[Owasp-board] Waspy is it a serious award?

johanna curiel curiel johanna.curiel at owasp.org
Tue Aug 16 16:23:31 UTC 2016


>>Is it your suspicion that people would nominate other people
maliciously?  The WASPYs allow self nomination, that does not violate
the integrity of the award

Really, *self nomination* for a volunteer award? ok I think this is really
funny.

If thats the case my work is done here 😁

On Tue, Aug 16, 2016 at 12:17 PM, Tiffany Long <tiffany.long at owasp.org>
wrote:

> From Eoin
>
> We definitely need  to review the integrity of the nominations and confirm
> with the person who has nominated someone:
>
>    - Is the person who claims it is
>    - The relationship with that person
>    - Or was it an *anonymous nomination*
>
> From Johanna:
>
> I nominated John Lita this year multiple times, I can confirm that. And we
> can go through all the nominations and confirm the identity of those that
> nominated
> If the nomination is 'anonymous' should this even count?
>
> Who nominated a person for an award has no bearing.  Is it
> your suspicion that people would nominate other people maliciously?  The
> WASPYs allow self nomination, that does not violate the integrity of the
> award. A person's relationship to the person they nominate is
> not germane either.   If someone notices a volunteer doing amazing work and
> nominates them, I don't care if they are nominating their wife, brother,
> best friend or a total stranger. There is no way to vet these relationships
> from a global level and nor is it seemly to do so.   In fact, going to such
> a granular level would look like the committee was pointing people out to
> continue a feud. This is not the purpose of OWASP.
>
>
> "Look, if someone in South Africa gets nominated and I live in US I have
> no way of knowing if those claims to win the award are true. In 2014 a
> project was nominated that I though was a complete joke, especially when I
> went and look at that project. So we need a committee to at least confirm
> the identity and claims of nominations and let community vote based on data
> that has been checked."
>
> Did you vote for the project?  If not the system worked.  If so the system
> also worked and that was a choice you made.  Can this be harder to do with
> personal contributions?  Sure.  But you are coming at the award from the
> POV of a security person rather than a good faith Community member.  So far
> the concerns you are raising have not been realized.
>
>  Currently from a Community Management perspective, the two largest
> problems with the WASPYs are leadership buy in and encouraging  members to
> vote outside of their chapters.  That said, the WASPYs still garner more
> reaction from the community than almost any other work we do.  Judging from
> a community involvement perspective and metrics the WASPYs are fine.  They
> could be improved, but I suggest improving them in ways that also improve
> the overall community before we fight problems that do not yet exist.  If
> you have metrics disproving this, please share them, because so far the
> concerns are not based on metrics at all. Like I said, metrics are not the
> be-all (especially if we choose the wrong ones) but from a gestalt
> perspective the adjustments we need to make to the WASPYs are more in the
> realm of perception than the realm of policy.
>
> Making the awards more bureaucratic  is simply not necessary or worth
> staff time right now.   That said, if you can get the community behind it
> you can absolutely start a committee.  I will even help you through the
> steps and write the proposal if you want.  I suggest you wait until a
> couple of weeks after this year's winner is announced in order to not
> besmirch the award winner.
>
>
>
>
> Tiffany Long
> Community Manager
>
> On Tue, Aug 16, 2016 at 2:41 AM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >>We need vetting if the awards mean anything.
>> The award should have some form of prestige and value and it seems this
>> is not the case. Should we at least begin with a survey to get the
>> impressions from the community?
>>
>> We definitely need  to review the integrity of the nominations and
>> confirm with the person who has nominated someone:
>>
>>    - Is the person who claims it is
>>    - The relationship with that person
>>    - Or was it an *anonymous nomination*
>>
>>
>> Look, if someone in South Africa gets nominated and I live in US I have
>> no way of knowing if those claims to win the award are true. In 2014 a
>> project was nominated that I though was a complete joke, especially when I
>> went and look at that project. So we need a committee to at least confirm
>> the identity and claims of nominations and let community vote based on data
>> that has been checked.
