[Owasp-leaders] Fwd: Stepping down as Board Member

dinis cruz dinis.cruz at owasp.org
Mon Feb 14 08:55:19 EST 2011

What is interesting about John's views, is that it only represents one (of
the multiple) ecosystems/communities that lives inside OWASP.

That said, I think he is spot on in his analysis, and that OWASP needs to be
very careful in how handles its 'bees' (using the analogy of the 1995
article) since this community is the one that creates most 'assets' that
OWASP has.

OWASP is VERY wide and (fortunately) it covers a huge spectrum of people,
interests, knowledge areas , technologies and focus. For example, there are
other ecosystems/communities at OWASP that need complete difference
approaches, process and procedures (Government, John Steven's crowd, CIO's,
QA departments, students, teachers, appsec product vendors, etc...)

Part of the reason I stepped down from the board is due to the fact that
I realized that most OWASP leaders didn't realized/understood how I operated
and I got things done at OWASP. And that was OK in the past, but recently It
was creating too many allergic reactions.

Using the bees analogy, I think I was a good bee keeper and was able to find
creative ways to find, motivate and blossom the OWASP bees :)

In fact, what I always found ironic, was that one of the most common
complains that I received directly (or was made behind my back) was that I
was too chaotic, disorganized and didn't 'listen' to others.

When in fact, if you actually looked closely (or in hindsight), some of
the activities that I was responsible for creating and implementing at
OWASP, had multi-layer strategy and where some of our most organized and
professionally executed activities. For example the last OWASP Season of
Code <http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008> or the Summit
2011 <http://www.owasp.org/index.php/OWASP_Summit_2011>

Dinis Cruz

On 14 February 2011 13:30, Seba <seba at owasp.org> wrote:

> John,
> You are hitting the nail on the head!
> The challenge of further building the OWASP 'platform' is to make sure
> developers and people with creative idea's feel at home.
> One of the basic principles should be that the services provided by
> OWASP are always opt-in and never try to 'harnass' the project/chapter
> leaders into stringent project or governance rules.
> --Seba
> On Mon, Feb 14, 2011 at 2:15 PM, John Wilander <john.wilander at owasp.org>
> wrote:
> > 2011/2/14 Konstantinos Papapanagiotou <conpap at di.uoa.gr>
> >>
> >> John,
> >>
> >> I don't mean to underestimate the value that tech people and
> >> corresponding projects bring to an organization like OWASP but if we
> >> want to reach out to governments, standards organizations and key
> >> industry players we need those formal document-policy-oriented
> >> projects because that's the language that they understand.
> >
> > I too think we need document and policy-oriented projects. But making
> > itself more formal will fend off tech people.
> >
> > When a community hero as Michal Zalewski starts an email with "Oh, that
> > OWASP thing still around?;-)" I get worried.
> >
> > I've seen it happen loads of times. A bunch of enthusiastic people start
> a
> > community. Some are technically driven and publish a lot of code and/or
> > tools. Then comes the process, policy, and document people to provide
> > structure. That far, all good. But the structure people attract more
> > structure people who in turn attract more document people. Suddenly the
> code
> > people feel alienated and leave.
> >
> > Read "How Software Companies Die" by Orson Scott Card (1995) and you'll
> > understand what I mean. Relevant excerpts:
> >
> > Here's the secret that every successful software company is based on: You
> > can domesticate programmers the way beekeepers tame bees. You can't
> exactly
> > communicate with them, but you can get them to swarm in one place and
> when
> > they're not looking, you can carry off the honey.
> >
> > Here's the problem that ends up killing company after company. All
> > successful software companies had, as their dominant personality, a
> leader
> > who nurtured programmers. But no company can keep such a leader forever.
> > Either he cashes out, or he brings in management types who end up driving
> > him out, or he changes and becomes a management type himself. One way or
> > another, marketers get control.
> >
> > But...control of what? Instead of finding assembly lines of productive
> > workers, they quickly discover that their product is produced by utterly
> > unpredictable, uncooperative, disobedient, and worst of all, unattractive
> > people who resist all attempts at management. Put them on a time clock,
> > dress them in suits, and they become sullen and start sabotaging the
> > product. Worst of all, you can sense that they are making fun of you with
> > every word they say.
> >
> > The shock is greater for the coder, though. He suddenly finds that alien
> > creatures control his life. Meetings, Schedules, Reports. And now someone
> > demands that he PLAN all his programming and then stick to the plan,
> never
> > improving, never tweaking, and never, never touching some other team's
> code.
> >
> > http://www.zoion.com/~erlkonig/writings/programmer-beekeeping.html
> >
> >    Regards, John
> >
> > --
> > John Wilander, https://twitter.com/johnwilander
> > Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> > Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> > Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/082f0897/attachment-0001.html 

More information about the OWASP-Leaders mailing list