[Owasp-board] [Owasp-leaders] Public Comment

Bev Corwin bev.corwin at owasp.org
Fri Dec 12 20:04:49 UTC 2014


Thanks Jim,

Who handles organizational strategy?

Best wishes,
Bev


On Fri, Dec 12, 2014 at 2:01 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>  Bev,
>
> The board does indeed set the vision for the organization. But project
> oversight responsibility has been passed to the project committee, and
> overall compliance issues are lead by our ombudsman (compliance officer)
> Martin Knoblock.
>
> Aloha,
> Jim
>
>
>
> On 12/11/14 10:28 AM, Bev Corwin wrote:
>
> Thanks Josh, Doesn't the board have "oversight" and "compliance"
> responsibilities to the OWASP Community? Best wishes, Bev
>
> On Thu, Dec 11, 2014 at 12:57 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>>  It's a good point and I've definitely seen examples in the past of
>> where a project has made significant decisions in a relative bubble before
>> publishing it as an "open" document.  Honestly, I think to some extent that
>> boils down to the project leadership/management and how they choose to run
>> things.  Not that it makes it right or wrong.  I do agree with Simon in
>> that this is not a Board decision though.  If for some reason people felt
>> like project leaders are incapable of doing this, or that rules need to be
>> put in place to enforce it, then that's something I would look to the
>> Project Committee to establish.
>>
>>  ~josh
>>
>>  On Thu, Dec 11, 2014 at 11:51 AM, Bev Corwin <bev.corwin at owasp.org>
>> wrote:
>>
>>>  PS: Your reference was for "free" not "open". Do you have something
>>> that would be a good reference for "open"? How about free and open? Thank
>>> you!
>>>
>>> On Thu, Dec 11, 2014 at 12:50 PM, Bev Corwin <bev.corwin at owasp.org>
>>> wrote:
>>>
>>>> Dear Simon,
>>>>
>>>>  Thank you. Good info, very much appreciate it. Where are you pulling
>>>> your assumptions from? Is there a definition of "open" somewhere that could
>>>> be referenced? So many organizations claim to be "open", however, very few
>>>> actually "manifest" it well. Would be nice to see some kind of guidelines
>>>> somewhere. That would be a board policy issue to recommend such things,
>>>> wouldn't it?
>>>>
>>>>  Best wishes,
>>>> Bev
>>>>
>>>>
>>>> On Thu, Dec 11, 2014 at 12:36 PM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>>   I'm not sure this is a board matter, although board members should
>>>>> definitely speak up if they disagree :)
>>>>>  I think this is more a matter of 'good open source
>>>>> leadership/management' as it applies to all open source projects and not
>>>>> just OWASP ones.
>>>>>  But its something we can all learn from each other and so I think
>>>>> this list is a good place to discuss it.
>>>>>
>>>>>  Can you explain in a bit more detail which project(s) you are
>>>>> referring to, what stage they are at and what you hope to get out of such
>>>>> consultations?
>>>>>  I think the approaches for well established projects are likely to be
>>>>> very different from ones that are just starting out.
>>>>>
>>>>> There are online resources like this which might help you:
>>>>> http://producingoss.com/
>>>>>
>>>>>  Any others people can recommend?
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> On Thu, Dec 11, 2014 at 5:26 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>> wrote:
>>>>>
>>>>>> Thanks Simon, Yes, that is what I thought as well. Has the board made
>>>>>> official recommendations about these things? Are they documented somewhere?
>>>>>> As a practice, are there any guidelines for how to best do this in the
>>>>>> community? Do we have a mailing list of interested public contributors that
>>>>>> we can submit requests for comments to, etc.? Best wishes, Bev
>>>>>>
>>>>>> On Thu, Dec 11, 2014 at 12:20 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>>    Hi Bev,
>>>>>>>
>>>>>>>  I'm confused :/
>>>>>>>  All OWASP projects are open source and should therefore be open for
>>>>>>> public comment at all times.
>>>>>>>  All projects must have public lists that are clearly discoverable
>>>>>>> via the project page.
>>>>>>>  You can ask for specific feedback from other leaders / your users /
>>>>>>> the general public at specific times as well of course.
>>>>>>>
>>>>>>>  Cheers,
>>>>>>>
>>>>>>> Simon
>>>>>>>
>>>>>>>  On Thu, Dec 11, 2014 at 5:05 PM, Bev Corwin <bev.corwin at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>  Dear OWASP Board and Leaders,
>>>>>>>>
>>>>>>>>  Is it possible for OWASP projects and initiatives to open up for
>>>>>>>> public comment at various stages in our projects and initiatives
>>>>>>>> development processes? Do we have any board or leader level
>>>>>>>> recommendations, policies / best practices for this kind of thing?
>>>>>>>>
>>>>>>>>  Best wishes,
>>>>>>>> Bev
>>>>>>>>
>>>>>>>>
>>>>>>>>  _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>
>>>  _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141212/6a798159/attachment-0001.html>


More information about the Owasp-board mailing list