[Owasp-guide] Participating in the project

Vishal Garg vishalgrg at gmail.com
Wed Jul 14 14:57:03 EDT 2010


You are well spot on, Anurag. I had a similar thought but was not sure how
to go about it. I am sure Andrew wouldn't mind doing that!

Regards
Vishal

On Wed, Jul 14, 2010 at 7:49 PM, Anurag Agarwal <anurag.agarwal at yahoo.com>wrote:

>  Vishal – Though I won’t mind that but I want Andrew to agree with this
> too and make a formal announcement to the group and introduce us to Mike
> with the same goal in mind.
>
>
>
> Thanks
>
> Anurag
>
>
>
>
>
> *From:* Vishal Garg [mailto:vishalgrg at gmail.com]
> *Sent:* Wednesday, July 14, 2010 2:46 PM
> *To:* Anurag Agarwal
> *Cc:* Andrew van der Stock; Tom Stripling; owasp-guide at lists.owasp.org
>
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> Well, I like your idea Anurag, and quite happy with this division of roles.
> I am sure everyone else working on the project would be happy with this
> division of roles as well.
>
> I believe we should start the ball rolling and bring the project back on
> track quickly. Our next bet may be to contact Mike (if possible) and see
> what vision and objectives he had in his mind for the new guide. Once we
> have this information, then we may develop a plan for further action.
>
> How does that sound?
>
> Regards
> Vishal
>
> On Wed, Jul 14, 2010 at 2:17 PM, Anurag Agarwal <anurag.agarwal at yahoo.com>
> wrote:
>
> Andrew – I like your idea about breaking PM functionality. I can do the
> project management and vision and take assistance from Vishal in follow ups
> and making sure everyone is on schedule and ASVS compliance.
>
>
>
> Let me know if this idea appeals to you.
>
>
>
> Thanks
>
> Anurag
>
>
>
>
>
>
>
>
>
>
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org]
> *Sent:* Tuesday, July 13, 2010 7:31 PM
> *To:* Anurag Agarwal
> *Cc:* 'Tom Stripling'; 'Vishal Garg'; owasp-guide at lists.owasp.org
>
>
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> I am immensely glad so many folks want to be Guide leader. This is a huge
> change from a few years ago.
>
>
>
> It's important to realise that I tried to be the PM, the lead author, and
> everything to the Guide, and it's just too hard for a single person. I ended
> up being a road block for more than three years until I handed it over to
> Mike.
>
>
>
> I think it's important for a single view of conceptual integrity, but I
> think there is scope for multiple "leaders". The first guide was
> conceptually Mark Curphey's, but there were LOTS of folks working on it.
> That effort established OWASP as the force that it is.
>
>
>
> I think if folks could agree that someone is the PM, someone is the person
> who approves the direction and final wording, someone who is checking facts
> and ensuring that ASVS integration is correct, I feel that could work. But I
> do believe that someone needs to hold the reigns for conceptual integrity (a
> single vision) as there needs to be a final arbiter / decision maker for
> inclusion / improvements / send back for re-work.
>
>
>
> The Guide is easily OWASP's largest work, so I'm happy with the idea of
> more than one leader, but in my view each leader needs to have clearly
> defined tasks that everyone has agreed to.
>
>
>
> thanks,
>
> Andrew
>
>
>
> On 14/07/2010, at 5:52 AM, Anurag Agarwal wrote:
>
>
>
> Tom – I agree with you on many points below but since this is a volunteer
> based project and everybody has a day job too, having shared leadership will
> actually help move the process faster and smoother. If one leader gets busy,
> the other one can take over and provide the backup. IMPO having
> co-leadership can actually be beneficial to this project.
>
>
>
> Thanks
>
> Anurag
>
>
>
> *From:* Tom Stripling [mailto:tstripling at appsecconsulting.com]
> *Sent:* Tuesday, July 13, 2010 10:42 AM
> *To:* 'Anurag Agarwal'; 'Vishal Garg'; vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* RE: [Owasp-guide] Participating in the project
>
>
>
> I’d like to drop in my two cents here.  I think having “co-leaders” is a
> very bad idea.  This has nothing to do with my opinion of Anurag or Vishal;
> I’m sure either one would do a great job if they had the time.  But in my
> experience with these types of community-driven projects, if two people try
> to share the load, often nothing gets done.  The job of project leader is
> very time-consuming and requires someone to always be responsive and
