[Owasp-leaders] Stepping up as Board Member
jim.manico at owasp.org
Mon Feb 14 11:39:09 EST 2011
Hello John. I'm a longtime/active coder and I'd like to run for the board. I'm currently working on outlining my personal strategy for what I would do if I was elected to this prestigious position.
It's not enough for me to be a coder, thou. I also need to master approaching developer communities in a respectful manner in order to promote more collaboration. This is a work in progress. I've had a few recent successes, but it only takes one foolish email or blog post to upset large swaths of developers.
I'm a tragically flawed individual in many ways and I might not be best suited for the OWASP board. But I tell you John, in my opinion, being a board member for OWASP is by no means a gift or a reward for hard work. In my mind, it's a huge responsibility, one that is very intimidating to me.
On Feb 14, 2011, at 6:20 PM, John Wilander <john.wilander at owasp.org> wrote:
> 2011/2/14 Eoin <eoin.keary at owasp.org>
> Code orientated?
> Board members have been involved or lead projects such as testing guide, code review guide, ASVS, ESAPI, Top 10 (and cheat sheets), Live CD Project, WebGoat
> .....so from the above the majority of the board are coders, app testers, inventors so not sure what ur point is....?
> The projects you list are well-known, successful, and important. I hail their project leaders. But you and I apparently have different views on what code and coding is. I'll try to explain.
> Let me start by citing Scott Adams: "The Dilbert Principle":
> If you’re writing code for a new software release, that’s fundamental, because you’re improving the product. But if you’re creating a policy about writing software then you’re one level removed.
> The term "code-oriented" is fuzzy. So to be concrete – I'd like at least two board members to write production code weekly. With that in mind, let's review the project list:
> Testing guide – not code
> Code review guide – not code
> ASVS – not code
> ESAPI – code!
> Top 10 – not code
> Cheat sheets – code snippets
> Live CD Project – not code
> WebGoat – code, but last release nine months ago
> I really appreciate all the projects above and all the work that has gone into them. Credit to their contributors! But we still need production code writers on the board.
> Why? Because coders and non-coders typically don't understand each other. So many business cases have never been pursued and so many software projects have been derailed because of this. Developers having to explain their "black magic" daily, estimates turning into negotiations, business requirements totally misunderstood, simple solutions missed, security/maintainability/testing not prioritized etc.
> Coders and non-coders need to be on the board for OWASP to be successful. Otherwise we'll end up exactly like the dead software companies in the beehive metaphor. And if we make OWASP more formal and structured the coders will not run for the board.
> Dan Kamisky put it this way:
> Generally, the bright line is "did you ship production software". Static HTML doesn't count.
> This is not a war between coders and non-coders. It's just me saying we lost one of the board's coders in Dinis and I want a new one for the sake of OWASP.
> Regards, John
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders