[Owasp-board] Discussion - Strategic Goals for 2013

Dave Wichers dave.wichers at owasp.org
Wed Apr 17 14:15:31 UTC 2013

I'm all for helping to acknowledge individual contributors better and your
ideas certainly seem reasonable and lightweight. I'll look at the corporate
contribution proposal when I have time.




From: Michael Coates [mailto:michael.coates at owasp.org] 
Sent: Tuesday, April 16, 2013 6:18 PM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] Discussion - Strategic Goals for 2013


I think there are several specific ways we can identify individual

- Global Initiative Metrics (automatable at a basic level)

- Wiki Edit Metrics (built in support I believe)

- Chapter Attendance (supported if people use the registration system)

- Conference Attendance 

- Speaking on behalf of OWASP anywhere (easy for people to self record -

- Project Activity (we'll have to think about this)


It would be very interesting to see who is most active given a very basic
report across those areas.

With that data you can easily create a contributor of the week on the OWASP
front page (talk about incentive) and quickly build a list of key people
that should be at a summit like event.

If the contributors themselves have emails of @company.com, then it's also
very easy to recognize companies that are donating employee time.

For your logo concerns, we talked about it at the last board meeting and now
have a proposal online here -
jW9jO-z-a_dUeqM/edit  Please add your thoughts & concerns.


Lastly, recognizing individual contributors is broken. We don't do it. Since
the community is the base of OWASP this is an area I think we should really
focus on.




Michael Coates | OWASP | @_mwc


On Tue, Apr 16, 2013 at 2:21 PM, Dave Wichers <dave.wichers at owasp.org>

I'm all for encouraging recognition, but it's pretty hard, particularly if
we want to automate it. That's why I've never really warmed to the idea
because I just assume it's way too hard/time consuming relative to the
benefit. But if we can really figure out a way to do it that is efficient
and self-sustaining I'd probably be for it, depending on what behavior it
actually rewarded and what the rewards were.


And at the same time, we are also reducing our ability to recognize
corporate contributors with the whole 'no logos on OWASP projects' debate,
which I completely disagree with.


I think we should figure out more/better ways to recognize both individual
and corporate contributors, not just focus on individuals, while at the same
time actually reducing our ability to recognize the contributions of
corporate contributors. I've always felt that corporate contributions to
projects are usually far more valuable than financial contributions because
they typically invest more than $5K of their time on such projects. So we
should encourage more of this, not less. I've always felt this way and so
has Jeff, who led OWASP for 9 years and took it from a small handful of
contributors to a global force with tens of thousands of participants.


I think we can easily get corporate contributions while handling the
potential for bias. In fact, I think we've already done a great job of that
throughout OWASP's history. To me, it's something that I don't think is




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Tuesday, April 09, 2013 1:39 PM
To: OWASP Foundation Board List
Subject: [Owasp-board] Discussion - Strategic Goals for 2013



In 2012 we formalized strategic goals for OWASP. These items served as a
direction and rallying point for many of our operational items.

While these goals may still hold true, we should formally evaluate and vote
to reconfirm each year. Although it is now April, I'd like to push that

Here are the items from 2012

.         Build the OWASP Platform - Define the processes, resources, and
tools to enable volunteers to quickly join and contribute to OWASP in the
areas of projects, chapters, education, conferences and connections

.         Expand Communication Channels - Establish effective communication
channels into developer groups, universities, and industry groups

.         Grow the OWASP Community - Build and grow the OWASP community
throughout the world by focusing on the quality of projects, chapters,
conferences, and social technologies

.         Financial Stability -  Further build out a stable financial
foundation and create new sources of income for the organisation to achieve
the goals of 2012 and future years.

For 2013 I'd like to make sure we still limit the strategic goals to 4.

>From my perspective I think this year we should place a focus on recognizing
the contributors. There are many ways to do this, but I'd like to see
systems built that can scale and provide recognition for the volunteer
efforts of the community. This includes items like a badge program or
something like "o-points", automated recognition of our top volunteers in
global initiatives and wiki edits, some sort of featured OWASP'er of the
week on the front page of OWASP or in the connector, and so on.

I believe that this should be a strategic focus for 2013. The impact of this
change will be a clear recognition system for individuals that get involved
in OWASP. They can help change the world and be quickly acknowledged for
their efforts.

Sticking to a limit of 4 strategic goals I'd initially argue this strategic
goal would replace "Grow the OWASP community". I like the other 3 but would
love to hear opinions from the rest of the board.


Michael Coates | OWASP | @_mwc


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130417/0a78d956/attachment.html>

More information about the Owasp-board mailing list