<div dir="ltr">As long as your role is clear in this process, including no influence in who reviews your projectsūüėú<div><br></div><div>cheers</div><div><br></div><div>Johanna</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 2, 2015 at 4:09 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Johanna,<br>
    <br>
    Transparency wins here. :) Claudia is leading this process and asked
    me to help. I am super happy to do so. Everyone is invited; the
    invite is on the OWASP global calendar. The discussions will all
    continue on public on the project list. When you were lead you asked
    me questions and asked me for feedback on many occasions - I'd like
    to offer that same help to Claudia since I've been around OWASP
    projects for many years.<br>
    <br>
    The line I draw is that while I am happy to help comment on the
    review process, I do not actually do any reviews because I am a
    project leader of several projects.<br>
    <br>
    Does that line seem reasonable, Johanna?<span class=""><br>
    <br>
    Aloha,<br>
    <pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a href="https://www.owasp.org" target="_blank">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
    <br>
    </span><div><div class="h5"><div>On 9/2/15 10:03 AM, johanna curiel
      curiel wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Jim
        <div><br>
        </div>
        <div>Improvements are always possible.</div>
        <div><br>
        </div>
        <div>You are a member of the board and are leading many
          projects.¬†</div>
        <div><br>
        </div>
        <div>Conflict of interest is at high stake in this position.
          That is a ticklish zone.</div>
        <div><br>
        </div>
        <div>cheers</div>
        <div><br>
        </div>
        <div>Johanna</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Sep 2, 2015 at 3:31 PM, Jim
          Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"><span> > I
                hope you understand that we did try many things for
                automation.<br>
                <br>
              </span> Of course! Life is an evolution. We're going to
              keep working on it! :)<span><br>
                <br>
                > In Openduck all projects are registered and have a
                'review this project' form where you can provide a start
                and comments. We tried that approach.We made google
                forms, we made google sheets, we built simple ¬†criteria.
                <br>
                <br>
              </span> This is all great, I'm a big fan of openduck.
              We're likely going to keep using it. And we will also put
              some fresh eyes on it to see if we can improve.<span><br>
                <br>
                > A JIRA donated with the help of Norman Yuen to
                create tasks and follow ups, Jonathan Johnson who setup
                a server with automated builds, the SWAMP to built
                projects ...We did try automation and a lot. <br>
                <br>
              </span> Great stuff! :)<span><br>
                <br>
                > Before you go and attempt a new thing lets share
                experience and not repeat ¬†same approaches.<br>
                <br>
              </span> Johanna, don't worry we're all professionals. Good
              folks will be looking at this. We certainly do not want to
              re-do things that do not need to be re-done.<span><br>
                <br>
                > I hope you understand that after spending 2 years
                in reviews the main problem in my opinion based on my
                experience, is getting the right people to spend time to
                review. <br>
                <br>
              </span> I understand that issue. I hope to find a more
              streamlined way to on-board reviewers for one or two
              reviews. I have a knack for getting folks involved. :)
              We're on it.<br>
              <br>
              > Is just not simple.<br>
              <br>
              Hahaha! Nothing is simple at OWASP, I agree!<span><br>
                <br>
                > Open source security projects are not simple to
                test or use <b>this part cannot be automated</b>. If
                you are not a developer with some security background
                ¬†you cannot even test more than half of them. Every
                project has there way to build and install.<br>
                <br>
              </span> Well said, I agree.<span><br>
                <br>
                > The automation is already there for handling the
                review once is done.<br>
                <br>
              </span> I hear you. We've set a meeting to review
              everything in place and posted that to the project review
              list. There might be some things we can improve, maybe
              not.<span><br>
                <br>
                > We must create incentives for people to go and
                review. People that have the knowledge capable of
                reviewing. Example : If you are not a (Java)developer
                how can you test and review CRSFGuard, Dependency,
                Appsensor? HTML sanitiser?¬† If you are not a .NET
                developer how can you use webgoat.NET or O2 project?<br>
                <br>
              </span> I agree, that is something that we plan to
              discuss.<span><br>
                <br>
                >¬† I hope you get my point.<br>
                <br>
              </span> Completely. As OWASP volunteers step away from
              important initiatives, that is ok! That is part of the
              flow of OWASP. But as some step away, others will step in
              and take over and try to continue that work. I hope you
              are ok with that and you get my points here that we are
              going to try to make improvements where we can and take
              this seriously!<br>
              <br>
              And Johanna, again, you did amazing work. There are a few
              areas I think can be improved, but I was always hesitant
              to dive into project review that much because I did not
              want to be a board member who was interfering with your
              work. <br>
              <br>
              I respect that fact that you want to step away. There are
              tons of other things to do at OWASP that would make your
              happier. I can tell by your email the last month or two
              that you are unhappy with OWASP and that certainly effects
              me. I take everything regarding OWASP very personally,
              especially from super active volunteers like yourself.<br>
              <br>
              So when you say, I plan to step away this time, I think
              you really mean it. Since I'm the board liaison for
              projects, I'm going to step in and help Claudia keep this
              ship sailing. The only thing that is constant is change
              and the way reviews are done will certainly change in some
              ways as a different crew take over. I hope that is ok with
              you. It's just the natural progression of things and no
              disrespect is meant.<br>
              <br>
              Aloha,<br>
              Jim Manico
              <div>
                <div><br>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div><br>
                      </div>
                      <div>And yes I do appreciated all the support you
                        have personally given me and the Curacao
                        community. It has been a great OWASP push from
                        you for caribbean region .</div>
                      <div><br>
                      </div>
                      <div>Cheers and Aloha</div>
                      <div><br>
                      </div>
                      <div>Johanna</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Wed, Sep 2, 2015 at
                        2:52 PM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank"></a><a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div dir="auto">
                            <div>Johanna,</div>
                            <div><br>
                            </div>
                            <div>I want you to know that your work is
                              going to continue. We're looking to
                              automate more of the review process, we
                              going to onboard new reviewers carefully
                              and also take a second look at the
                              processes in place. I hope this is a good
                              thing in your mind. I personally think
                              it's a very important part of the
                              foundation and I've thanked you more times
                              than I can count.</div>
                            <div><br>
                            </div>
                            <div>I even flew to your home island to give
                              you your WASPY award in person. Don you
                              know why I did that? No it was not for
                              vacation, I live on a vacation island
                              already. ;) I flew to Curacao because I
                              believe in what you are doing and wanted
                              to thank you in person.</div>
                            <div><br>
                            </div>
                            <div>Project reviews and projects in general
                              are very important to the foundation and I
                              plan to assist Claudia and staff as they
                              see fit to keep the review party going.</div>
                            <div><br>
                            </div>
                            <div>I would not be able to even say that if
                              it were not for the massive efforts from
                              you over the past few years. Thank you!</div>
                            <div><br>
                              Aloha,<br>
                              <div>--</div>
                              <div>Jim Manico</div>
                              <div>
                                <div>
                                  <div style="word-wrap:break-word">
                                    <div><span style="background-color:rgba(255,255,255,0)">Global