> constantly be driving the project forward.  It’s like herding cats.  No
> matter how many people you get who are willing to squeeze “co-leadership”
> into their schedule, it isn’t going to work unless you have one person who
> is willing to commit a large chunk of time to leading the project and
> ensuring that things get done.
>
>
>
> So if someone feels that can take that on, please speak up, but I will vote
> against any “co-leadership” arrangement.
>
>
>
>
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *Anurag Agarwal
> *Sent:* Tuesday, July 13, 2010 8:19 AM
> *To:* 'Vishal Garg'; vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> Andrew – I think Vishal and myself can start as Co-Leaders and Abe can join
> us later on. If Michael can do a quick handoff, we can be up and running
> very quickly. I have lead a WASC project earlier and have a very good
> understanding of earlier versions of OWASP developer guide and OWASP
> standards. I am sure we can get the project back on track quickly.
>
>
>
> Thanks
>
> Anurag
>
>
>
>
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *Vishal Garg
> *Sent:* Tuesday, July 13, 2010 5:34 AM
> *To:* vanderaj at owasp.org
> *Cc:* owasp-guide at lists.owasp.org
> *Subject:* Re: [Owasp-guide] Participating in the project
>
>
>
> Hi Andrew,
>
> I would be happy to volunteer myself to act as project lead. As both Anurag
> and Abe have shown their interest as well, so maybe all three of us can
> bring in different skill sets to the project; well obviously with everyone
> else's consent working on the project :)
>
> Regards
> Vishal
>
> On Tue, Jul 13, 2010 at 7:40 AM, Abe <abek1 at comcast.net> wrote:
>
> Hi Everyone,
>
> I wrote the Output Encoding chapter in the current draft.
>
> I am going to be busy for the next month but after that I wouldn't mind
> being the OWASP Guide Co-Leader.
>
>
> Regards,
> Abe
>
>
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org
>
> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Andrew van der
> Stock
> Sent: Monday, July 12, 2010 3:36 PM
> To: owasp-guide at lists.owasp.org
> Subject: Re: [Owasp-guide] Participating in the project
>
> I heard back from Mike last night in a personal e-mail, and he's moved on
> from OWASP. We need a new OWASP Guide leader.
>
> I simply don't have the time for more than one project (I want to
> contribute
> to the ESAPI for PHP port), so my goal here is for someone in this group to
> step up as the OWASP Guide leader.
>
> Who thinks they can provide the PM skills and conceptual integrity (single
> vision) for the Guide? We need someone to keep the project on track and to
> ensure that the submitted materials are of high quality.
>
> I'd really like it if the decision will be the decision of the entire
> group.
>
>
> thanks,
> Andrew
>
>
> On 13/07/2010, at 4:36 AM, Vishal Garg wrote:
>
> > Hi Anurag and Geoff,
> >
> > Thanks a lot for showing your interest for session management and data
> protection sections.
> >
> > I am not the right person to make any assignments. If you would be
> interested to work on a section where a section lead has already been
> assigned, you are encouraged to get in touch with the section leads
> directly, or you may have to wait for Mike to make an assignment to you.
> >
> > Regards
> > Vishal
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
>
>
> --
> Vishal Garg
> Web Security Specialist
>
> Blog: http://www.ethicalhack.co.uk
> Twitter: http://www.twitter.com/vishalgrg
> Linkedin: http://www.linkedin.com/in/vishalgrg
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/12/10
> 12:49:00
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
> 02:36:00
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
>
> Version: 9.0.830 / Virus Database: 271.1.1/2983 - Release Date: 07/13/10
> 14:36:00
>
>
>
>
> --
> Vishal Garg
> Web Security Specialist
>
> Blog: http://www.ethicalhack.co.uk
> Twitter: http://www.twitter.com/vishalgrg
> Linkedin: http://www.linkedin.com/in/vishalgrg
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/3004 - Release Date: 07/14/10
> 02:36:00
>



-- 
Vishal Garg
Web Security Specialist

Blog: http://www.ethicalhack.co.uk
Twitter: http://www.twitter.com/vishalgrg
Linkedin: http://www.linkedin.com/in/vishalgrg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100714/068d10cb/attachment-0001.html 


More information about the Owasp-guide mailing list