>>
>>
>> I agree with you Eoin that we need a way to confirm who is voting for
>> who, like you say, you can indeed nominate yourself (you have bene doing
>> that all these years...I know , confess it! 😜 and none is controlling
>> that, quite awkward for an organisation that is promoting cyber security ;-)
>>
>> >>Self nomination which is evident
>>
>> IS it because you nominated yourself?😁 Seriously I don't like to accuse
>> anyone without proof. But we can at least begin check who did nominate who
>> or was an anonymous nomination? Should anonymous nomination even count?
>>
>> I nominated John Lita this year multiple times, I can confirm that. And
>> we can go through all the nominations and confirm the identity of those
>> that nominated
>> If the nomination is 'anonymous' should this even count?
>>
>> We should investigate these things at least in order to make sure there
>> is integrity in the nomination process.
>>
>>
>>
>> On Tue, Aug 16, 2016 at 3:10 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>>> We need vetting if the awards mean anything.
>>> We can currently nominate a Fictional person and possibly win.
>>> We also need to prevent self nomination which is evident.
>>>
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 16 Aug 2016, at 02:07, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>> >>At this point, low turnout for the WASPY's is more of a symptom of
>>> several other community stressors than it is a condemnation of the WASPY's
>>> themselves.
>>>
>>> Again, as someone that like to analyse data, I think we need data to
>>> support these statements. You can be right but you can be wrong. What data
>>> supports your conclusions?
>>>
>>> >>*Most* confessed that they did not understand what their intended use
>>> was or how to best utilize them for their chapters
>>>
>>> In 2012 the winner got USD1000, an iPad and a trophy.
>>> https://www.owasp.org/index.php/WASPY_Awards_2012
>>>
>>> What do people win actually today these days?
>>>
>>> You want to give a trophy it should really mean something or you should
>>> get some kind of reward that you value, like Helen did back in 2012.
>>>
>>> In my eyes WASPY has become an award that represents no value at all for
>>> those that win it. Even worse when you win it for something that makes no
>>> sense.
>>>
>>> >>The tendency to throw something up and then tear it down in favor of
>>> another thing rather than experiment and tweak is incredibly disorienting
>>> to the community as a whole.
>>>
>>>  We want to improve things not 'tear down' anything. Actually we should
>>> ask ourselves, how can we make this award valuable to those that win it and
>>> how to make it significant for those that nominate volunteers?
>>>
>>> A  survey is needed with at least a representative number of the
>>> community where we can take these conclusions.And then, we can look at the
>>> data and make adjustments based on that.
>>>
>>>  why there is so little motivation to nominate others to win an award?
>>> What is the reason why so few people are been nominated compare to the
>>> amount of volunteers we have?mahy great people have never been nominated,
>>> and so many other volunteers I know.
>>>
>>> Lets remember that the title of this email is '*Waspy :is it a serious
>>> award?'*
>>>
>>> Which I'm afraid that's not the case and the reason why we should get a
>>> representative feedback from the entire *global* community to
>>> understand the issue and try to fix the enormous lack of participation.
>>>
>>>
>>> On Mon, Aug 15, 2016 at 7:29 PM, Tiffany Long <tiffany.long at owasp.org>
>>> wrote:
>>>
>>>> Like I said, the first step would be to engage in an educational
>>>> campaign.  I spoke with several leaders world wide over the course of the
>>>> last 6 weeks about the WASPY awards. Most confessed that they did not
>>>> understand what their intended use was or how to best utilize them for
>>>> their chapters.  Addressing this would be the most effective way to move
>>>> the awards forward.  The tendency to throw something up and then tear it
>>>> down in favor of another thing rather than experiment and tweak is
>>>> incredibly disorienting to the community as a whole.
>>>>
>>>> At this point, low turnout for the WASPY's is more of a symptom of
>>>> several other community stressors than it is a condemnation of the WASPY's
>>>> themselves.  For example, there was 15% turnout for the vote by this time
>>>> last year. While sadly low, that number is still higher than we get
>>>> returned on many of our more existential concerns.  The WASPYs are one of
>>>> the most consistently retweeted and talked about activities.  In the
>>>> context of the rest of the OWASP environment they are doing just fine.
