[Owasp-leaders] Would the real OWASP please stand up!

Brad Causey bradcausey at owasp.org
Thu Sep 17 13:24:42 EDT 2009

This is more directed toward Yiannis,

I do realize that the extra work you are being asked to do seems a bit of a
pain in the ass. You are coder, and therefore you just want to make great
code and it should be enough that you are offering your code to OWASP. How
dare us ask you for anything. I get that.

One of the reasons you are seeing more 'fluff' as of late is that we as an
organization have identified a few weak points in our delivery of said
'great code' or 'great documentation'.

As part of the mission of OWASP, we are trying to further grow the awareness
of application security. Part of that, is helping those folks out there be
aware of these projects and why they are important. JbroFuzz will get used
much more if people know it exists, have a reasonable expectation of its
current quality, and have some idea of what it does. Without these things,
what differentiates us from the 'security' section of sourceforge?

I guess what I am saying is that you are confused about what we expect from
'project leaders', we expect someone to lead a project, from every aspect.
If we wanted coders, you'd be called a coder, and you wouldn't be posting to
the leader's mailing list.

I'm not attacking you, because I do agree to some extent with some of your
statements. We do need some checks and balances on a lot of things. But lets
be real, you've been asked for 3 slides and some 'fluff' work about your
project so we can HELP YOU promote your great code.

If I missed something, please let me know.

-Brad Causey

Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)

On Thu, Sep 17, 2009 at 11:00 AM, McGovern, James F (HTSC, IT) <
James.McGovern at thehartford.com> wrote:

>  My thoughts inline
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Yiannis
> Pavlosoglou
> Sent: Thursday, September 17, 2009 11:41 AM
> To: owasp-leaders at lists.owasp.org
> Subject: [Owasp-leaders] Would the real OWASP please stand up!
> * You turn up to any other security meeting, you don't even mention the
> acronym without getting looked badly upon
> [JFM] OWASP takes the high road and has lots of integrity in its
> approach. This has the side effect of torquing those who have less
> values.
> * People actually tell me that they avoid going to particular chapter
> meetings, because they are sick and tired of presenters implicitly
> trying to sell their own company/service/tool
> [JFM] This says that OWASP needs needs to figure out a method of
> diversifying its chapter leaders. I can say that I have never attempted
> to sell annuities at the Hartford chapter meeting :-)
> * Chapter leaders do not want to go their own folks and ask for
> donations; people that they have been together with from the beginning
> of their security careers
> [JFM] I think many of us feel that way. I only have enough courage to
> ask for donations of those who hit me up for the same. Think Girl Scout
> cookies, Lance Armstrong bracelets, etc
> * You want a marketing department? Go hire one! The time that it takes
> me to add double encoding payloads for sharepoint into JBroFuzz is the
> time wasted on self assessment criteria. Project leader's ego aside,
> which one is better?
> [JFM] Expecting a bunch of techies to do marketing at best will result
> in mediocrity. We should revive the notion of a separate OWASP PR
> project :-)
> ************************************************************
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited.  If you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
> ************************************************************
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090917/3d147088/attachment-0001.html 

More information about the OWASP-Leaders mailing list