                                        Board Member</span></div>
                                    <span style="background-color:rgba(255,255,255,0)">OWASP

                                      Foundation</span>
                                    <div><a href="https://www.owasp.org/" style="background-color:rgba(255,255,255,0)" target="_blank"><font color="#000000">https://www.owasp.org</font></a></div>
                                  </div>
                                </div>
                                <div><span style="background-color:rgba(255,255,255,0)">Join

                                    me at¬†<a href="http://appsecusa.org/" target="_blank">AppSecUSA</a>¬†2015!</span></div>
                              </div>
                            </div>
                            <div>
                              <div>
                                <div><br>
                                  On Sep 2, 2015, at 8:41 AM, Josh Sokol
                                  <<a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>

                                  wrote:<br>
                                  <br>
                                </div>
                                <blockquote type="cite">
                                  <div>
                                    <div dir="ltr">
                                      <div>
                                        <div>Johanna,<br>
                                          <br>
                                        </div>
                                        You have both my attention and
                                        my support with this initiative
                                        and I agree that it's, at least
                                        at this point in time, a far
                                        better use of our time than in
                                        trying to wrangle with project
                                        reviews and whatnot.¬† You did a
                                        fantastic job with those for a
                                        very long time and with little
                                        recognition for it, though I do
                                        think you won a WASPY for it,
                                        didn't you?¬† At least that's
                                        something.¬† In any case, let's
                                        figure out how to build those
                                        stairs to reach those bananas.¬†
                                        If it requires changing some
                                        policies to make funds more
                                        accessible, then I can
                                        definitely help to push those
                                        changes.¬† What policies
                                        currently stand in your way (ie.
                                        what is the rationale for being
                                        told "no")?¬† What new policies
                                        would be reasonable.¬† What is a
                                        reasonable approach to making
                                        sure that limited funds are
                                        spent on the things that matter
                                        most and in alignment with the
                                        OWASP mission?<br>
                                        <br>
                                      </div>
                                      ~josh<br>
                                    </div>
                                    <div class="gmail_extra"><br>
                                      <div class="gmail_quote">On Wed,
                                        Sep 2, 2015 at 12:05 PM, johanna
                                        curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
                                        wrote:<br>
                                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                          <div dir="ltr">
                                            <div><span style="font-size:13px">>I

