providing a structure for chapters to grow and explore various methods of success.  In the end, the combined materials that are donated to OWASP are what makes OWASP great.  We have owasp.org, not owasp-wiki-chapterX.org.
>> The overall message is that OWASP is a central force and a single mission. All participants contribute to advance this mission.  Policies governing chapters are intended to allow chapters to experiment and grow, but our goal is not to create an environment where the OWASP foundation suffers as a whole while individuals chapters, which are pieces of the OWASP family, succeed to the detriment of the rest.
>> I believe the following will setup OWASP for success:
>> create policies that allow flexibility
>> minimize unnecessary bureaucracy
>> design policies to empower leaders and include transparency to minimize concerns of misuse
>> recognize that OWASP must continue to operate as a whole and structure policies accordingly
>> I hope the above information, combined with guiding principles from http://owasp.blogspot.com/2012/02/approval-of-lascon-exception.html is sufficient to enable our committees to work out  an agreed upon policy. However, I do recognize that they may be unable to reach a decision. If that is the case we may need to explore the possibility of providing specific detailed requirements instead of the guiding principles that we've made thus far.
>> -------
>> Michael Coates | OWASP
>> michael.coates at owasp.org | @_mwc
>> OWASP Board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org

More information about the Owasp-board mailing list