[Owasp-guide] Participating in the project

Vishal Garg vishalgrg at gmail.com
Wed Jul 14 14:46:01 EDT 2010


Well, I like your idea Anurag, and quite happy with this division of roles.
I am sure everyone else working on the project would be happy with this
division of roles as well.

I believe we should start the ball rolling and bring the project back on
track quickly. Our next bet may be to contact Mike (if possible) and see
what vision and objectives he had in his mind for the new guide. Once we
have this information, then we may develop a plan for further action.

How does that sound?

Regards
Vishal

On Wed, Jul 14, 2010 at 2:17 PM, Anurag Agarwal <anurag.agarwal at yahoo.com>wrote:

>  Andrew – I like your idea about breaking PM functionality. I can do the
> project management and vision and take assistance from Vishal in follow ups
> and making sure everyone is on schedule and ASVS compliance.
>
>
>
> Let me know if this idea appeals to you.
>
>
>
> Thanks
>
> Anurag
>
>
>
>
>
>
>
>
>
>
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org]
> *Sent:* Tuesday, July 13, 2010 7:31 PM
> *To:* Anurag Agarwal
> *Cc:* 'Tom Stripling'; 'Vishal Garg'; owasp-guide at lists.owasp.org
>
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> I am immensely glad so many folks want to be Guide leader. This is a huge
> change from a few years ago.
>
>
>
> It's important to realise that I tried to be the PM, the lead author, and
> everything to the Guide, and it's just too hard for a single person. I ended
> up being a road block for more than three years until I handed it over to
> Mike.
>
>
>
> I think it's important for a single view of conceptual integrity, but I
> think there is scope for multiple "leaders". The first guide was
> conceptually Mark Curphey's, but there were LOTS of folks working on it.
> That effort established OWASP as the force that it is.
>
>
>
> I think if folks could agree that someone is the PM, someone is the person
> who approves the direction and final wording, someone who is checking facts
> and ensuring that ASVS integration is correct, I feel that could work. But I
> do believe that someone needs to hold the reigns for conceptual integrity (a
> single vision) as there needs to be a final arbiter / decision maker for
> inclusion / improvements / send back for re-work.
>
>
>
> The Guide is easily OWASP's largest work, so I'm happy with the idea of
> more than one leader, but in my view each leader needs to have clearly
> defined tasks that everyone has agreed to.
>
>
>
> thanks,
>
> Andrew
>
>
>
> On 14/07/2010, at 5:52 AM, Anurag Agarwal wrote:
>
>
>
>   Tom – I agree with you on many points below but since this is a
> volunteer based project and everybody has a day job too, having shared
> leadership will actually help move the process faster and smoother. If one
> leader gets busy, the other one can take over and provide the backup. IMPO
> having co-leadership can actually be beneficial to this project.
>
>
>
> Thanks
>
> Anurag
>
>
>
> *From:* Tom Stripling [mailto:tstripling at appsecconsulting.com]
> *Sent:* Tuesday, July 13, 2010 10:42 AM
> *To:* 'Anurag Agarwal'; 'Vishal Garg'; vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* RE: [Owasp-guide] Participating in the project
>
>
>
> I’d like to drop in my two cents here.  I think having “co-leaders” is a
> very bad idea.  This has nothing to do with my opinion of Anurag or Vishal;
> I’m sure either one would do a great job if they had the time.  But in my
> experience with these types of community-driven projects, if two people try
> to share the load, often nothing gets done.  The job of project leader is
> very time-consuming and requires someone to always be responsive and
> constantly be driving the project forward.  It’s like herding cats.  No
> matter how many people you get who are willing to squeeze “co-leadership”
> into their schedule, it isn’t going to work unless you have one person who
> is willing to commit a large chunk of time to leading the project and
> ensuring that things get done.
>
>
>
> So if someone feels that can take that on, please speak up, but I will vote
> against any “co-leadership” arrangement.
>
>
>
>
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *Anurag Agarwal
> *Sent:* Tuesday, July 13, 2010 8:19 AM
> *To:* 'Vishal Garg'; vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> Andrew – I think Vishal and myself can start as Co-Leaders and Abe can join
> us later on. If Michael can do a quick handoff, we can be up and running
> very quickly. I have lead a WASC project earlier and have a very good
> understanding of earlier versions of OWASP developer guide and OWASP
> standards. I am sure we can get the project back on track quickly.
>
>
>
> Thanks
>
> Anurag
>
>
>
>
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *Vishal Garg
> *Sent:* Tuesday, July 13, 2010 5:34 AM
> *To:* vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> Hi Andrew,
>
> I would be happy to volunteer myself to act as project lead. As both Anurag
> and Abe have shown their interest as well, so maybe all three of us can
> bring in different skill sets to the project; well obviously with everyone
> else's consent working on the project :)
>
> Regards
> Vishal
>
> On Tue, Jul 13, 2010 at 7:40 AM, Abe <abek1 at comcast.net> wrote:
>
> Hi Everyone,
>
> I wrote the Output Encoding chapter in the current draft.
>
> I am going to be busy for the next month but after that I wouldn't mind
> being the OWASP Guide Co-Leader.
>
>
> Regards,
> Abe
>
>
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org
>
> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Andrew van der
> Stock
> Sent: Monday, July 12, 2010 3:36 PM
> To: owasp-guide at lists.owasp.org
> Subject: Re: [Owasp-guide] Participating in the project
>
> I heard back from Mike last night in a personal e-mail, and he's moved on
> from OWASP. We need a new OWASP Guide leader.
>
> I simply don't have the time for more than one project (I want to
> contribute
> to the ESAPI for PHP port), so my goal here is for someone in this group to
> step up as the OWASP Guide leader.
>
> Who thinks they can provide the PM skills and conceptual integrity (single
> vision) for the Guide? We need someone to keep the project on track and to
> ensure that the submitted materials are of high quality.
>
> I'd really like it if the decision will be the decision of the entire
> group.
>
>
> thanks,
> Andrew
>
>
> On 13/07/2010, at 4:36 AM, Vishal Garg wrote:
>
> > Hi Anurag and Geoff,
> >
> > Thanks a lot for showing your interest for session management and data
> protection sections.
> >
> > I am not the right person to make any assignments. If you would be
> interested to work on a section where a section lead has already been
> assigned, you are encouraged to get in touch with the section leads
> directly, or you may have to wait for Mike to make an assignment to you.
> >
> > Regards
> > Vishal
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
>
> --
> Vishal Garg
> Web Security Specialist
>
> Blog: http://www.ethicalhack.co.uk
> Twitter: http://www.twitter.com/vishalgrg
> Linkedin: http://www.linkedin.com/in/vishalgrg
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/12/10
> 12:49:00
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
> 02:36:00
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
> 14:36:00
>



-- 
Vishal Garg
Web Security Specialist

Blog: http://www.ethicalhack.co.uk
Twitter: http://www.twitter.com/vishalgrg
Linkedin: http://www.linkedin.com/in/vishalgrg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100714/85e7e32f/attachment.html 


More information about the Owasp-guide mailing list