[Owasp-leaders] Fwd: Stepping down as Board Member

Jim Manico jim.manico at owasp.org
Mon Feb 14 11:51:00 EST 2011


You are too kind. Indeed, Jerry and I are business partners so take his
kinds words with a grain of salt. ;) This "crossing of the streams" was
unintentional and uncoordinated.

Jerry, thank you. I appreciate your support very much.

- Jim

>>> It's just me saying we lost one of the board's coders in Dinis and I
> want a new one for the sake of OWASP.
> While I don't think we should keep a strict polity of a "coder seat" on
> the board - I agree with the sentiment of the post below.  Since of all
> the projects listed below, you only put "code!" on one of them, I say we
> nominate the guy who runs that project! :)
> Full Disclosure: Jim is a dear friend and we have done / do work
> together - but regardless of that he is someone who definitely puts
> OWASP in the forefront of his life. OWASP is full of great people who do
> a lot to promote application security and OWASP, and I see Jim at the
> tip of the spear.
> Jerry
> On 2/15/11 12:20 AM, John Wilander wrote:
>> 2011/2/14 Eoin <eoin.keary at owasp.org <mailto:eoin.keary at owasp.org>>
>>     Code orientated?
>>     Board members have been involved or lead projects such as testing
>>     guide, code review guide, ASVS, ESAPI, Top 10 (and cheat sheets),
>>     Live CD Project, WebGoat
>>     .....so from the above the majority of the board are coders, app
>>     testers, inventors so not sure what ur point is....?
>> The projects you list are well-known, successful, and important. I
>> hail their project leaders. But you and I apparently have different
>> views on what code and coding is. I'll try to explain.
>> Let me start by citing Scott Adams: "The Dilbert Principle":
>> /If you’re writing code for a new software release, that’s
>> fundamental, because you’re improving the product. But if you’re
>> creating a policy about writing software then you’re one level removed./
>> The term "code-oriented" is fuzzy. So to be concrete – *I'd like at
>> least two board members to write production code weekly*. With that in
>> mind, let's review the project list:
>>     * Testing guide – not code
>>     * Code review guide – not code
>>     * ASVS – not code
>>     * ESAPI – code!
>>     * Top 10 – not code
>>     * Cheat sheets – code snippets
>>     * Live CD Project – not code
>>     * WebGoat – code, but last release nine months ago
>> I really appreciate all the projects above and all the work that has
>> gone into them. Credit to their contributors! But we still need
>> production code writers on the board.
>> Why? Because coders and non-coders typically don't understand each
>> other. So many business cases have never been pursued and so many
>> software projects have been derailed because of this. Developers
>> having to explain their "black magic" daily, estimates turning into
>> negotiations, business requirements totally misunderstood, simple
>> solutions missed, security/maintainability/testing not prioritized etc.
>> Coders and non-coders need to be on the board for OWASP to be
>> successful. Otherwise we'll end up exactly like the dead software
>> companies in the beehive metaphor. And if we make OWASP more formal
>> and structured the coders will not run for the board.
>> Dan Kamisky put it this way:
>> /Generally, the bright line is "did you ship production software".
>> Static HTML doesn't count./
>> This is not a war between coders and non-coders. It's just me saying
>> we lost one of the board's coders in Dinis and I want a new one for
>> the sake of OWASP.
>>    Regards, John
>> -- 
>> John Wilander, https://twitter.com/johnwilander
>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
>> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list