                                                certainly cannot speak
                                                for all Projects, but
                                                every time I tried to
                                                get the things I needed
                                                for a project, I got
                                                either a deny or a big
                                                silence. so the first
                                                thing needed is, if
                                                there is money
                                                available, more
                                                communication and an
                                                easy way to get to
                                                it[....]¬†</span><span style="font-size:13px">In
                                                summary, my experience
                                                in getting money or
                                                support for OWASP
                                                projects is bad. IMHO,
                                                this is why so many
                                                projects die.</span></div>
                                            <div><span style="font-size:13px">[...]</span><span style="font-size:13px">And
                                                lastly, I did not
                                                compare Chapters and
                                                Projects. I did compare
                                                the treatment that they
                                                get from OWASP.</span></div>
                                            <div><br>
                                            </div>
                                            <div>You are not the only
                                              one with the same issues.
                                              I have the same experience
                                              too and as also many
                                              others.¬†</div>
                                            <div><br>
                                            </div>
                                            <div>Let's accept that we
                                              have a problem and no, I
                                              don't blame the Board for
                                              that, but I'm asking your
                                              attention and we have to
                                              admit that we need to work
                                              on this. And the person
                                              asking your attention is a
                                              volunteer who has
                                              dedicated her time the
                                              last 3 years trying to
                                              improve a system and
                                              contributing in multiple
                                              activities, I think I
                                              deserve a small
                                              acknowledgement for that.</div>
                                            <div><br>
                                            </div>
                                            <div>This is part of the
                                              evolution OWASP is having
                                              from small to bigger
                                              organisation. A natural
                                              process. From US to
                                              Global.<br>
                                              <div><span style="font-size:13px"><br>
                                                </span></div>
                                              <div>What I mean with a
                                                good platform in place
                                                is more than money in
                                                the community fund.¬†</div>
                                              <div><br>
                                              </div>
                                              <div>That money ¬†feels
                                                like a banana hanging
                                                too high to reach and no
                                                stairs to reach it for
                                                project leaders.</div>
                                              <div><br>
                                              </div>
                                              <div>Platform means
                                                communication, managing
                                                resources , support and
                                                much more. And money
                                                helps but a good plan is
                                                necessary.</div>
                                            </div>
                                            <div><br>
                                            </div>
                                            <div>It means having the
                                              stair (the platform) to
                                              make available those
                                              funds, so they become
                                              available.</div>
                                            <div><br>
                                            </div>
                                            <div>And I know that the
                                              problem is we have not
                                              work on creating the
                                              'stair'.¬†</div>
                                            <div><br>
                                            </div>
                                            <div>This is where I want to
                                              dedicate my efforts so I
                                              will submit to form a
                                              committee to create the
                                              stair for better
                                              development of OWASP
                                              projects. I care about
                                              them, I use them I want to
                                              see fair opportunities for
                                              everyone.</div>
                                            <div><br>
                                            </div>
                                          </div>
                                          <div>
                                            <div>
                                              <div class="gmail_extra"><br>
                                                <div class="gmail_quote">On
                                                  Wed, Sep 2, 2015 at
                                                  11:42 AM, Lucas
                                                  Ferreira <span dir="ltr"><<a href="mailto:lucas.ferreira@owasp.org" target="_blank"></a><a href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>></span>
                                                  wrote:<br>
                                                  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                    <div dir="ltr">Josh,<br>
                                                      <br>
                                                      I certainly cannot
                                                      speak for all
                                                      Projects, but
                                                      every time I tried
                                                      to get the things
                                                      I needed for a
                                                      project, I got
                                                      either a deny or a
                                                      big silence. so
                                                      the first thing
                                                      needed is, if
                                                      there is money
                                                      available, more
                                                      communication and
                                                      an easy way to get
