[Owasp-board] [Owasp-leaders] OWASP.next
michael.coates at owasp.org
Thu Apr 10 21:56:39 UTC 2014
Let's definitely bring up issues that are causing problems. Lets have a
discussion and see how they should change. Please don't feel that the lack
of a formal veto mechanism means there's no way to revisit a previous
decision. Just like I pointed out in my post - we must be ready to try
things and fail. We have many successes and also some failures. We
shouldn't let a bad decision continue to have bad impacts on our
Side note: If you have a specific example can you change the subject line?
As you know email threads are hard enough to follow as is.
On Thu, Apr 10, 2014 at 2:46 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> If you remember, I had similar ideas for the board, as I was running for
> it as well. My idea was to allow a veto role for the community, because it
> is not viable and clever to ask for community polls on typical matters, as
> it does not involve everyone, and they clearly won't participate when they
> are not involved.
> But a veto role, is a different matter. If someone in the community feels
> undermined by a process enforced by the board, they can run their campaign,
> get more votes and undo the decision they though was wrong in the first
> place. This is what we need, and those decisions are really hurting people,
> making them lose hope for the better in this community.
> Unfortunately the previous board and the current board haven't done
> anything significant towards this, and it seems to me that no priority
> effort is being made.
> *Notice:* This message is *digitally signed*, its *source* and *integrity* are
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body. Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> On Apr 10, 2014, at 5:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> One of the ideas that I (and I believe Tobias as well) championed when
> running for the Board was the idea of bringing the power back to the
> community. I have raised this as an item to the Board with the hopes of
> adding a sort of community referendum to the election later this year. In
> the meantime, you have seen several examples of polling the community for
> input on various topics and we are working to bring you a new voting
> platform that will allow even more of this type of community inquiry. The
> caveat is that people have to actually vote and, as is the case with the
> latest poll, our "turnout" numbers have been relatively low. Since the
> community is made up of more than just leaders, you've seen Michael's
> proposal to transition to a full community involvement model instead of
> just having a leaders list and hopefully this will increase those poll
> numbers even more. In my opinion, the issues that you bring up are in
> large part due to actions by the Board in the past and I do see the current
> Board trying to address them. Change won't happen overnight, but I do see
> us moving in the right direction. Hopefully you can stick around long
> enough for us to right the ship.
> On Thu, Apr 10, 2014 at 4:28 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> That is a perfectly valid explanation. I have been faced with several of
>> these myself, and it has really affected the way I love and contribute to
>> OWASP. Now when I have an idea, instead of making it an OWASP project, I
>> look elsewhere for a platform, and all of you people know me and probably
>> are aware of the contributions I have made to the community over several
>> The list you provided is most of the cases, but there are definitely
>> cases not mentioned there, like manipulating and forcing decisions and
>> actions at the board level.
>> I believe we need a change of management model for OWASP. This is clearly
>> not working (IMHO) and these days I have a deep sensation of leaving it all
>> for good and spending my time somewhere more productive.
>> *Notice:* This message is *digitally signed*, its *source* and
>> *integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body. Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>> On Apr 10, 2014, at 5:06 PM, Dennis Groves <dennis.groves at owasp.org>
>> I applaud you Michael for taking the reigns of leadership and setting
>> both a vision and a positive example for OWASP. What a great post! You
>> have really captured the spirit of OWASP and I hope you succeed in keeping
>> it alive. Like you, I stand behind both the awesome staff and community of
>> However, I have great concerns about the future of OWASP, because the
>> board serves as an example for the community. As you have indicated you
>> cannot do this alone, we all have to pitch in. Not everybody on the board
>> is a rotten apple, most of you are awesome. Unfortunately it only takes one
>> rotten apple to spoil the whole barrel.
>> Some examples I have observed of rotten leadership:
>> - Publicly undermining OWASP employees by an OWASP Board member.
>> - Publicly undermining OWASP volunteers by an OWASP Board member.
>> - Privately undermining OWASP leaders by an OWASP Board member.
>> - Privately undermining OWASP employees by an OWASP Board member.
>> - Publicly undermining OWASP projects by an OWASP Board member.
>> - Privately undermining OWASP projects by an OWASP Board member.
>> - OWASP Board members have caused OWASP to lose money from conference
>> - OWASP Board members have caused OWASP to lose corporate
>> - OWASP Board members have caused OWASP to lose projects.
>> - OWASP Board members have harassed OWASP employees privately.
>> - OWASP Board members have abused OWASP employees publicly.
>> All of these things have gone on habitually. Most of the time they are
>> thinly veiled under the guise of 'ethics' and yet all of these behaviors
>> are in direct conflict with the duty of loyalty to the OWASP foundation. *Additionally,
>> it sets up an unprofessional example of 'standard of behavior' for the
>> community to follow, and this is exactly what is happening.*
>> I regularly hear from both sponsors and leaders that no longer want to
>> participate in OWASP anymore due to the examples I have cited above. I
>> spend my OWASP donation hours managing fires like this, when I could be
>> building and contributing to the community with my precious little free
>> It has come to a point that I may no longer recommend that the public
>> join or support OWASP because of the unprofessional behavior emanating from
>> the board. *And I feel it is a very sad day when I can not recommend
>> OWASP, something I genuinely want to be proud to be a part of, to people I
>> love and respect.*
>> Dennis Groves <http://about.me/dennis.groves>, MSc
>> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>> *This email is licensed under a CC BY-ND 3.0
>> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
>> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
>> Please do not send me Microsoft Office/Apple iWork documents.
>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board