[Owasp-leaders] Fwd: Stepping down as Board Member
jerry at owasp.org
Mon Feb 14 11:33:14 EST 2011
>>It's just me saying we lost one of the board's coders in Dinis and I
want a new one for the sake of OWASP.
While I don't think we should keep a strict polity of a "coder seat" on
the board - I agree with the sentiment of the post below. Since of all
the projects listed below, you only put "code!" on one of them, I say we
nominate the guy who runs that project! :)
Full Disclosure: Jim is a dear friend and we have done / do work
together - but regardless of that he is someone who definitely puts
OWASP in the forefront of his life. OWASP is full of great people who do
a lot to promote application security and OWASP, and I see Jim at the
tip of the spear.
On 2/15/11 12:20 AM, John Wilander wrote:
> 2011/2/14 Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
> Code orientated?
> Board members have been involved or lead projects such as testing
> guide, code review guide, ASVS, ESAPI, Top 10 (and cheat sheets),
> Live CD Project, WebGoat
> .....so from the above the majority of the board are coders, app
> testers, inventors so not sure what ur point is....?
> The projects you list are well-known, successful, and important. I
> hail their project leaders. But you and I apparently have different
> views on what code and coding is. I'll try to explain.
> Let me start by citing Scott Adams: "The Dilbert Principle":
> /If you’re writing code for a new software release, that’s
> fundamental, because you’re improving the product. But if you’re
> creating a policy about writing software then you’re one level removed./
> The term "code-oriented" is fuzzy. So to be concrete – *I'd like at
> least two board members to write production code weekly*. With that in
> mind, let's review the project list:
> * Testing guide – not code
> * Code review guide – not code
> * ASVS – not code
> * ESAPI – code!
> * Top 10 – not code
> * Cheat sheets – code snippets
> * Live CD Project – not code
> * WebGoat – code, but last release nine months ago
> I really appreciate all the projects above and all the work that has
> gone into them. Credit to their contributors! But we still need
> production code writers on the board.
> Why? Because coders and non-coders typically don't understand each
> other. So many business cases have never been pursued and so many
> software projects have been derailed because of this. Developers
> having to explain their "black magic" daily, estimates turning into
> negotiations, business requirements totally misunderstood, simple
> solutions missed, security/maintainability/testing not prioritized etc.
> Coders and non-coders need to be on the board for OWASP to be
> successful. Otherwise we'll end up exactly like the dead software
> companies in the beehive metaphor. And if we make OWASP more formal
> and structured the coders will not run for the board.
> Dan Kamisky put it this way:
> /Generally, the bright line is "did you ship production software".
> Static HTML doesn't count./
> This is not a war between coders and non-coders. It's just me saying
> we lost one of the board's coders in Dinis and I want a new one for
> the sake of OWASP.
> Regards, John
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders