[Owasp-guide] Participating in the project

Wed Jul 14 09:17:44 EDT 2010

Andrew - I like your idea about breaking PM functionality. I can do the
project management and vision and take assistance from Vishal in follow ups
and making sure everyone is on schedule and ASVS compliance. 

Let me know if this idea appeals to you.

Thanks

Anurag

From: Andrew van der Stock [mailto:vanderaj at owasp.org] 
Sent: Tuesday, July 13, 2010 7:31 PM
To: Anurag Agarwal
Cc: 'Tom Stripling'; 'Vishal Garg'; owasp-guide at lists.owasp.org
Subject: Re: [Owasp-guide] Participating in the project

I am immensely glad so many folks want to be Guide leader. This is a huge
change from a few years ago. 

It's important to realise that I tried to be the PM, the lead author, and
everything to the Guide, and it's just too hard for a single person. I ended
up being a road block for more than three years until I handed it over to
Mike. 

I think it's important for a single view of conceptual integrity, but I
think there is scope for multiple "leaders". The first guide was
conceptually Mark Curphey's, but there were LOTS of folks working on it.
That effort established OWASP as the force that it is. 

I think if folks could agree that someone is the PM, someone is the person
who approves the direction and final wording, someone who is checking facts
and ensuring that ASVS integration is correct, I feel that could work. But I
do believe that someone needs to hold the reigns for conceptual integrity (a
single vision) as there needs to be a final arbiter / decision maker for
inclusion / improvements / send back for re-work. 

The Guide is easily OWASP's largest work, so I'm happy with the idea of more
than one leader, but in my view each leader needs to have clearly defined
tasks that everyone has agreed to. 

thanks,

Andrew

On 14/07/2010, at 5:52 AM, Anurag Agarwal wrote:

Tom - I agree with you on many points below but since this is a volunteer
based project and everybody has a day job too, having shared leadership will
actually help move the process faster and smoother. If one leader gets busy,
the other one can take over and provide the backup. IMPO having
co-leadership can actually be beneficial to this project.

Thanks

Anurag

From: Tom Stripling [mailto:tstripling at appsecconsulting.com] 
Sent: Tuesday, July 13, 2010 10:42 AM
To: 'Anurag Agarwal'; 'Vishal Garg'; vanderaj at owasp.org
Cc: owasp-guide at lists.owasp.org
Subject: RE: [Owasp-guide] Participating in the project

I'd like to drop in my two cents here.  I think having "co-leaders" is a
very bad idea.  This has nothing to do with my opinion of Anurag or Vishal;
I'm sure either one would do a great job if they had the time.  But in my
experience with these types of community-driven projects, if two people try
to share the load, often nothing gets done.  The job of project leader is
very time-consuming and requires someone to always be responsive and
constantly be driving the project forward.  It's like herding cats.  No
matter how many people you get who are willing to squeeze "co-leadership"
into their schedule, it isn't going to work unless you have one person who
is willing to commit a large chunk of time to leading the project and
ensuring that things get done.

So if someone feels that can take that on, please speak up, but I will vote
against any "co-leadership" arrangement.

From: owasp-guide-bounces at lists.owasp.org
[mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Anurag Agarwal
Sent: Tuesday, July 13, 2010 8:19 AM
To: 'Vishal Garg'; vanderaj at owasp.org
Cc: owasp-guide at lists.owasp.org
Subject: Re: [Owasp-guide] Participating in the project

Andrew - I think Vishal and myself can start as Co-Leaders and Abe can join
us later on. If Michael can do a quick handoff, we can be up and running
very quickly. I have lead a WASC project earlier and have a very good
understanding of earlier versions of OWASP developer guide and OWASP
standards. I am sure we can get the project back on track quickly.

Thanks

Anurag

From: owasp-guide-bounces at lists.owasp.org
[mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Vishal Garg
Sent: Tuesday, July 13, 2010 5:34 AM
To: vanderaj at owasp.org
Cc: owasp-guide at lists.owasp.org
Subject: Re: [Owasp-guide] Participating in the project

Hi Andrew,

I would be happy to volunteer myself to act as project lead. As both Anurag
and Abe have shown their interest as well, so maybe all three of us can
bring in different skill sets to the project; well obviously with everyone
else's consent working on the project :)

Regards
Vishal

On Tue, Jul 13, 2010 at 7:40 AM, Abe <abek1 at comcast.net> wrote:

Hi Everyone,

I wrote the Output Encoding chapter in the current draft.

I am going to be busy for the next month but after that I wouldn't mind
being the OWASP Guide Co-Leader.

Regards,
Abe

-----Original Message-----
From: owasp-guide-bounces at lists.owasp.org

[mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Andrew van der
Stock
Sent: Monday, July 12, 2010 3:36 PM
To: owasp-guide at lists.owasp.org
Subject: Re: [Owasp-guide] Participating in the project

I heard back from Mike last night in a personal e-mail, and he's moved on
from OWASP. We need a new OWASP Guide leader.

I simply don't have the time for more than one project (I want to contribute
to the ESAPI for PHP port), so my goal here is for someone in this group to
step up as the OWASP Guide leader.

Who thinks they can provide the PM skills and conceptual integrity (single
vision) for the Guide? We need someone to keep the project on track and to
ensure that the submitted materials are of high quality.

I'd really like it if the decision will be the decision of the entire group.

thanks,
Andrew

On 13/07/2010, at 4:36 AM, Vishal Garg wrote:

> Hi Anurag and Geoff,
>
> Thanks a lot for showing your interest for session management and data
protection sections.
>
> I am not the right person to make any assignments. If you would be
interested to work on a section where a section lead has already been
assigned, you are encouraged to get in touch with the section leads
directly, or you may have to wait for Mike to make an assignment to you.
>
> Regards
> Vishal

_______________________________________________
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-guide

_______________________________________________
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-guide

-- 
Vishal Garg
Web Security Specialist

Blog: http://www.ethicalhack.co.uk
Twitter: http://www.twitter.com/vishalgrg
Linkedin: http://www.linkedin.com/in/vishalgrg

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/12/10
12:49:00

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
02:36:00

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
14:36:00

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100714/7b4a5d58/attachment-0001.html 