[Owasp-board] OWASP guiding operating principle on empowerment of volunteers and the role of staff

Matt Tesauro matt.tesauro at owasp.org
Mon May 5 17:31:15 UTC 2014


I generally support this but have a caveat I want to make sure everyone is
aware of...

Particularly for items which require IT infrastructure, allowing 100%
volunteer control is not in the best interest of the Foundation.

Case in point:  Seba (and a bit me) have tried off and on to get
www.opensamm.org migrated to a server at Rackspace.  Here's a very
promenent project that has new  leaders willing to make updates but the
Foundation has zero control of that server.  Pravir has it running on some
friends service/server.  I'm not trying to throw Pravir under the
proverbial bus but if the Foundation ran that server, those wanting to
update that project would already have access.

The LAPSE source code analyzer is another, older example.  The project lead
got busy and access to that project pretty much went away.  We've had
requests to take over that project but source code is not available.

So I think part of the idea of having "flagship" or whatever we call
prominent projects is the need for the Foundation to ensure those projects
can continue on through project lead or other changes.

Basically I'm for free range assuming there are fences at the property
boarder. [1]

Cheers!

[1] Gratuitous Texas reference

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project


On Mon, May 5, 2014 at 12:18 PM, Jim Manico <jim.manico at owasp.org> wrote:

> +1,000,000,000,000,000
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On May 5, 2014, at 12:35 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
> Hi all,
>
> in the past there seem to have been sometimes confusion as to the roles
> and responsibilities of volunteers and our staff.
>
> To straighten this out, I like to propose to spell out the following
> guiding operating principle for OWASP for the empowerment of all
> volunteers:
>
> *All main activities (for chapters, projects, conferences, etc.) are
> driven by the community volunteers. *
> Our staff's responsibility is to provide operational support,
> facilitation, execution and advice to the community.
> Wherever possible, community relevant decisions are made by the community
> volunteers.
> (Staff members shall be included in the decision making like any other
> community member.)
>
> To give some examples, the rating of projects and its process shall be
> directed by the community volunteers. Decisions on conference details like
> which presentations are chosen and fostering of industry contacts shall be
> done by the involved community volunteers. Everything with a
> non-operational nature shall be driven and directed by community
> volunteers.
>
> Best regards, Tobias
>
>
>
> Tobias Gondrom
> OWASP Global Board Member
> email: tobias.gondrom at owasp.org
> skype: tgondrom
> twitter: @tgondrom
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140505/4807deb4/attachment.html>


More information about the Owasp-board mailing list