[Owasp-board] [Governance] Stepping down from Project Reviews

Josh Sokol josh.sokol at owasp.org
Wed Sep 2 15:06:49 UTC 2015

I believe Johanna said "It's not about money".  Every time I hear someone
say that it is, I cringe a little because I know that we allocated $50,000
in Community Engagement Funding this year to projects alone and have
$15,650 of that remaining (
https://owasp.org/index.php/Community_Engagement_-_Payments).  I also know
that if there's a need that goes beyond what is budgeted, we have ways to
make that happen outside of this channel.  For example, when Dinis asked
for $100,000 for a Project Summit, we said "Give us a plan and we'll

I also cringe when I hear people compare the Projects to the Chapters or
vice versa.  They are both unique and important to OWASP.  Both have needs
that we need to satisfy.  Chapters have historically been more successful
in fundraising because of the large volume of people involved with them,
but that doesn't make them better or worse.  Just different.  Let's be
honest, the Chapter model of fundraising doesn't really work for Projects.
That's ok...we just need to find other ways.

So, let's assume that money is not an issue.  What are the needs that our
Projects have that OWASP is not currently fulfilling.  I don't claim to be
an expert on Projects.  I don't routinely work with them and the one
project that I tried to start at OWASP died a very quick death.  It was an
issue with time and volunteerism, though, and had nothing to do with the
OWASP platform.  I understand and agree that it's not about things you can
get for free like GitHub or wiki pages.  So, what is it?  What do you
need?  We have an in-house graphic designer.  We have companies that we
work with for publishing.  We hired a full-time person to help with
projects.  If there are needs that aren't being met here, then what are
they?  What can OWASP do to make Projects more successful?


On Wed, Sep 2, 2015 at 9:39 AM, Lucas Ferreira <lucas.ferreira at owasp.org>

> Dear Johanna,
> it is very sad that you are stepping down, but you nailed it when you said:
> "I hope that in the future there is a clear perspective how to help
> projects develop better. So far I have not seen major initiatives directed
> on improving a platform. A platform is not a wiki page, not a github
> account, these things are already free without OWASP support."
> For a long time already, I have the same feeling that OWASP is always
> discussing about chapters and their bank accounts and never about projects.
> I just hope one day OWASP will be able to see that projects are what makes
> OWASP known and respected.
> I have talked to a few leaders of open-source projects about bringing
> their projects to OWASP and, in the end, the feeling is that all they would
> get is the ability to benefit from the OWASP "brand". We should offer
> project leaders more than the opportunity to beg chapters for money.
> Regards and good luck,
> Lucas
> On Wed, Sep 2, 2015 at 4:19 PM johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Members of the board ,
>> I have decided to step down from the project reviews activities.
>> I have been doing continues reviews the last 2 years, especially the last
>> year I was quite involved in a major clean up in the project inventory,
>> together with other members that participated in and on/off basis.
>> That does not mean I'll step down from every activity I have been working
>> on the last years at OWASP. Indeed, now I'll focus my attention in those
>> activities that I feel have provided me with higher level of reward and a
>> grateful feeling.
>> Unfortunately,  I cannot say the same for reviewing projects. The
>> greatest reward I had from that activity is what I learned from many
>> project for the last 2 years, not just looking, but download , testing and
>> using them and volunteering on their activities.
>>  It is a ticklish activity that have provided me very little satisfaction
>> but disappointment. Never seems to be enough even when people have little
>> idea how much time is needed to use an open source project , let alone
>> understand it. I'm a volunteer , not an OWASP employee. Lets clarify that
>> for people that might read this.
>> I think Claudia  , as her predecessor, Kait-Disney did, can surely help
>> maintain inactive/active projects monitoring. Another ticklish activity
>> that we hear many complains regarding inactive projects wanted to keep
>> alive. Political driven necessities to have wiki pages of empty projects,
>> thats what we finished and hope you can continue for the sake of users.
>> The actual situation is that Project leaders are definitely on their own,
>> and they should understand that: when it comes to having a platform at
>> OWASP for developing projects, they have very little support on this.
>> It's not about money, is about a platform, a process and a way to be able
>> to make a project a reality no matter if you are in India, Pakistan, or
>> Africa. The inequality between these worlds is very obvious when we look at
>>  projects in US or EU compare to 'developing countries'. Big security
>> companies are not behind these leaders  to support them with time or
>> resources.
>> I hope that in the future there is a clear perspective how to help
>> projects develop better. So far I have not seen major initiatives directed
>> on improving a platform. A platform is not a wiki page, not a github
>> account, these things are already free without OWASP support.
>> I think people hoping to secure their web applications using OWASP tools,
>> can have better ways for doing it if more energy is directed towards
>> supporting a better structure for developing OWASP projects.
>> This is where my energy will be from now on. Hopefully with the right
>> support.
>> Regards
>> Johanna
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150902/b4a5d60a/attachment.html>

More information about the Owasp-board mailing list