                                                      to it.<br>
                                                      <br>
                                                      I will put here my
                                                      experience. Others
                                                      can say if they
                                                      face similar
                                                      issues or not.<br>
                                                      <br>
                                                      First, as part of
                                                      the <a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_Brasil_Manifesto" target="_blank">https://www.owasp.org/index.php/OWASP_Brasil_Manifesto</a>,
                                                      I tried to get
                                                      money to pay for a
                                                      professional
                                                      public relations
                                                      person/company to
                                                      help us promote
                                                      the manifesto to
                                                      the Brazilian
                                                      congress. I learnt
                                                      the hard way (from
                                                      organizing AppSec
                                                      conferences) that
                                                      a good PR person
                                                      can make a real
                                                      difference. At the
                                                      time, I asked for
                                                      USD 2600 to pay
                                                      the PR but could
                                                      not get the money.<br>
                                                      <br>
                                                      Second, as part of
                                                      <a href="https://www.owasp.org/index.php/OWASP_File_Hash_Repository" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_File_Hash_Repository" target="_blank">https://www.owasp.org/index.php/OWASP_File_Hash_Repository</a>,
                                                      I needed a server
                                                      to use to deploy
                                                      the initial code
                                                      and help
                                                      collecting data. I
                                                      also needed a DNS
                                                      entry. I ended up
                                                      paying for the VM
                                                      myself and used my
                                                      own private domain
                                                      for the DNS
                                                      because I could
                                                      not get it from
                                                      OWASP.
                                                      <div><br>
                                                      </div>
                                                      <div>Lastly, as
                                                        part of¬†<a href="https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project" target="_blank"></a><a href="https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project" target="_blank">https://www.owasp.org/index.php/OWASP_Portuguese_Language_Project</a>,
                                                        we tried to get
                                                        money to hire
                                                        translators and
                                                        professional
                                                        writers to work
                                                        with the more
                                                        tech oriented
                                                        volunteers with
                                                        no luck.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>In summary,
                                                        my experience in
                                                        getting money or
                                                        support for
                                                        OWASP projects
                                                        is bad. IMHO,
                                                        this is why so
                                                        many projects
                                                        die.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>And just to
                                                        be sure, unlike
                                                        Johanna, I think
                                                        money is a big
                                                        issue as it
                                                        could be used to
                                                        remove some of
                                                        the load from
                                                        volunteers. An
                                                        example is the
                                                        translation
                                                        projects: we
                                                        could leverage
                                                        the knowledge of
                                                        our network of
                                                        volunteers,
                                                        without
                                                        requiring them
                                                        to do all the
                                                        work, by relying
                                                        on professional
                                                        services. So,
                                                        the issue is to
                                                        have money to
                                                        buy the services
                                                        needed by the
                                                        projects, from
                                                        VMs to
                                                        professional
                                                        services.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>And lastly, I
                                                        did not compare
                                                        Chapters and
                                                        Projects. I did
                                                        compare the
                                                        treatment that
                                                        they get from
                                                        OWASP.</div>
                                                      <div><br>
                                                      </div>
                                                      <div>Regards,</div>
                                                      <div><br>
                                                      </div>
                                                      <div>Lucas
                                                        <div>
                                                          <div><br>
                                                          <br>
                                                          <div class="gmail_quote">
                                                          <div dir="ltr">On
                                                          Wed, Sep 2,
                                                          2015 at 5:06
                                                          PM Josh Sokol
                                                          <<a href="mailto:josh.sokol@owasp.org" target="_blank"></a><a href="mailto:josh.sokol@owasp.org" target="_blank">josh.sokol@owasp.org</a>>

