[Owasp-board] [Owasp-leaders] OWASP.next

Josh Sokol josh.sokol at owasp.org
Thu Apr 10 22:05:23 UTC 2014


The OWASP Governance list would probably be a good place to start IMHO.

~josh


On Thu, Apr 10, 2014 at 4:57 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Where’s the place to bring them up? I don’t want to publicly announce some
> mistakes that certain people make, or their bad decisions.
> -Abbas
> ______________________________________________________________
> *Notice:* This message is *digitally signed*, its *source* and *integrity* are
> verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Apr 10, 2014, at 5:56 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
> Abbas,
>
> Let's definitely bring up issues that are causing problems. Lets have a
> discussion and see how they should change. Please don't feel that the lack
> of a formal veto mechanism means there's no way to revisit a previous
> decision. Just like I pointed out in my post - we must be ready to try
> things and fail. We have many successes and also some failures. We
> shouldn't let a bad decision continue to have bad impacts on our
> organization.
>
> Side note: If you have a specific example can you change the subject line?
> As you know email threads are hard enough to follow as is.
>
>
>
>
> --
> Michael Coates
> @_mwc
>
>
>
> On Thu, Apr 10, 2014 at 2:46 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> Josh,
>> If you remember, I had similar ideas for the board, as I was running for
>> it as well. My idea was to allow a veto role for the community, because it
>> is not viable and clever to ask for community polls on typical matters, as
>> it does not involve everyone, and they clearly won’t participate when they
>> are not involved.
>>
>> But a veto role, is a different matter. If someone in the community feels
>> undermined by a process enforced by the board, they can run their campaign,
>> get more votes and undo the decision they though was wrong in the first
>> place. This is what we need, and those decisions are really hurting people,
>> making them lose hope for the better in this community.
>>
>> Unfortunately the previous board and the current board haven’t done
>> anything significant towards this, and it seems to me that no priority
>> effort is being made.
>>
>> Thanks
>> -Abbas
>>      ______________________________________________________________
>> *Notice:* This message is *digitally signed*, its *source* and
>> *integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>>
>> On Apr 10, 2014, at 5:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>> Abbas,
>>
>> One of the ideas that I (and I believe Tobias as well) championed when
>> running for the Board was the idea of bringing the power back to the
>> community.  I have raised this as an item to the Board with the hopes of
>> adding a sort of community referendum to the election later this year.  In
>> the meantime, you have seen several examples of polling the community for
>> input on various topics and we are working to bring you a new voting
>> platform that will allow even more of this type of community inquiry.  The
>> caveat is that people have to actually vote and, as is the case with the
>> latest poll, our "turnout" numbers have been relatively low.  Since the
>> community is made up of more than just leaders, you've seen Michael's
>> proposal to transition to a full community involvement model instead of
>> just having a leaders list and hopefully this will increase those poll
>> numbers even more.  In my opinion, the issues that you bring up are in
>> large part due to actions by the Board in the past and I do see the current
>> Board trying to address them.  Change won't happen overnight, but I do see
>> us moving in the right direction.  Hopefully you can stick around long
>> enough for us to right the ship.
>>
>> ~josh
>>
>>
>> On Thu, Apr 10, 2014 at 4:28 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>
>>> Dennis,
>>> That is a perfectly valid explanation. I have been faced with several of
>>> these myself, and it has really affected the way I love and contribute to
>>> OWASP. Now when I have an idea, instead of making it an OWASP project, I
>>> look elsewhere for a platform, and all of you people know me and probably
>>> are aware of the contributions I have made to the community over several
>>> years.
>>>
>>> The list you provided is most of the cases, but there are definitely
>>> cases not mentioned there, like manipulating and forcing decisions and
>>> actions at the board level.
>>>
>>> I believe we need a change of management model for OWASP. This is
>>> clearly not working (IMHO) and these days I have a deep sensation of
>>> leaving it all for good and spending my time somewhere more productive.
>>>
>>> Thanks
>>> -Abbas
>>>      ______________________________________________________________
>>> *Notice:* This message is *digitally signed*, its *source* and
>>> *integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display
>>> a file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com <http://abiusx.com/>
>>>
>>> On Apr 10, 2014, at 5:06 PM, Dennis Groves <dennis.groves at owasp.org>
>>> wrote:
>>>
>>> Michael,
>>>
>>> I applaud you Michael for taking the reigns of leadership and setting
>>> both a vision and a positive example for OWASP. What a great post! You
>>> have really captured the spirit of OWASP and I hope you succeed in keeping
>>> it alive. Like you, I stand behind both the awesome staff and community of
>>> OWASP.
>>>
>>> However, I have great concerns about the future of OWASP, because the
>>> board serves as an example for the community. As you have indicated you
>>> cannot do this alone, we all have to pitch in. Not everybody on the board
>>> is a rotten apple, most of you are awesome. Unfortunately it only takes one
>>> rotten apple to spoil the whole barrel.
>>>
>>> Some examples I have observed of rotten leadership:
>>>
>>>    - Publicly undermining OWASP employees by an OWASP Board member.
>>>    - Publicly undermining OWASP volunteers by an OWASP Board member.
>>>    - Privately undermining OWASP leaders by an OWASP Board member.
>>>    - Privately undermining OWASP employees by an OWASP Board member.
>>>    - Publicly undermining OWASP projects by an OWASP Board member.
>>>    - Privately undermining OWASP projects by an OWASP Board member.
>>>
>>>
>>>    - OWASP Board members have caused OWASP to lose money from
>>>    conference revenues.
>>>    - OWASP Board members have caused OWASP to lose corporate
>>>    sponsorship's.
>>>    - OWASP Board members have caused OWASP to lose projects.
>>>
>>>
>>>    - OWASP Board members have harassed OWASP employees privately.
>>>    - OWASP Board members have abused OWASP employees publicly.
>>>
>>> All of these things have gone on habitually. Most of the time they are
>>> thinly veiled under the guise of 'ethics' and yet all of these behaviors
>>> are in direct conflict with the duty of loyalty to the OWASP foundation. *Additionally,
>>> it sets up an unprofessional example of 'standard of behavior' for the
>>> community to follow, and this is exactly what is happening.*
>>>
>>> I regularly hear from both sponsors and leaders that no longer want to
>>> participate in OWASP anymore due to the examples I have cited above. I
>>> spend my OWASP donation hours managing fires like this, when I could be
>>> building and contributing to the community with my precious little free
>>> time.
>>>
>>> It has come to a point that I may no longer recommend that the public
>>> join or support OWASP because of the unprofessional behavior emanating from
>>> the board. *And I feel it is a very sad day when I can not recommend
>>> OWASP, something I genuinely want to be proud to be a part of, to people I
>>> love and respect.*
>>>
>>>
>>> --
>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
>>> .
>>> *This email is licensed under a CC BY-ND 3.0
>>> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
>>> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
>>> Please do not send me Microsoft Office/Apple iWork documents.
>>> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
>>>
>>> <http://www.owasp.org/>
>>>  _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140410/741b18db/attachment-0001.html>


More information about the Owasp-board mailing list