[Owasp-leaders] Fwd: Stepping down as Board Member

Martin Knobloch martin.knobloch at owasp.org
Mon Feb 14 13:05:10 EST 2011

Hi all,

I can definitely see where John is coming from and where he is hitting with
his wish. Myself, I have been developer quite for some time, before I left
that area (not without many times wishing to be back) and went full time
into security consultancy.

Nevertheless, I have my doubts if we should demand any specific profession a
board member has to come from.
Of course, all members can and will for sure vote by their best opinion. But
I my opinion, the board has more responsibility then representing the OWASP
You see the same differentiation in the chapters. We have more and less
technical chapters. Some with more focus on process, the other more
to implementation. Builders and breakers. Developers, tester, auditors. You
name it, we got it.  Is the one more OWASP then the other?
I can't see how to implement this on a fair manner into the election (or we
need quite a big board).

Being a board member, as I see this, bring the obligation to the whole
community. All board members, no matter where they come from, have to be
able to talk and understand all cultures inside and outside OWASP.

To be honest, I have my doubts email is the best way of communication in
matters like this.
Maybe it's time we enable a forum on the OWASP site?

We had great thoughts and results in creating an (to be shared and agreed on
via the whole OWASP community) what we expect of the board. Hope we can
continue that process via the web!


On Mon, Feb 14, 2011 at 6:47 PM, John Wilander <john.wilander at owasp.org>wrote:

> Andre, I said I wanted *two* board members to write production code
> weekly. Not all board members.
> Regarding production code and its definition ... Can you do the work of the
> developers we try to reach out to? The guys who implement and maintain
> Twitter, Facebook, GMail, PayPal, Amazon, and YouTube – could you join their
> team and take on tasks from the backlog? At least at 80% speed? Are you
> performing such tasks on a weekly basis? Then you fit my frame.
> OWASP has no shortage on pentesters (proven by raised hands at the summit)
> so I have full confidence in that we'll find one or two pentesters who can
> run for the board too. Since pentesters build up a large part of our
> community I would be happy to have one or two on the board.
> The main reason I'm stressing the importance of coders on the board is
> developer outreach. Right now we're failing in one of our core missions. I
> believe hands-on coding among the board members will help solve this.
> (If there's a silent majority out there either thinking I'm totally wrong
> or right – please speak up. Don't let the talkative, myself included, decide
> for you.)
>    /John
> 2011/2/14 Andre Gironda <andreg at gmail.com>
> On Mon, Feb 14, 2011 at 10:06 AM, John Wilander <john.wilander at owasp.org>
>> wrote:
>> > Eoin, if you write production code weekly you're on my list of coders
>> for
>> > sure. Did not know that. Cred.
>> >> So you are of the opinion that writing code is of paramount importance
>> >> regardless of if its done right?
>> >
>> > The "done right" addon can be applied to guidelines and policies too =>
>> > redundant rhetorics. I also believe I wrote "production code" which in
>> my
>> > view says something about quality.
>> It says nothing about quality. You seem obsessed with this "production
>> code" thing, but you don't define it. So if I'm a dev-test coder, and
>> only write code that works in integration, then somehow I'm not
>> qualified to be an OWASP board member? What if I write 7 kloc a day
>> and the production coders I work with only change tens of loc's per
>> day? What if all of their success in refactorings are based on my test
>> automation? What if the production coders are constantly making
>> mistakes and a quality-oriented person is covering for them --
>> correcting mistakes and making that shipped code actually work from a
>> user perspective?
>> > I don't believe in non-coders teaching coders how to code better. Many
>> > outreach attempts fail because we're not on the right level. Web 1.5
>> code
>> > snippets on a Powerpoint slide won't cut it. "Demo or die".
>> I disagree with this point. Customers and users always teach coders
>> how to code better. Quality engineers even moreso.
>> > As I said above, as long as you're writing production code weekly you
>> > understand coders and can take on that role on the board. Good!
>> I think there is room on the board for more than one type of person.
>> This seems to over-favor a certain type of application developer.
>> -Andre
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>  <http://owaspsweden.blogspot.com>Co-organizer Global Summit,
> http://www.owasp.org/index.php/Summit_2011
> <http://www.owasp.org/index.php/Summit_2011>Conf Comm,
> http://www.owasp.org/index.php/Global_Conferences_Committee
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/7519f3cb/attachment.html 

More information about the OWASP-Leaders mailing list