                                                          wrote:<br>
                                                          </div>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div dir="ltr">
                                                          <div>
                                                          <div>I believe
                                                          Johanna said
                                                          "It's not
                                                          about money".¬†
                                                          Every time I
                                                          hear someone
                                                          say that it
                                                          is, I cringe a
                                                          little because
                                                          I know that we
                                                          allocated
                                                          $50,000 in
                                                          Community
                                                          Engagement
                                                          Funding this
                                                          year to
                                                          projects alone
                                                          and have
                                                          $15,650 of
                                                          that remaining
                                                          (<a href="https://owasp.org/index.php/Community_Engagement_-_Payments" target="_blank"></a><a href="https://owasp.org/index.php/Community_Engagement_-_Payments" target="_blank">https://owasp.org/index.php/Community_Engagement_-_Payments</a>).¬†

                                                          I also know
                                                          that if
                                                          there's a need
                                                          that goes
                                                          beyond what is
                                                          budgeted, we
                                                          have ways to
                                                          make that
                                                          happen outside
                                                          of this
                                                          channel.¬† For
                                                          example, when
                                                          Dinis asked
                                                          for $100,000
                                                          for a Project
                                                          Summit, we
                                                          said "Give us
                                                          a plan and
                                                          we'll
                                                          discuss."¬† <br>
                                                          <br>
                                                          I also cringe
                                                          when I hear
                                                          people compare
                                                          the Projects
                                                          to the
                                                          Chapters or
                                                          vice versa.¬†
                                                          They are both
                                                          unique and
                                                          important to
                                                          OWASP.¬† Both
                                                          have needs
                                                          that we need
                                                          to satisfy.¬†
                                                          Chapters have
                                                          historically
                                                          been more
                                                          successful in
                                                          fundraising
                                                          because of the
                                                          large volume
                                                          of people
                                                          involved with
                                                          them, but that
                                                          doesn't make
                                                          them better or
                                                          worse.¬† Just
                                                          different.¬†
                                                          Let's be
                                                          honest, the
                                                          Chapter model
                                                          of fundraising
                                                          doesn't really
                                                          work for
                                                          Projects.¬†
                                                          That's ok...we
                                                          just need to
                                                          find other
                                                          ways.¬† <br>
                                                          <br>
                                                          </div>
                                                          So, let's
                                                          assume that
                                                          money is not
                                                          an issue.¬†
                                                          What are the
                                                          needs that our
                                                          Projects have
                                                          that OWASP is
                                                          not currently
                                                          fulfilling.¬† I
                                                          don't claim to
                                                          be an expert
                                                          on Projects.¬†
                                                          I don't
                                                          routinely work
                                                          with them and
                                                          the one
                                                          project that I
                                                          tried to start
                                                          at OWASP died
                                                          a very quick
                                                          death.¬† It was
                                                          an issue with
                                                          time and
                                                          volunteerism,
                                                          though, and
                                                          had nothing to
                                                          do with the
                                                          OWASP
                                                          platform.¬† I
                                                          understand and
                                                          agree that
                                                          it's not about
                                                          things you can
                                                          get for free
                                                          like GitHub or
                                                          wiki pages.¬†
                                                          So, what is
                                                          it?¬† What do
                                                          you need?¬† We
                                                          have an
                                                          in-house
                                                          graphic
                                                          designer.¬† We
                                                          have companies
                                                          that we work
                                                          with for
                                                          publishing.¬†
                                                          We hired a
                                                          full-time
                                                          person to help
                                                          with
                                                          projects.¬† If
                                                          there are
                                                          needs that
                                                          aren't being
                                                          met here, then
                                                          what are
                                                          they?¬† What
                                                          can OWASP do
                                                          to make
                                                          Projects more
                                                          successful?¬† <br>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          <div dir="ltr">~josh<br>
                                                          </div>
                                                          <div class="gmail_extra"><br>
                                                          <div class="gmail_quote">On

                                                          Wed, Sep 2,
                                                          2015 at 9:39
                                                          AM, Lucas
                                                          Ferreira <span dir="ltr"><<a href="mailto:lucas.ferreira@owasp.org" target="_blank"></a><a href="mailto:lucas.ferreira@owasp.org" target="_blank">lucas.ferreira@owasp.org</a>></span>
                                                          wrote:<br>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div dir="ltr">Dear

