[Owasp-leaders] Fwd: Stepping down as Board Member

eoin keary eoin.keary at owasp.org
Mon Feb 14 11:55:12 EST 2011


So you are of the opinion that writing code is of paramount importance
regardless of if its done right? Lets write millions of lines of code
that only a few care about (consultants) or assist developers to code
properly by using teaching aids, example driven techniques etc (E.g. The
The "teach a man to fish..." principle fits nicely around the guides etc.

Point is just because you write a guide does not mutually exclude you from
being a coder. I have been writing code for over 10 years but I've also
assisted with SAMM, ASVS, CRG and TG does that make me a coder or a policy
writer, can I be both.

I dont think you could call the Dev, TG or CRG as policy documents?? I
believe we call them guides.


On Mon, Feb 14, 2011 at 4:20 PM, John Wilander <john.wilander at owasp.org>wrote:

> 2011/2/14 Eoin <eoin.keary at owasp.org>
>> Code orientated?
>> Board members have been involved or lead projects such as testing guide,
>> code review guide, ASVS, ESAPI, Top 10 (and cheat sheets), Live CD Project,
>> WebGoat
>  .....so from the above the majority of the board are coders, app testers,
>> inventors so not sure what ur point is....?
> The projects you list are well-known, successful, and important. I hail
> their project leaders. But you and I apparently have different views on what
> code and coding is. I'll try to explain.
> Let me start by citing Scott Adams: "The Dilbert Principle":
> *If you’re writing code for a new software release, that’s fundamental,
> because you’re improving the product. But if you’re creating a policy about
> writing software then you’re one level removed.*
> The term "code-oriented" is fuzzy. So to be concrete – *I'd like at least
> two board members to write production code weekly*. With that in mind,
> let's review the project list:
>    - Testing guide – not code
>    - Code review guide – not code
>    - ASVS – not code
>    - ESAPI – code!
>    - Top 10 – not code
>    - Cheat sheets – code snippets
>    - Live CD Project – not code
>    - WebGoat – code, but last release nine months ago
> I really appreciate all the projects above and all the work that has gone
> into them. Credit to their contributors! But we still need production code
> writers on the board.
> Why? Because coders and non-coders typically don't understand each other.
> So many business cases have never been pursued and so many software projects
> have been derailed because of this. Developers having to explain their
> "black magic" daily, estimates turning into negotiations, business
> requirements totally misunderstood, simple solutions missed,
> security/maintainability/testing not prioritized etc.
> Coders and non-coders need to be on the board for OWASP to be successful.
> Otherwise we'll end up exactly like the dead software companies in the
> beehive metaphor. And if we make OWASP more formal and structured the coders
> will not run for the board.
> Dan Kamisky put it this way:
> *Generally, the bright line is "did you ship production software". Static
> HTML doesn't count.*
> This is not a war between coders and non-coders. It's just me saying we
> lost one of the board's coders in Dinis and I want a new one for the sake of
>    Regards, John
>  --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> <http://owaspsweden.blogspot.com/>Co-organizer Global Summit,
> http://www.owasp.org/index.php/Summit_2011
>  <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
> http://www.owasp.org/index.php/Global_Conferences_Committee
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/493175e0/attachment-0001.html 

More information about the OWASP-Leaders mailing list