<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Alcon;</div><div><br></div><div>The task force has (1) employee and (2) currently is that accurate?</div><div><br></div><div><a href="https://www.owasp.org/index.php/Task_Force/OWASP_Projects">https://www.owasp.org/index.php/Task_Force/OWASP_Projects</a></div><div><br></div><div>Would be fantastic to have a regional task force people in North America, South America, EMEA and APAC making up this global task force and a excellent opportunity to appoint and deputize active leaders</div><div><br></div><div>Looking at the project guidelines page this still allows by written policy "empty projects".  So for future, change the policy fix the issue.</div><div><br></div><div><a href="https://www.owasp.org/index.php/Guidelines_for_OWASP_Projects">https://www.owasp.org/index.php/Guidelines_for_OWASP_Projects</a></div><div><br></div><div>Then for past projects that are identified  award them a incubator type project and they have xx to comply with new project guidelines or project is archived as a "concept" that new had the pre req to be incubator stage.</div><div><br></div><div>Just a suggestion to appeal to the workflow logic that we need to consider for volunteers and staff to have a common goal.</div><div><br></div><div><div>Tom Brennan<div><div>973-506-9304</div></div></div>On Nov 6, 2015, at 10:31 AM, Jim Manico <<a href="mailto:jim.manico@owasp.org">jim.manico@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div>> <span style="background-color: rgba(255, 255, 255, 0);">New Projects In Process</span></div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Hey now, what a very reasonable idea, Claudia. Do you need a new project banner made for this new category? <br><br>Aloha,<br><div>--</div><div>Jim Manico</div><div><div apple-content-edited="true" class=""><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div class=""><span style="background-color: rgba(255, 255, 255, 0);">Global Board Member</span></div><span style="background-color: rgba(255, 255, 255, 0);">OWASP Foundation</span><div class=""><a href="https://www.owasp.org/" class="" style="background-color: rgba(255, 255, 255, 0);"><font color="#000000">https://www.owasp.org</font></a></div></div></div><div class=""><span style="background-color: rgba(255, 255, 255, 0);">Join me in Rome for AppSecEU 2016!</span></div></div></div><div><br>On Nov 6, 2015, at 5:25 AM, Claudia Casanovas <<a href="mailto:claudia.aviles-casanovas@owasp.org">claudia.aviles-casanovas@owasp.org</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi Johanna,<div><br></div><div>I understand and agree with communities concerns.  Although we had some conversations in the past prior to you stepping down from the Project Task Force.  The Project Task Force continued the work and meetings and agreed to add a new category "New Projects In Process".  </div><div><br></div><div>I will take additional steps to meet with the Project Task Force and review your valuable concerns and recommendations.  Perhaps not adding them to the Project Inventory is the first step as to not hurt the integrity of OWASP which is one of my first priority and never my intention.</div><div><br></div><div>We will provide the community follow up and as always an opportunity to provide feedback.</div><div><br></div><div>Thank you and appreciate you bringing this to our attention.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 6, 2015 at 5:41 AM, johanna curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Jim and the Board<div><br></div><div>I have been upset about this issue because I explained very well to Claudia multiple times , through Skype calls , the issues related to empty projects and all the work it has been taken to clean up the inventory. Also all the work it was taken to setup 'Start a new project'</div><div><br></div><div>What upset me most of this change is  that it was not even communicated to the community and I think I have always been open to be consulted for advice</div><div><br></div><div>For my surprise I go to the project page and see those empty projects, then I asked myself : what happened here?</div><div><br></div><div>I hope you understand my point of view. Especially after all the amount of work it took to clean up this were I personally invested many hours of my free time to help this cause</div><div><br></div><div>My advice therefore is to communicate and consult with leaders and the community. So far I still do not see the benefit of this change and has not been explained. </div><div><br></div><div>So mean while we want to provide room to staff they should also understand that they cannot go and change things like things without any form of explanation especially without providing a good justification for the change.</div><div><br></div><div>So far I want an explanation. I have been asking and I'm been ignore. Is this the way you treat volunteers?</div><div><br></div><div>regards</div><div><br></div><div>Johanna</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 6, 2015 at 5:34 AM, psiinon <span dir="ltr"><<a href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sure, just expressing my opinion :)<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 6, 2015 at 12:58 AM, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    Simon,<br>
