<div dir="ltr"><div><div>At a high level, strategic goals are set by the OWASP Board of Directors:<br><br><a href="https://www.owasp.org/index.php/OWASP_Strategic_Goals">https://www.owasp.org/index.php/OWASP_Strategic_Goals</a><br><br></div>The execution of those goals and the metrics/reporting are handled by our Operations Team with a Board Member Sponsor as oversight.<br><br></div>~josh<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 12, 2014 at 2:04 PM, Bev Corwin <span dir="ltr"><<a href="mailto:bev.corwin@owasp.org" target="_blank">bev.corwin@owasp.org</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Jim,<div><br></div><div>Who handles organizational strategy?</div><div><br></div><div>Best wishes,</div><div>Bev</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 12, 2014 at 2:01 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Bev,<br>
    <br>
    The board does indeed set the vision for the organization. But
    project oversight responsibility has been passed to the project
    committee, and overall compliance issues are lead by our ombudsman
    (compliance officer) Martin Knoblock.<br>
    <br>
    Aloha,<br>
    Jim<div><div><br>
    <br>
    <br>
    <div>On 12/11/14 10:28 AM, Bev Corwin wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Thanks Josh, Doesn't the board have "oversight" and
        "compliance" responsibilities to the OWASP Community? Best
        wishes, Bev</div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Thu, Dec 11, 2014 at 12:57 PM, Josh
          Sokol <span dir="ltr"><<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>It's a good point and I've definitely seen examples
                in the past of where a project has made significant
                decisions in a relative bubble before publishing it as
                an "open" document.  Honestly, I think to some extent
                that boils down to the project leadership/management and
                how they choose to run things.  Not that it makes it
                right or wrong.  I do agree with Simon in that this is
                not a Board decision though.  If for some reason people
                felt like project leaders are incapable of doing this,
                or that rules need to be put in place to enforce it,
                then that's something I would look to the Project
                Committee to establish.  <br>
                <span><font color="#888888"><br>
                  </font></span></div>
              <span><font color="#888888">~josh<br>
                </font></span></div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">
                <div>
                  <div>On Thu, Dec 11, 2014 at 11:51 AM, Bev
                    Corwin <span dir="ltr"><<a href="mailto:bev.corwin@owasp.org" target="_blank">bev.corwin@owasp.org</a>></span>
                    wrote:<br>
                  </div>
                </div>
                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div>
                    <div>
                      <div dir="ltr">PS: Your reference was for "free"
                        not "open". Do you have something that would be
                        a good reference for "open"? How about free and
                        open? Thank you!</div>
                      <div>
                        <div>
                          <div class="gmail_extra"><br>
                            <div class="gmail_quote">On Thu, Dec 11,
                              2014 at 12:50 PM, Bev Corwin <span dir="ltr"><<a href="mailto:bev.corwin@owasp.org" target="_blank">bev.corwin@owasp.org</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                <div dir="ltr">Dear Simon,
                                  <div><br>
                                  </div>
                                  <div>Thank you. Good info, very much
                                    appreciate it. Where are you pulling
                                    your assumptions from? Is there a
                                    definition of "open" somewhere that
                                    could be referenced? So many
                                    organizations claim to be "open",
                                    however, very few actually
                                    "manifest" it well. Would be nice to
                                    see some kind of guidelines
                                    somewhere. That would be a board
                                    policy issue to recommend such
                                    things, wouldn't it?</div>
                                  <div><br>
                                  </div>
                                  <div>Best wishes,</div>
                                  <div>Bev</div>
                                  <div><br>
                                  </div>
                                </div>
                                <div>
                                  <div>
                                    <div class="gmail_extra"><br>
                                      <div class="gmail_quote">On Thu,
                                        Dec 11, 2014 at 12:36 PM,
                                        psiinon <span dir="ltr"><<a href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span>
                                        wrote:<br>
                                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                          <div dir="ltr">
                                            <div>
                                              <div>
                                                <div>
                                                  <div>I'm not sure this
                                                    is a board matter,
                                                    although board
                                                    members should
                                                    definitely speak up
                                                    if they disagree :)<br>
                                                  </div>
                                                  I think this is more a
                                                  matter of 'good open
                                                  source
                                                  leadership/management'
                                                  as it applies to all
                                                  open source projects
                                                  and not just OWASP
                                                  ones.<br>
                                                </div>
                                                But its something we can
                                                all learn from each
                                                other and so I think
                                                this list is a good
                                                place to discuss it.<br>
                                                <br>
                                              </div>
                                              Can you explain in a bit
                                              more detail which
                                              project(s) you are
                                              referring to, what stage
                                              they are at and what you
                                              hope to get out of such
                                              consultations?<br>
                                            </div>
                                            I think the approaches for
                                            well established projects
                                            are likely to be very
                                            different from ones that are
                                            just starting out.<br>
                                            <div>
                                              <div><br>
                                                There are online
                                                resources like this
                                                which might help you: <a href="http://producingoss.com/" target="_blank">http://producingoss.com/</a><br>
                                                <br>
                                              </div>
                                              <div>Any others people can
                                                recommend?<br>
                                                <br>
                                                Cheers,<br>
                                                <br>
                                                Simon<br>
                                              </div>
                                            </div>
                                          </div>
                                          <div>
                                            <div>
                                              <div class="gmail_extra"><br>
                                                <div class="gmail_quote">On
                                                  Thu, Dec 11, 2014 at
                                                  5:26 PM, Bev Corwin <span dir="ltr"><<a href="mailto:bev.corwin@owasp.org" target="_blank">bev.corwin@owasp.org</a>></span>
                                                  wrote:<br>
                                                  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                    <div dir="ltr">Thanks
                                                      Simon, Yes, that
                                                      is what I thought
