[Owasp-guide] Participating in the project

Andrew van der Stock vanderaj at owasp.org
Tue Jul 13 19:31:14 EDT 2010


I am immensely glad so many folks want to be Guide leader. This is a huge change from a few years ago. 

It's important to realise that I tried to be the PM, the lead author, and everything to the Guide, and it's just too hard for a single person. I ended up being a road block for more than three years until I handed it over to Mike. 

I think it's important for a single view of conceptual integrity, but I think there is scope for multiple "leaders". The first guide was conceptually Mark Curphey's, but there were LOTS of folks working on it. That effort established OWASP as the force that it is. 

I think if folks could agree that someone is the PM, someone is the person who approves the direction and final wording, someone who is checking facts and ensuring that ASVS integration is correct, I feel that could work. But I do believe that someone needs to hold the reigns for conceptual integrity (a single vision) as there needs to be a final arbiter / decision maker for inclusion / improvements / send back for re-work. 

The Guide is easily OWASP's largest work, so I'm happy with the idea of more than one leader, but in my view each leader needs to have clearly defined tasks that everyone has agreed to. 

thanks,
Andrew

On 14/07/2010, at 5:52 AM, Anurag Agarwal wrote:

> Tom – I agree with you on many points below but since this is a volunteer based project and everybody has a day job too, having shared leadership will actually help move the process faster and smoother. If one leader gets busy, the other one can take over and provide the backup. IMPO having co-leadership can actually be beneficial to this project.
>  
> Thanks
> Anurag
>  
> From: Tom Stripling [mailto:tstripling at appsecconsulting.com] 
> Sent: Tuesday, July 13, 2010 10:42 AM
> To: 'Anurag Agarwal'; 'Vishal Garg'; vanderaj at owasp.org
> Cc: owasp-guide at lists.owasp.org
> Subject: RE: [Owasp-guide] Participating in the project
>  
> I’d like to drop in my two cents here.  I think having “co-leaders” is a very bad idea.  This has nothing to do with my opinion of Anurag or Vishal; I’m sure either one would do a great job if they had the time.  But in my experience with these types of community-driven projects, if two people try to share the load, often nothing gets done.  The job of project leader is very time-consuming and requires someone to always be responsive and constantly be driving the project forward.  It’s like herding cats.  No matter how many people you get who are willing to squeeze “co-leadership” into their schedule, it isn’t going to work unless you have one person who is willing to commit a large chunk of time to leading the project and ensuring that things get done.
>  
> So if someone feels that can take that on, please speak up, but I will vote against any “co-leadership” arrangement.
>  
>  
> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Anurag Agarwal
> Sent: Tuesday, July 13, 2010 8:19 AM
> To: 'Vishal Garg'; vanderaj at owasp.org
> Cc: owasp-guide at lists.owasp.org
> Subject: Re: [Owasp-guide] Participating in the project
>  
> Andrew – I think Vishal and myself can start as Co-Leaders and Abe can join us later on. If Michael can do a quick handoff, we can be up and running very quickly. I have lead a WASC project earlier and have a very good understanding of earlier versions of OWASP developer guide and OWASP standards. I am sure we can get the project back on track quickly.
>  
> Thanks
> Anurag
>  
>  
> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Vishal Garg
> Sent: Tuesday, July 13, 2010 5:34 AM
> To: vanderaj at owasp.org
> Cc: owasp-guide at lists.owasp.org
> Subject: Re: [Owasp-guide] Participating in the project
>  
> Hi Andrew,
> 
> I would be happy to volunteer myself to act as project lead. As both Anurag and Abe have shown their interest as well, so maybe all three of us can bring in different skill sets to the project; well obviously with everyone else's consent working on the project :)
> 
> Regards
> Vishal
> 
> On Tue, Jul 13, 2010 at 7:40 AM, Abe <abek1 at comcast.net> wrote:
> Hi Everyone,
> 
> I wrote the Output Encoding chapter in the current draft.
> 
> I am going to be busy for the next month but after that I wouldn't mind
> being the OWASP Guide Co-Leader.
> 
> 
> Regards,
> Abe
> 
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org
> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Andrew van der
> Stock
> Sent: Monday, July 12, 2010 3:36 PM
> To: owasp-guide at lists.owasp.org
> Subject: Re: [Owasp-guide] Participating in the project
> 
> I heard back from Mike last night in a personal e-mail, and he's moved on
> from OWASP. We need a new OWASP Guide leader.
> 
> I simply don't have the time for more than one project (I want to contribute
> to the ESAPI for PHP port), so my goal here is for someone in this group to
> step up as the OWASP Guide leader.
> 
> Who thinks they can provide the PM skills and conceptual integrity (single
> vision) for the Guide? We need someone to keep the project on track and to
> ensure that the submitted materials are of high quality.
> 
> I'd really like it if the decision will be the decision of the entire group.
> 
> 
> thanks,
> Andrew
> 
> 
> On 13/07/2010, at 4:36 AM, Vishal Garg wrote:
> 
> > Hi Anurag and Geoff,
> >
> > Thanks a lot for showing your interest for session management and data
> protection sections.
> >
> > I am not the right person to make any assignments. If you would be
> interested to work on a section where a section lead has already been
> assigned, you are encouraged to get in touch with the section leads
> directly, or you may have to wait for Mike to make an assignment to you.
> >
> > Regards
> > Vishal
> 
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
> 
> 
> 
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
> 
> 
> 
> -- 
> Vishal Garg
> Web Security Specialist
> 
> Blog: http://www.ethicalhack.co.uk
> Twitter: http://www.twitter.com/vishalgrg
> Linkedin: http://www.linkedin.com/in/vishalgrg
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/12/10 12:49:00
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10 02:36:00
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100714/1b414e63/attachment-0001.html 


More information about the Owasp-guide mailing list