    <br>
    I agree with you in spirit. I really do not want to see any empty
    projects either.<br>
    <br>
    Claudia has a close eye on this and I really want to give her some
    room to work these issues out. The scale of empty projects is very
    small right now (2) and the world is not ending. :) Let's give
    Claudia some room to do her thing, and we can all revisit this in a
    few weeks to ensure progress is made.<br>
    <br>
    Does that seem reasonable?<br>
    <br>
    Aloha,<br>
    Jim<div><div><br>
    <br>
    <div>On 11/5/15 2:50 AM, psiinon wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>I think the current rules for the minimum requirements
              for a project are very reasonable, and I think we should
              all discuss this before changing them.<br>
            </div>
            Empty project pages dont help OWASP and I dont think they
            help the projects either.<br>
            <br>
          </div>
          Cheers,<br>
          <br>
        </div>
        Simon<br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Thu, Nov 5, 2015 at 12:40 PM,
          johanna curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Hi Claudia
              <div><br>
              </div>
              <div>Both projects are setup under 'Documentation'</div>
              <div><br>
              </div>
              <div>I read the API project and at the moment there is no
                clear approach on how they will do a research to come
                with the 'top 10 API vulnerabilities'</div>
              <div><br>
              </div>
              <div>This means David has to do a quite intensive research
                and gather a lot of information to be able to come up
                with a 'reasonable' 'top 10 API'. Claudia, please
                familiarize yourself how the OWASP TOP 10 is done and
                you will see how much input data is used over a period
                of <b><u>3 years</u></b> to come up with the 'TOP 10'.
                Thats is the reason why people take quite serious the
                'top 10' and has gain such place in the appsec
                community.</div>
              <div><br>
              </div>
              <div>API's are dependent on programming languages and
                frameworks, requiring quite a lot of knowledge of each
                one to come up with some useful information. I can
                assure you that after a year, there won't be enough
                information in this project, this is no easy piece.If he
                has defined a scope such as ' TOP ten .NET API'  would
                have been easier.</div>
              <div><br>
              </div>
              <div>The 'TOP ten privacy' also took more than a year of
                research before they could come up with some data. Keep
                in mind that if someone wants to do these kind of
                projects they definitely need to present some serious
                proposal otherwise the chance of being and empty project
                or dummy data is almost definitely.</div>
              <div><br>
              </div>
              <div>Dave should present a clear plan how he thinks he
                will achieve this and in the wiki page there is nothing
                conclusive and clear just '<span style="color:rgb(54,43,54);font-family:sans-serif;background-color:rgb(242,245,247)">The
                  roadmap for this project is straightforward: we'll
                  begin by conducting research and seeking feedback from
                  developers and security auditors on the problems they
                  most frequently encounter via web-based APIs.</span><span style="color:rgb(54,43,54);font-family:sans-serif;background-color:rgb(242,245,247)"> "</span><span style="color:rgb(54,43,54);font-family:sans-serif;background-color:rgb(242,245,247)"><br>
                </span></div>
              <div><span style="color:rgb(54,43,54);font-family:sans-serif;background-color:rgb(242,245,247)"><br>
                </span></div>
              <div><font face="sans-serif" color="#362b36"><span style="background-color:rgb(255,255,255)">IF this is
                    a serious research there should be a <u>research
                      proposal</u> and this is not even the case.