                                                      as well. Has the
                                                      board made
                                                      official
                                                      recommendations
                                                      about these
                                                      things? Are they
                                                      documented
                                                      somewhere? As a
                                                      practice, are
                                                      there any
                                                      guidelines for how
                                                      to best do this in
                                                      the community? Do
                                                      we have a mailing
                                                      list of interested
                                                      public
                                                      contributors that
                                                      we can submit
                                                      requests for
                                                      comments to, etc.?
                                                      Best wishes, Bev</div>
                                                    <div>
                                                      <div>
                                                        <div class="gmail_extra"><br>
                                                          <div class="gmail_quote">On
                                                          Thu, Dec 11,
                                                          2014 at 12:20
                                                          PM, psiinon <span dir="ltr"><<a href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span>
                                                          wrote:<br>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>
                                                          <div>Hi Bev,<br>
                                                          <br>
                                                          </div>
                                                          I'm confused
                                                          :/<br>
                                                          </div>
                                                          All OWASP
                                                          projects are
                                                          open source
                                                          and should
                                                          therefore be
                                                          open for
                                                          public comment
                                                          at all times.<br>
                                                          </div>
                                                          All projects
                                                          must have
                                                          public lists
                                                          that are
                                                          clearly
                                                          discoverable
                                                          via the
                                                          project page.<br>
                                                          </div>
                                                          You can ask
                                                          for specific
                                                          feedback from
                                                          other leaders
                                                          / your users /
                                                          the general
                                                          public at
                                                          specific times
                                                          as well of
                                                          course.<br>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          Cheers,<br>
                                                          <br>
                                                          Simon<br>
                                                          </div>
                                                          <div class="gmail_extra"><br>
                                                          <div class="gmail_quote">
                                                          <div>
                                                          <div>On Thu,
                                                          Dec 11, 2014
                                                          at 5:05 PM,
                                                          Bev Corwin <span dir="ltr"><<a href="mailto:bev.corwin@owasp.org" target="_blank">bev.corwin@owasp.org</a>></span>
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Dear
                                                          OWASP Board
                                                          and Leaders,
                                                          <div><br>
                                                          </div>
                                                          <div>Is it
                                                          possible for
                                                          OWASP projects
                                                          and
                                                          initiatives to
                                                          open up for
                                                          public comment
                                                          at various
                                                          stages in our
                                                          projects and
                                                          initiatives
                                                          development
                                                          processes? Do
                                                          we have any
                                                          board or
                                                          leader level
                                                          recommendations,
                                                          policies /
                                                          best practices
                                                          for this kind
                                                          of thing?</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Best
                                                          wishes,</div>
                                                          <div>Bev</div>
                                                          <div><br>
                                                          </div>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
_______________________________________________<br>
                                                          OWASP-Leaders
                                                          mailing list<br>
                                                          <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                                                          <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <span><font color="#888888"><br>
                                                          <br clear="all">
                                                          <br>
                                                          -- <br>
                                                          <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP ZAP</a>
                                                          Project leader<br>
                                                          </div>
                                                          </font></span></div>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </blockquote>
                                                </div>
                                                <br>
                                                <br clear="all">
                                                <br>
                                                -- <br>
                                                <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP ZAP</a>
                                                  Project leader<br>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                  </div>
                                </div>
                              </blockquote>
                            </div>
                            <br>
                          </div>
                        </div>
                      </div>
                      <br>
                    </div>
                  </div>
                  <span>_______________________________________________<br>
                    Owasp-board mailing list<br>
                    <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
                    <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
                    <br>
                  </span></blockquote>
              </div>
              <br>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div></div>
</div></div></blockquote></div></div>