[Owasp-leaders] Fwd: Stepping down as Board Member

Jerry Hoff jerry at owasp.org
Mon Feb 14 11:33:14 EST 2011

>>It's just me saying we lost one of the board's coders in Dinis and I
want a new one for the sake of OWASP.

While I don't think we should keep a strict polity of a "coder seat" on
the board - I agree with the sentiment of the post below.  Since of all
the projects listed below, you only put "code!" on one of them, I say we
nominate the guy who runs that project! :)

Full Disclosure: Jim is a dear friend and we have done / do work
together - but regardless of that he is someone who definitely puts
OWASP in the forefront of his life. OWASP is full of great people who do
a lot to promote application security and OWASP, and I see Jim at the
tip of the spear.


On 2/15/11 12:20 AM, John Wilander wrote:
> 2011/2/14 Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>     Code orientated?
>     Board members have been involved or lead projects such as testing
>     guide, code review guide, ASVS, ESAPI, Top 10 (and cheat sheets),
>     Live CD Project, WebGoat
>     .....so from the above the majority of the board are coders, app
>     testers, inventors so not sure what ur point is....?
> The projects you list are well-known, successful, and important. I
> hail their project leaders. But you and I apparently have different
> views on what code and coding is. I'll try to explain.
> Let me start by citing Scott Adams: "The Dilbert Principle":
> /If you’re writing code for a new software release, that’s
> fundamental, because you’re improving the product. But if you’re
> creating a policy about writing software then you’re one level removed./
> The term "code-oriented" is fuzzy. So to be concrete – *I'd like at
> least two board members to write production code weekly*. With that in
> mind, let's review the project list:
>     * Testing guide – not code
>     * Code review guide – not code
>     * ASVS – not code
>     * ESAPI – code!
>     * Top 10 – not code
>     * Cheat sheets – code snippets
>     * Live CD Project – not code
>     * WebGoat – code, but last release nine months ago
> I really appreciate all the projects above and all the work that has
> gone into them. Credit to their contributors! But we still need
> production code writers on the board.
> Why? Because coders and non-coders typically don't understand each
> other. So many business cases have never been pursued and so many
> software projects have been derailed because of this. Developers
> having to explain their "black magic" daily, estimates turning into
> negotiations, business requirements totally misunderstood, simple
> solutions missed, security/maintainability/testing not prioritized etc.
> Coders and non-coders need to be on the board for OWASP to be
> successful. Otherwise we'll end up exactly like the dead software
> companies in the beehive metaphor. And if we make OWASP more formal
> and structured the coders will not run for the board.
> Dan Kamisky put it this way:
> /Generally, the bright line is "did you ship production software".
> Static HTML doesn't count./
> This is not a war between coders and non-coders. It's just me saying
> we lost one of the board's coders in Dinis and I want a new one for
> the sake of OWASP.
>    Regards, John
> -- 
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110215/23accf88/attachment-0001.html 

More information about the OWASP-Leaders mailing list