                                                          Johanna,<span>
                                                          <div><br>
                                                          </div>
                                                          <div>it is
                                                          very sad that
                                                          you are
                                                          stepping down,
                                                          but you nailed
                                                          it when you
                                                          said:</div>
                                                          <div><br>
                                                          </div>
                                                          <div>"<span style="line-height:1.5">I
                                                          hope that in
                                                          the future
                                                          there is a
                                                          clear
                                                          perspective
                                                          how to help
                                                          projects
                                                          develop
                                                          better. So far
                                                          I have not
                                                          seen major
                                                          initiatives
                                                          directed on
                                                          improving a
                                                          platform. A
                                                          platform is
                                                          not a wiki
                                                          page, not a
                                                          github
                                                          account, these
                                                          things are
                                                          already free
                                                          without OWASP
                                                          support."</span></div>
                                                          <div><span style="line-height:1.5"><br>
                                                          </span></div>
                                                          </span>
                                                          <div><span style="line-height:1.5">For

                                                          a long time
                                                          already, I
                                                          have the same
                                                          feeling that
                                                          OWASP is
                                                          always
                                                          discussing
                                                          about chapters
                                                          and their bank
                                                          accounts and
                                                          never about
                                                          projects. I
                                                          just hope one
                                                          day OWASP will
                                                          be able to see
                                                          that projects
                                                          are what makes
                                                          OWASP known
                                                          and respected.</span></div>
                                                          <div><span style="line-height:1.5"><br>
                                                          </span></div>
                                                          <div>I have
                                                          talked to a
                                                          few leaders of
                                                          open-source
                                                          projects about
                                                          bringing their
                                                          projects to
                                                          OWASP and, in
                                                          the end, the
                                                          feeling is
                                                          that all they
                                                          would get is
                                                          the ability to
                                                          benefit from
                                                          the OWASP
                                                          "brand". We
                                                          should offer
                                                          project
                                                          leaders more
                                                          than the
                                                          opportunity to
                                                          beg chapters
                                                          for money.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards
                                                          and good luck,</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Lucas</div>
                                                          </div>
                                                          <br>
                                                          <div class="gmail_quote">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">On

                                                          Wed, Sep 2,
                                                          2015 at 4:19
                                                          PM johanna
                                                          curiel curiel
                                                          <<a href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>>

                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">Members

                                                          of the board ,
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          decided to
                                                          step down from
                                                          the project
                                                          reviews
                                                          activities.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          been doing
                                                          continues
                                                          reviews the
                                                          last 2 years,
                                                          especially the
                                                          last year I
                                                          was quite
                                                          involved in a
                                                          major clean up
                                                          in the project
                                                          inventory,
                                                          together with
                                                          other members
                                                          that
                                                          participated
                                                          in and on/off
                                                          basis.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>That does
                                                          not mean I'll
                                                          step down from
                                                          every activity
                                                          I have been
                                                          working on the
                                                          last years at
                                                          OWASP. Indeed,
                                                          now I'll focus
                                                          my attention
                                                          in those
                                                          activities
                                                          that I feel
                                                          have provided
                                                          me with higher
                                                          level of
                                                          reward and a
                                                          grateful
                                                          feeling.¬†</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Unfortunately,

