[Owasp-board] [Owasp-leaders] OWASP.next

Josh Sokol josh.sokol at owasp.org
Thu Apr 10 21:33:25 UTC 2014


I agree that there's been some issues lately with how some Board members
have represented themselves with members of our staff and community.  I
also agree that there are better ways that they could have dealt with those
issues than how they did.  I personally spoke with at least one of the
people you're talking about and called them out (in private) for their
behavior and they have subsequently apologized both publicly and in
private.  You are right in that this type of behavior should not be
tolerated as it sets an example of unprofessional behavior that others may
choose to follow.  That said, these people were elected to serve in the
Board member capacity by their peers in the community.  For whatever
reason, they saw something that made them feel like they were the right
people to set the direction for the organization, at least at that time.
And the good news is that in a few months we will have an election and if
the majority agrees with you that they are no longer worthy, they can be
removed just as easily as they were elected.  Your e-mail serves as a good
reminder that, as Board members, we are constantly under the microscope for
our actions and we should always strive to be the shining example that the
rest of the community can look up to and emulate.  However, as we are all
human, we sometimes make mistakes.  In my opinion it's how we own up to
those mistakes and look to correct them that really defines us as decent

I will say that I don't think that any of the actions that you are talking
about came from a place of malice, but rather a strong desire to better
this organization.  That passion is probably what put them on the Board in
the first place and sometimes we get so caught up in the passion that we
get blinders on to accomplish the mission and others get hurt in the
process.  I tell my daughters all the time that when we know better, we do
better, and this is no different.  Instead of harping on past actions that
they've already acknowledged and apologized for, let's increase the zoom on
our lenses and make sure that these incidents don't happen again.  I'm
sorry that you've had to waste your time on this and even more sorry that
you're losing faith in an organization that you helped to found.  There are
good people here that are trying to do very good things and they should not
be overlooked because of a few relatively minor bumps in the road.


On Thu, Apr 10, 2014 at 4:06 PM, Dennis Groves <dennis.groves at owasp.org>wrote:

> Michael,
> I applaud you Michael for taking the reigns of leadership and setting both
> a vision and a positive example for OWASP. What a great post! You have
> really captured the spirit of OWASP and I hope you succeed in keeping it
> alive. Like you, I stand behind both the awesome staff and community of
> However, I have great concerns about the future of OWASP, because the
> board serves as an example for the community. As you have indicated you
> cannot do this alone, we all have to pitch in. Not everybody on the board
> is a rotten apple, most of you are awesome. Unfortunately it only takes one
> rotten apple to spoil the whole barrel.
> Some examples I have observed of rotten leadership:
>    - Publicly undermining OWASP employees by an OWASP Board member.
>    - Publicly undermining OWASP volunteers by an OWASP Board member.
>    - Privately undermining OWASP leaders by an OWASP Board member.
>    - Privately undermining OWASP employees by an OWASP Board member.
>    - Publicly undermining OWASP projects by an OWASP Board member.
>    - Privately undermining OWASP projects by an OWASP Board member.
>    - OWASP Board members have caused OWASP to lose money from conference
>    revenues.
>    - OWASP Board members have caused OWASP to lose corporate
>    sponsorship's.
>    - OWASP Board members have caused OWASP to lose projects.
>    - OWASP Board members have harassed OWASP employees privately.
>    - OWASP Board members have abused OWASP employees publicly.
> All of these things have gone on habitually. Most of the time they are
> thinly veiled under the guise of 'ethics' and yet all of these behaviors
> are in direct conflict with the duty of loyalty to the OWASP foundation. *Additionally,
> it sets up an unprofessional example of 'standard of behavior' for the
> community to follow, and this is exactly what is happening.*
> I regularly hear from both sponsors and leaders that no longer want to
> participate in OWASP anymore due to the examples I have cited above. I
> spend my OWASP donation hours managing fires like this, when I could be
> building and contributing to the community with my precious little free
> time.
> It has come to a point that I may no longer recommend that the public join
> or support OWASP because of the unprofessional behavior emanating from the
> board. *And I feel it is a very sad day when I can not recommend OWASP,
> something I genuinely want to be proud to be a part of, to people I love
> and respect.*
> --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> .
> *This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> <http://www.owasp.org/>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140410/669e89fe/attachment.html>

More information about the Owasp-board mailing list