[Owasp-leaders] Fwd: Stepping down as Board Member

John Wilander john.wilander at owasp.org
Mon Feb 14 11:20:24 EST 2011

2011/2/14 Eoin <eoin.keary at owasp.org>

> Code orientated?
> Board members have been involved or lead projects such as testing guide,
> code review guide, ASVS, ESAPI, Top 10 (and cheat sheets), Live CD Project,
> WebGoat
.....so from the above the majority of the board are coders, app testers,
> inventors so not sure what ur point is....?

The projects you list are well-known, successful, and important. I hail
their project leaders. But you and I apparently have different views on what
code and coding is. I'll try to explain.

Let me start by citing Scott Adams: "The Dilbert Principle":

*If you’re writing code for a new software release, that’s fundamental,
because you’re improving the product. But if you’re creating a policy about
writing software then you’re one level removed.*

The term "code-oriented" is fuzzy. So to be concrete – *I'd like at least
two board members to write production code weekly*. With that in mind, let's
review the project list:

   - Testing guide – not code
   - Code review guide – not code
   - ASVS – not code
   - ESAPI – code!
   - Top 10 – not code
   - Cheat sheets – code snippets
   - Live CD Project – not code
   - WebGoat – code, but last release nine months ago

I really appreciate all the projects above and all the work that has gone
into them. Credit to their contributors! But we still need production code
writers on the board.

Why? Because coders and non-coders typically don't understand each other. So
many business cases have never been pursued and so many software projects
have been derailed because of this. Developers having to explain their
"black magic" daily, estimates turning into negotiations, business
requirements totally misunderstood, simple solutions missed,
security/maintainability/testing not prioritized etc.

Coders and non-coders need to be on the board for OWASP to be successful.
Otherwise we'll end up exactly like the dead software companies in the
beehive metaphor. And if we make OWASP more formal and structured the coders
will not run for the board.

Dan Kamisky put it this way:
*Generally, the bright line is "did you ship production software". Static
HTML doesn't count.*

This is not a war between coders and non-coders. It's just me saying we lost
one of the board's coders in Dinis and I want a new one for the sake of

   Regards, John

John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
<http://owaspsweden.blogspot.com>Co-organizer Global Summit,
<http://www.owasp.org/index.php/Summit_2011>Conf Comm,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/8b858229/attachment.html 

More information about the OWASP-Leaders mailing list