                                                          ¬†I cannot say
                                                          the same for
                                                          reviewing
                                                          projects. The
                                                          greatest
                                                          reward I had
                                                          from that
                                                          activity is
                                                          what I learned
                                                          from many
                                                          project for
                                                          the last 2
                                                          years, not
                                                          just looking,
                                                          but download ,
                                                          testing and
                                                          using them and
                                                          volunteering
                                                          on their
                                                          activities.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>¬†It is a
                                                          ticklish
                                                          activity that
                                                          have provided
                                                          me very little
                                                          satisfaction
                                                          but
                                                          disappointment.
                                                          Never seems to
                                                          be enough even
                                                          when people
                                                          have little
                                                          idea how much
                                                          time is needed
                                                          to use an open
                                                          source project
                                                          , let alone
                                                          understand it.
                                                          I'm a
                                                          volunteer ,
                                                          not an OWASP
                                                          employee. Lets
                                                          clarify that
                                                          for people
                                                          that might
                                                          read this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I think
                                                          Claudia ¬†, as
                                                          her
                                                          predecessor,
                                                          Kait-Disney
                                                          did, can
                                                          surely help
                                                          maintain
                                                          inactive/active
                                                          projects
                                                          monitoring.
                                                          Another
                                                          ticklish
                                                          activity that
                                                          we hear many
                                                          complains
                                                          regarding
                                                          inactive
                                                          projects
                                                          wanted to keep
                                                          alive.
                                                          Political
                                                          driven
                                                          necessities to
                                                          have wiki
                                                          pages of empty
                                                          projects,
                                                          thats what we
                                                          finished and
                                                          hope you can
                                                          continue for
                                                          the sake of
                                                          users.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>The
                                                          actual
                                                          situation is
                                                          that Project
                                                          leaders are
                                                          definitely on
                                                          their own, and
                                                          they should
                                                          understand
                                                          that: when it
                                                          comes to
                                                          having a
                                                          platform at
                                                          OWASP for
                                                          developing
                                                          projects, they
                                                          have very
                                                          little support
                                                          on this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>It's not
                                                          about money,
                                                          is about a
                                                          platform, a
                                                          process and a
                                                          way to be able
                                                          to make a
                                                          project a
                                                          reality no
                                                          matter if you
                                                          are in India,
                                                          Pakistan, or
                                                          Africa. The
                                                          inequality
                                                          between these
                                                          worlds is very
                                                          obvious when
                                                          we look at
                                                          ¬†projects in
                                                          US or EU
                                                          compare to
                                                          'developing
                                                          countries'.
                                                          Big security
                                                          companies are
                                                          not behind
                                                          these leaders
                                                          ¬†to support
                                                          them with time
                                                          or resources.¬†<br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>I hope
                                                          that in the
                                                          future there
                                                          is a clear
                                                          perspective
                                                          how to help
                                                          projects
                                                          develop
                                                          better. So far
                                                          I have not
                                                          seen major
                                                          initiatives
                                                          directed on
                                                          improving a
                                                          platform. A
                                                          platform is
                                                          not a wiki
                                                          page, not a
                                                          github
                                                          account, these
                                                          things are
                                                          already free
                                                          without OWASP
                                                          support.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I think
                                                          people hoping
                                                          to secure
                                                          their web
                                                          applications
                                                          using OWASP
                                                          tools, can
                                                          have better
                                                          ways for doing
                                                          it if more
                                                          energy is
                                                          directed
                                                          towards
                                                          supporting a
                                                          better
                                                          structure for
                                                          developing
                                                          OWASP
                                                          projects.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>This is
                                                          where my
                                                          energy will be
                                                          from now on.
                                                          Hopefully with
                                                          the right
                                                          support.</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Johanna</div>
                                                          </div>
                                                          </div>
                                                          </div>
_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a href="mailto:Governance@lists.owasp.org" target="_blank"></a><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a><br>
                                                          <a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank"></a><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
_______________________________________________<br>
                                                          Governance
                                                          mailing list<br>
                                                          <a href="mailto:Governance@lists.owasp.org" target="_blank"></a><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a><br>
                                                          <a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank"></a><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          </div>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </blockquote>
                                                </div>
                                                <br>
                                              </div>
                                            </div>
                                          </div>
                                        </blockquote>
                                      </div>
                                      <br>
                                    </div>
                                  </div>
                                </blockquote>
                                <blockquote type="cite">
                                  <div><span>_______________________________________________</span><br>
                                    <span>Governance mailing list</span><br>
                                    <span><a href="mailto:Governance@lists.owasp.org" target="_blank">Governance@lists.owasp.org</a></span><br>
                                    <span><a href="https://lists.owasp.org/mailman/listinfo/governance" target="_blank">https://lists.owasp.org/mailman/listinfo/governance</a></span><br>
                                  </div>
                                </blockquote>
                              </div>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                  </blockquote>
                  <br>
                  <pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a href="https://www.owasp.org" target="_blank">https://www.owasp.org</a>
Join me at AppSecUSA 2015!</pre>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>