>>>>
>>>> I expect that as we solidify the community more, the WASPYs will have a
>>>> slight decrease or nominal increase in utility next year, followed by
>>>> fairly steady increases reflecting increased community activity.
>>>>
>>>>
>>>>
>>>>
>>>> Tiffany Long
>>>> Community Manager
>>>>
>>>> On Mon, Aug 15, 2016 at 4:09 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> >>In the end, there are a number of challenges to tackle, the WASPY’s
>>>>> need a tweaking, not a complete reconfiguring.
>>>>>
>>>>> I'm sorry to say that I disagree with your statements. I think you
>>>>> need to look deeper at the data and history of these awards before making
>>>>> such conclusions.
>>>>>
>>>>> Last year I was nominated for the 'caribbean region' for things I did
>>>>> at global level, like organise Project summits or review projects, actually
>>>>> nothing to do with my local chapter. WhenI saw that, I almost reacted like
>>>>> Eoin, wanted to take my name off that list, but hey I commented to a board
>>>>> member and decided to just leave it. In the end I never received the award
>>>>> ;-P
>>>>>
>>>>> I asked all people that know me very well : please do not nominate me
>>>>> ever, these awards do not reflect at all the reality of what we do as
>>>>> volunteers.
>>>>>
>>>>> Then this year out of no where there are no regional awards. And even
>>>>> less nominees.
>>>>>
>>>>> Are you sure that this only needs a 'tweaking'?
>>>>>
>>>>> If thats the case let's not waste time with committees.
>>>>>
>>>>>
>>>>> On Mon, Aug 15, 2016 at 6:35 PM, Tiffany Long <tiffany.long at owasp.org>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> Hello Everybody,
>>>>>>
>>>>>> I am excited about this conversation because it gives me a great
>>>>>> opportunity to discuss the WASPY awards and their social function in the
>>>>>> OWASP Community.
>>>>>>
>>>>>> The WASPYs were originally intended to honor all of the invisible
>>>>>> work that goes into running the OWASP community.  The idea is that our
>>>>>> leaders would nominate exceptional volunteers who make the Chapters,
>>>>>> Projects, or Community function and that all of our community could
>>>>>> nominate their peers for work that is not always visible to the masses or
>>>>>> even the leaders.  This type of public acknowledgement has long been known
>>>>>> to keep volunteer organizations energized.  When it functions, this
>>>>>> mechanism performs a couple of important social functions which support
>>>>>> community cohesion.
>>>>>>
>>>>>> The WASPYs are clearly not performing at their best right now, but
>>>>>> they ARE still performing their function.  The most effective ways to help
>>>>>> them perform better are to help promote leadership buy-in as nominators
>>>>>> rather than using the tool as a reward for leadership or ignoring it.  This
>>>>>> is a great tool that every project and chapter leader should be utilizing.
>>>>>>
>>>>>> Let’s discuss the WASPYs as they exist now for example.  Anyone (even
>>>>>> non-members) can nominate a person to win the award which is divided into
>>>>>> to 4 well defined categories.  Every aspect of the award is maintained on
>>>>>> the WASPY page
>>>>>> <https://tracking.cirrusinsight.com/c68f55c3-f18b-48d4-ab9f-dd385b757b4c/owasp-org-index-php-waspy-awards-2016>,
>>>>>> Kelly has done an amazing job of ensuring the transparency of the award on
>>>>>> this page from start to finish. Community members then nominate anyone they
>>>>>> feel meets the criteria by and is required to include a short statement on
>>>>>> why they support their nominee for any particular category.  This blurb is
>>>>>> then what the community is asked to judge on.
>>>>>>
>>>>>> Because the WASPY’s are a good faith endeavor we do not vet the
>>>>>> candidates separately. Additionally the invisible work people put into
>>>>>> OWASP is often impossible to measure through impartial, established
>>>>>> metrics.  Therefore, rather than attempt to unfairly measure the
>>>>>> impossible, we allow the nominators to describe the deeds of the nominees.
