[Owasp-board] OWASP Top 10

Matt Tesauro matt.tesauro at owasp.org
Sun Apr 13 20:34:00 UTC 2014

Cannot lurk on this any further.

Eoin, you're also asking Samantha to be the project police rather then a
project facilitator.

Given Josh's previous math on how little time Samantha actually has to help
projects that are and want to "do the right thing", the opportunity cost
[1] of having Samantha diverted from positive interactions with project
leaders seems far too high when you could simply have emailed the Top 10
list and ask the very same question.

Heck, I'd suspect that the perceived "power" of a board member's email will
trump that of a staff members regardless of their job description.

Key to good management of staff is to make sure you use their time for the
greatest benefit of OWASP.  Having Samantha asking a project leader for
information you suspect won't be forthcoming is simply setting her up for
failure.  You and I are both peers of Dave - simply talk directly with him
and the other leaders on the Top 10 mail list.  Do you really need Samantha
to do something you can so easily do yourself?  Especially when the answer
is pretty much already known and you're in a better position of power to
make such a request.

[1] http://en.wikipedia.org/wiki/Opportunity_cost

-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead

On Sun, Apr 13, 2014 at 3:22 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Dancing? Asking for information on how a project is made, which is
> allegedly opensource is a valid request.
> Reason I'm asking Samantha is she is paid staff to manage projects for
> Simple really.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 13 Apr 2014, at 19:44, Michael Coates <michael.coates at owasp.org> wrote:
> Eoin,
> Are we dancing around the elephant in the room? We know there are many
> calls for the top 10 to be more open. I hope people will join the project
> and push the top 10 process from it's beginning and create a very open 2015
> top 10 with all these ideas  - we just need to get into the process at the
> beginning, not the end .
> I guess my question is this - why not just ask the project mailing list
> for this information directly? Or are they not responding or refusing?
> I don't think we have a model or expectation that a request to project X
> should flow through Samantha to simply relay that same request to the
> project mailing list.
> Perhaps I'm missing something - help me understand?
> --
> Michael Coates
> @_mwc
> On Sun, Apr 13, 2014 at 4:41 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Hi Samantha,
>> I am formally requesting that as projects manager you obtain the data,
>> work papers and associated statistic model for the owasp top 10. This is a
>> core owasp project and needs to be assessed such that we can leverage it
>> for other endeavours.
>> Thanks in advance.
>> Eoin.
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140413/3482444c/attachment.html>

More information about the Owasp-board mailing list