                    Documentation based on poor research methodologies
                    serves to serious appsec people of no purpose. No
                    one is going to use a 'top ten api' base on poor </span>research
                  , even worse, this will be damaging to owaps image.</font></div>
              <div><font face="sans-serif" color="#362b36"><br>
                </font></div>
              <div><font face="sans-serif" color="#362b36">So I might
                  sound strict, but is not about being nice, but helping
                  the project leaders to understand
                  their responsibilities with OWASP if they want to
                  embark into a project like this.</font></div>
              <div><font face="sans-serif" color="#362b36"><br>
                </font></div>
              <div><font face="sans-serif" color="#362b36">Regards</font></div>
              <span><font color="#888888">
                  <div><font face="sans-serif" color="#362b36"><br>
                    </font></div>
                  <div><font face="sans-serif" color="#362b36">Johanna</font></div>
                  <div><font face="sans-serif" color="#362b36"><span style="font-size:14px;background-color:rgb(255,255,255)"><br>
                      </span></font></div>
                  <div><span style="color:rgb(54,43,54);font-family:sans-serif;font-size:14px;background-color:rgb(242,245,247)"><br>
                    </span></div>
                </font></span></div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote"><span>On Wed, Nov 4,
                  2015 at 6:47 PM, Claudia Casanovas <span dir="ltr"><<a href="mailto:claudia.aviles-casanovas@owasp.org" target="_blank"></a><a href="mailto:claudia.aviles-casanovas@owasp.org" target="_blank">claudia.aviles-casanovas@owasp.org</a>></span>
                  wrote:<br>
                </span>
                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
                    <div dir="ltr">
                      <div style="font-size:12.8px">Hi Johanna,</div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px">These two project
                        leaders are working on their completion and I
                        will ensure both are completed. They currently
                        marked as In Process for the Project Task Force.</div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px"><a href="https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project" target="_blank"></a><a href="https://www" target="_blank">https://www</a>.<span>owasp</span>.org/index.<span>php</span>/<span>OWASP</span>_Security_Ninja_Program_Project - </div>
                      <div style="font-size:12.8px">Wiki Page will be
                        Deleted as Project Leader has a new name <a href="https://www.owasp.org/index.php/OWASP_Security_Ninja_Project" style="font-size:12.8px" target="_blank"></a><a href="https://www" target="_blank">https://www</a>.<span>owasp</span>.org/index.<span>php</span>/<span>OWASP</span>_Security_Ninja_Project<br>
                      </div>
                      <div style="font-size:12.8px">Page will be deleted
                        (as this was only a name change instance) once
                        the Project Leader adds the completed
                        information.</div>
                      <div><span style="font-size:12.8px"><br>
                        </span></div>
                      <div><span style="font-size:12.8px">This
                          particular project is taking over the work
                          from on </span>Secure Development Training
                        Project which is in process of shutting down on
                        which Tobias is the Project Leader and Chris
                        Romeo will be taking over the project but with a
                        new name and new added content.  The Secure
                        Development Training Project is not yet merged
                        as Chris Romeo is working on the content on the
                        new wiki page.</div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px">David Shaw is
                        working on the content and has been in contact
                        with me this week.  </div>
                      <div style="font-size:12.8px"><a href="https://www.owasp.org/index.php/OWASP_API_Security_Project" target="_blank"></a><a href="https://www" target="_blank">https://www</a>.<span>owasp</span>.org/index.<span>php</span>/<span>OWASP</span>_API_Security_Project<br>
                      </div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px">I agree on your
                        concern and will be diligently working with the
                        Project Leaders to ensure completion this week.</div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px"><br>
                      </div>
                      <div style="font-size:12.8px"><br>
                      </div>
                    </div>
                  </span>
                  <div class="gmail_extra">
                    <div>
                      <div><br>
                        <div class="gmail_quote"><span>On Wed,
                            Nov 4, 2015 at 2:18 PM, johanna curiel
                            curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank"></a><a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
                            wrote:<br>
                          </span>
                          <div>
                            <div>
                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                <div dir="ltr">Hi Project Task Force,
                                  and members of the Board
                                  <div><br>
                                  </div>
                                  <div>A while ago I noticed that people
                                    have decide to change the rules and
                                    allow empty projects , what that
                                    means is that there is nothing
                                    produced (not even a table of
                                    contents) and wiki pages are being
                                    setup as 'projects, even worse,
                                    templates with no content</div>
                                  <div><br>
                                  </div>
                                  <div>I feel quite disappointed to see
                                    this, especially after the amount of
                                    work I and other volunteers with
                                    some staff took to clean up the
                                    'empty projects'</div>
                                  <div>These projects have no content
                                    delivered as mentioned on the