>>>>>> This is also why we do not edit (other than the occasional spelling error)
>>>>>> the blurbs. This is the nominator’s chance to sell their candidate and we
>>>>>> do not put restrictions or interfere.
>>>>>>
>>>>>> It is clear that this year their is slightly less participation than
>>>>>> last year, but as a chart of all nominations for the history of the award
>>>>>> will show you, this is not by much.  The figure is even closer when you
>>>>>> take into account that many of the 2015 nominees were submitted in large
>>>>>> groups (this is not reflected in the chart below).
>>>>>> In this case, I would say that the WASPYs are functioning fairly
>>>>>> okay.  They should be tweaked rather than overhauled.  For instance, we
>>>>>> should engage in an education campaign to help our leaders understand how
>>>>>> to best use the WASPYs as a tool.  Perhaps we should think about changing
>>>>>> the reward for the winner.  We should definitely change the way we talk
>>>>>> about them. A second step would be to perhaps clarify why the blurb is
>>>>>> important.  Perhaps we can explore how winners are selected for future
>>>>>> WASPYs.
>>>>>>
>>>>>> In the end, there are a number of challenges to tackle, the WASPY’s
>>>>>> need a tweaking, not a complete reconfiguring.
>>>>>> Best,
>>>>>> Tiffany
>>>>>>
>>>>>> Tiffany Long
>>>>>> Community Manager
>>>>>>
>>>>>> On Mon, Aug 15, 2016 at 1:50 PM, Eoin Keary <eoin.keary at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Ok I'm happy to help.
>>>>>>> Sign me up
>>>>>>>
>>>>>>> Eoin Keary
>>>>>>> OWASP Volunteer
>>>>>>> @eoinkeary
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 15 Aug 2016, at 20:41, johanna curiel curiel <
>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>
>>>>>>> Thank you Josh.
>>>>>>>
>>>>>>> Indeed, lets see if we can setup a committee for this purpose and
>>>>>>> define a better award.
>>>>>>>
>>>>>>> @Eoin: let me know you want to join the committee. I'll see if we
>>>>>>> can set a draft plan/proposal we can discuss with the community ;-)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 15, 2016 at 3:31 PM, Josh Sokol <josh.sokol at owasp.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Personally, I would rather see WASPYs driven by a group of our
>>>>>>>> leaders rather than by the OWASP Board.  This would probably be another
>>>>>>>> great use of the Committees 2.0 framework and it sounds like Johanna and
>>>>>>>> Eoin would be huge assets to such a team.
>>>>>>>>
>>>>>>>> ~josh
>>>>>>>>
>>>>>>>> On Mon, Aug 15, 2016 at 1:55 PM, johanna curiel curiel <
>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>
>>>>>>>>> >>Tiffany can help to make the WASPY results more meaningful.
>>>>>>>>>
>>>>>>>>> We can start by defining what exactly is the WASPY award for:
>>>>>>>>>
>>>>>>>>>    - Create a survey and ask the community how to define and
>>>>>>>>>    award that fits OWASP spirit and ideology
>>>>>>>>>    - Create Clear categories
>>>>>>>>>    - A more transparent nomination and vetting process
>>>>>>>>>
>>>>>>>>> I also think that if only the paid members can nominate & vote,
>>>>>>>>> this does not represent a 'community' vote. This should be discussed.
>>>>>>>>>
>>>>>>>>> It is clear that every year there has been more lack of
>>>>>>>>> participation in the nomination and voting process and every year this
>>>>>>>>> awards gets weird with unpredictable changes between categories and regions.
>>>>>>>>>
>>>>>>>>> Some better instructions should be provided regarding the
>>>>>>>>> conditions for nomination.
