[Owasp-board] PROPOSAL: Solicit Feedback on Roles in OWASP Foundation Decision Making Process

Josh Sokol josh.sokol at owasp.org
Fri May 9 15:58:29 UTC 2014


I'm ok with this approach, but I think it opens that team up to far more
criticism from the community over just opening it up to a community vote to
begin with.  I won't be able to make the bulk of the AppSecEU meeting since
it will run from something like 2 AM to 10 AM my time, but if someone else
(yourself?) would like to lead this exercise, then I'm all for it.  I will
do my best to join the meeting around 7 AM my time through close.

~josh


On Fri, May 9, 2014 at 10:38 AM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hi Josh,
>
> I know the model and it can indeed help clear things up on who does what.
> Unfortunately sometimes it's not always that clear. ;-)
>
> But I agree, I would be a good exercise for one hour to go through some of
> our activities with this process and sort out which part of RAPID they
> should do.
>
> However, IMHO, I would recommend to do this first in a small team and when
> we have a proposal then ask the community for feedback on whether people
> agree or see this differently. Otherwise there will be too many unclear
> questions and parameters.
> Maybe an exercise for an hour during our open board meeting in Cambridge
> next month?
>
> All the best, Tobias
>
>
>
> On 07/05/14 15:29, Josh Sokol wrote:
>
>   Board,
>
>  Lately, we've seen a number of different issues relating to things like
> empowerment (or lack thereof), confusion over roles, etc.  We've received
> feedback from a number of different individuals as to what they believe
> should be the case, but I don't want this to be a case where the loudest
> person is the one who wins.  Thus, I would like to propose that we survey
> the OWASP community for feedback as to what roles we want the various OWASP
> stakeholders to play in our decision-making process.
>
>  In my management training at National Instruments, they coached us on a
> model that I think could be very useful to hash this out.  The model is
> called "RAPID" and this site has a great description of what it means:
>
>
> http://www.bridgespan.org/Publications-and-Tools/Organizational-Effectiveness/RAPID-Decision-Making.aspx#.U2o_4ceGOG4
>
>  To summarize, there are 5 roles in the decision making process:
>
>    1. Recommend
>    2. Approve
>    3. Perform
>    4. Input
>    5. Decide
>
> What I'd like to do is inquire with the community in each area of OWASP,
> what they feel should be the role of the Board, the ED, the staff, the
> leaders, the community at large, and maybe even vendors.  We can apply this
> methodology to just about any area of the OWASP Foundation.  Things like
> Chapter Leadership, Project Management, Governance, Conferences, Bylaws,
> etc.  So, for example:
>
>> In regards to making amendments to the OWASP Foundation Bylaws, what do
>> you believe should be the roles of the following:
>>
>> OWASP Board
>>
>> OWASP Executive Director
>>
>> OWASP Staff
>>
>> OWASP Leaders
>>
>> OWASP Global Community
>>
>> OWASP Sponsors
>>
>> The Global Community
>>
> I would hope that, if done right, the result of this type of survey would
> be a pretty clear consensus as to what roles our various stakeholders play
> in each process.  No more guess-work.  I'm curious as to how others would
> feel about adopting this model?
>
> ~josh
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140509/5d02229f/attachment.html>


More information about the Owasp-board mailing list