                                    conditions for starting a project</div>
                                  <div><br>
                                  </div>
                                  <div><a href="https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project" target="_blank">https://www.owasp.org/index.php/OWASP_Security_Ninja_Program_Project</a><br>
                                  </div>
                                  <div><a href="https://www.owasp.org/index.php/OWASP_API_Security_Project" target="_blank">https://www.owasp.org/index.php/OWASP_API_Security_Project</a><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>Again, what is the benefit of
                                    changing the rules and allow this
                                    again?</div>
                                  <div><br>
                                  </div>
                                  <div>For documentation :(still is
                                    mentioned on the website)</div>
                                  <div><a href="https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project" target="_blank">https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project</a><br>
                                  </div>
                                  <div>
                                    <p style="margin:0.5em 0px;line-height:inherit;color:rgb(54,43,54);font-family:sans-serif">A
                                      - PROJECT</p>
                                    <ol style="line-height:1.5em;margin:0.3em 0px 0px 3.2em;padding:0px;font-family:sans-serif">
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Name,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        purpose / overview,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Roadmap,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        links (if any) to external
                                        sites,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">[[Guidelines_for_OWASP_Projects#Project_Licensing|Project
                                        License],]</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Leader name,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Leader email address,</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Leader wiki account - the
                                        username (you'll need this to
                                        edit the wiki),</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Contributor(s) (if any) - name
                                        email and wiki account (if any),</li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em">Project
                                        Main Links (if any).</li>
                                      <li style="margin-bottom:0.1em"><font style="background-color:rgb(255,153,0)" color="#000000">For
                                          Documentation: A table of
                                          Contents</font></li>
                                      <li style="color:rgb(54,43,54);margin-bottom:0.1em"><span style="background-color:rgb(255,153,0)">For Code: A prototype hosted in
                                          an open source repository of
                                          your choice. Make sure it has
                                          read access</span></li>
                                    </ol>
                                    <div><font face="sans-serif" color="#362b36"><br>
                                      </font></div>
                                  </div>
                                  <div><font face="sans-serif" color="#362b36">regards</font></div>
                                  <span><font color="#888888">
                                      <div><font face="sans-serif" color="#362b36"><br>
                                        </font></div>
                                      <div><font face="sans-serif" color="#362b36">Johanna</font></div>
                                    </font></span></div>
                              </blockquote>
                            </div>
                          </div>
                        </div>
                        <br>
                        <br clear="all">
                        <div><br>
                        </div>
                      </div>
                    </div>
                    <span><span><font color="#888888">-- <br>
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr"><br>
                                </div>
                                <div dir="ltr"><br>
                                </div>
                                <div dir="ltr"><a href="mailto:claudia.aviles-casanovas@owasp.org" target="_blank">Claudia
                                    Aviles-Casanovas</a>
                                  <div>
                                    <div>Project Coordinator</div>
                                    <div>Phone:<a href="tel:973-288-1697" value="+19732881697" target="_blank">973-288-1697</a></div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </font></span></span></div>
                </blockquote>
              </div>
              <br>
            </div>
            <br>
            _______________________________________________<br>
            Owasp-board mailing list<br>
            <a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a><br>
            <a href="https://lists.owasp.org/mailman/listinfo/owasp-board" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <br>
        -- <br>
        <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP
            ZAP</a> Project leader<br>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Owasp-board mailing list
<a href="mailto:Owasp-board@lists.owasp.org" target="_blank">Owasp-board@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-board" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br><span class="HOEnZb"><font color="#888888">
    </font></span></div></div><span class="HOEnZb"><font color="#888888"><span><font color="#888888"><pre cols="72">-- 
Jim Manico
Global Board Member
OWASP Foundation
<a href="https://www.owasp.org" target="_blank">https://www.owasp.org</a></pre>
  </font></span></font></span></div><span class="HOEnZb"><font color="#888888">

</font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP ZAP</a> Project leader<br></div>
</font></span></div>
</div></div></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><a href="mailto:claudia.aviles-casanovas@owasp.org" target="_blank">Claudia Aviles-Casanovas</a><div><div>Project Coordinator</div><div>Phone:973-288-1697</div></div></div></div></div></div>
</div>
</div></blockquote></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Owasp-board mailing list</span><br><span><a href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a></span><br><span><a href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a></span><br></div></blockquote></body></html>