>>>>>>>>>
>>>>>>>>> The board should set this item in the agenda to be discussed. My
>>>>>>>>> suggestion is that Tiffany can help define a draft for a better process but
>>>>>>>>> this should definitely be discussed with paying members and the OWASP
>>>>>>>>> community in general. Once there is a clear proposal, then the Board as the
>>>>>>>>> final responsible, should take a decision.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Aug 15, 2016 at 12:12 PM, Josh Sokol <josh.sokol at owasp.org
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> There was a similar thread back in August 2014.  I wrote up my
>>>>>>>>>> thoughts on this topic here:
>>>>>>>>>>
>>>>>>>>>> http://lists.owasp.org/pipermail/owasp-board/2014-August/014
>>>>>>>>>> 474.html
>>>>>>>>>>
>>>>>>>>>> I see contributions from both Eoin and Johanna in that thread as
>>>>>>>>>> well.  Unfortunately, I don't think anything has changed at this point, but
>>>>>>>>>> hopefully Tiffany can help to make the WASPY results more meaningful.
>>>>>>>>>>
>>>>>>>>>> ~josh
>>>>>>>>>>
>>>>>>>>>> On Sun, Aug 14, 2016 at 2:25 PM, johanna curiel curiel <
>>>>>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Eoin: Did you get the 'physical' award last year?' I wasn't in
>>>>>>>>>>> appsec us so I was awaiting to being sent.
>>>>>>>>>>>
>>>>>>>>>>> Mine never arrived😁😭
>>>>>>>>>>>
>>>>>>>>>>> And, apart from a physical award, what else do people actually
>>>>>>>>>>> win?
>>>>>>>>>>>
>>>>>>>>>>> Vetting process... is there something wrong with the description
>>>>>>>>>>> for those categories?
>>>>>>>>>>> Who is making the clear decisions regarding this vetting process
>>>>>>>>>>> or better said: is there even a process?
>>>>>>>>>>>
>>>>>>>>>>> For those people nominated multiple times I see that the
>>>>>>>>>>> description provided quite fits the category and reason for nomination.
>>>>>>>>>>> last year was worse, some people description and reason was
>>>>>>>>>>> empty.😬
>>>>>>>>>>>
>>>>>>>>>>> And btw this year, don't we have 'per region' awards?
>>>>>>>>>>> Why are things change from one moment to another without being
>>>>>>>>>>> discussed at all with the community or at least the paying members who are
>>>>>>>>>>> the only ones that can actually vote...?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Sun, Aug 14, 2016 at 8:21 AM, Eoin Keary <
>>>>>>>>>>> eoin.keary at owasp.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Folks I won this last year and have been nominated this year
>>>>>>>>>>>> "good for me" but the quality of the nominations, is it vetted at all??
>>>>>>>>>>>>
>>>>>>>>>>>> I'm happy to be removed from the nominees list btw this is not
>>>>>>>>>>>> any scheme, or ploy etc..
>>>>>>>>>>>>
>>>>>>>>>>>> Some people have been nominated for various things but have the
>>>>>>>>>>>> claims been verified by 1/2 third parties?
>>>>>>>>>>>>
>>>>>>>>>>>> Some nominations are "cut and paste" for all categories?
>>>>>>>>>>>> Seriously? Yes!
>>>>>>>>>>>> Different catagories but the same text for each?? Make sense?
>>>>>>>>>>>> I could technically nominate a fictional person I bet with no
>>>>>>>>>>>> problems :)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Just curious about the vetting process, is all.
>>>>>>>>>>>> (Assuming this email shall be ignored 😀)
>>>>>>>>>>>>
>>>>>>>>>>>> All the best!!
>>>>>>>>>>>>
>>>>>>>>>>>> Eoin
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Eoin Keary
>>>>>>>>>>>> OWASP Volunteer
>>>>>>>>>>>> @eoinkeary
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Johanna Curiel
>>>>>>>>>>> OWASP Volunteer
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Owasp-board mailing list
>>>>>>>>>>> Owasp-board at lists.owasp.org
>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Johanna Curiel
>>>>>>>>> OWASP Volunteer
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Johanna Curiel
>>>>>>> OWASP Volunteer
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Johanna Curiel
>>>>> OWASP Volunteer
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160816/65823ae1/attachment-0001.html>


More information about the Owasp-board mailing list