[Owasp-board] Final Proposal to be sent to Kevin Greene

johanna curiel curiel johanna.curiel at owasp.org
Sun Jun 8 21:45:40 UTC 2014

Thank you Eoin. I appreciate your support and the board's support and words
but I think it was time for me to speak openly my experience with Samantha.

I didnt want to throw this before because this was her job and earning
income,  but my honest opinion is that she was not the right person to be
set as manager for project reviews, especially because she never listened
or took my advice or the advice of the Project Advisory board team, she
lacks technical understanding of projects so why was she taking decisions
instead of asking and taking advice from the technical people. No wonder
why was I the only person participating  in the end. She was still sending
me forms to do reviews even when i mentioned in an email in march that this
approach is wrong and filling criterias forms is not the correct ways of
doing it and that I won't do anything until there is a clear objective
regarding this. She ignored my advice completely. You do that , people stop

In the end all I saw was that she included me in emails when she need
 something to be done.
Yes I felt like mishandled and used as cheap/free labor. This is how I felt
about working with her.

*Closed chapter and time to concentrate in results.*

Since last year september, after th efailure of the Advisory Board and the
project review approach Isent an email to her
On Sunday, June 8, 2014, Eoin Keary <eoin.keary at owasp.org> wrote:

> Johanna, you are doing a great Job.
> There is a little confusion regarding the grants from DHS and swamp.
> Please keep going, you have the boards full support.
> Projects is what OWASP is about, not politik!
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 8 Jun 2014, at 17:57, johanna curiel curiel <johanna.curiel at owasp.org>
> wrote:
> R
> > If there's anything you wanted me to talk with him about please let me
> know.
> One of the most important things is that projects needs a proper build
> script and code analysis is done only on C/C++/Java, so I wonder how
> projects as hackademics are going to be deployed because there is no tool
> for code analysis for this yet. Esapi Java  or ZAP makes sense to me, but
> with all due respect hackademics is too early in this phase because is
> HTML,Javascript and PHP which is not supported by SWAMP.
> Right now everything works through a web interface , no direct access is
> granted to the SWAMP servers, so no way of deploying properly packages or
> tools that are not written in the mentioned languages and they must have a
> C/C++ script. I tested this myself.
> SWAMP tools are for code analysis assessment, so I don't know how
> Hackacademics project fits into this.
> To me it makes sense to start with those tools written in the
> available languages AND that are for Code or vulnerability assessment,
> verify that OWASP tools can be properly build and deployed. That is my plan.
> And then we need to coordinate with SWAMP how other languages will be
> integrated into this program. And  if only tools that are for code analysis
> or vulnerability findings will be part of the SWAMP toolset. So far this is
> the case. So tools such as Hackademics, WebGoat ...are not for this.
> We need to know what the SWAMP exactly will provide regarding this.
> I'll be sending these questions to Irene Landrum, technical manager
> of the SWAMP, which I have contact with. just the technical questions.
> *Dan *as I mentioned on the 16 june I'll get more info with these or
> after getting answers from Irene. But important is to know how
> those languages and tools that are not supported right now are been planned
> by the SWAMP.
> Thats why the plan written by Samantha does make any sense to me from the
> technical point of view.
> On Sun, Jun 8, 2014 at 12:33 PM, dan cornell <dan.cornell at owasp.org>
> wrote:
> I'm going to be on-site at MITRE for a software assurance event tomorrow
> and I believe Kevin Greene from DHS is going to be there as well. If
> there's anything you wanted me to talk with him about please let me know.
> The DHS stuff I was waiting on finally got sorted out so I'm in a better
> position to talk with Kevin and the SWAMP folks now than I was for the past
> couple of months.
> Thanks,
> Dan
> On Sun, Jun 8, 2014 at 11:25 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
> The purpose is the same too but no one ever informed me even when I have
> been so deeply involved in projects
> and why not involving more projects?
> The idea of the SWAMP is to set the projects here too and use them for
> review purpose at the same time
> Samantha never told me anything and as I can see this dates from March...
> I feel she has excluded me long time ago but this is just a confirmation
> of it. yea I was only good to review projects..only when she needed my
> technical help and never to be really part of key decisions and technical
> input.
>  I kind of feel backstab and downgraded.
> Anyways.. take a look of this
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140608/7d8d38d7/attachment.html>

More information about the Owasp-board mailing list