[Owasp-leaders] Fwd: Stepping down as Board Member

Mark Bristow mark.bristow at owasp.org
Mon Feb 14 13:39:48 EST 2011


Is this some sort of record for number of times hijacking a thread?
Generally I'm all about hi jinks, however the start to this conversation in
my opinion was not one of practical joke zones.  That said, it may be what
Dinis wanted ;)

On Mon, Feb 14, 2011 at 1:31 PM, Rex Booth <rex.booth at owasp.org> wrote:

>  Agreed 100%.
>
>
> On 2/14/2011 1:30 PM, Brad Causey wrote:
>
> Well said Chris.
>
> Personally, I don't care what "technical skills" a given board member has,
> as long as he's a solid leader, and understands how to run the business and
> provide guidance and direction.
>
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
>
>
> On Mon, Feb 14, 2011 at 10:23 AM, Chris Schmidt <chris.schmidt at owasp.org>wrote:
>
>>  All – I have fought the urge to jump on this thread all morning, but I
>> want to point out one *really* important thing here.
>>
>> There needs to be a *clear* and *distinct* understanding of what the
>> responsibilities of board members are. I think that it is the job of the
>> Projects Committee to address a lot of Johns specific complaints here (and I
>> am in the process of joining said committee in an effort to bolster momentum
>> to address a lot of these issues)
>>
>> My personal opinion is that the board should be a panel of *experienced*businessmen who know how to make an organization grow and understand the
>> business needs of organizations. OWASP is not meant to be a Top-Down Org,
>> and I don’t think that model works *at all* for the majority of people
>> that contribute to OWASP in any fashion. We should be encouraging the
>> inventors, researchers, developers, technical writers, analysts, and chapter
>> leaders to all keep bringing everything they can to the organization and in
>> no way limit their ability to function as individuals or small groups –
>> however, we also need standards and policies that are designed for the
>> betterment of the organization as a whole. I don’t think it matters if the
>> people who sit on the board are coders or if they are highly advanced
>> evangelist aliens – the point is that it is the boards responsibility to
>> further the organization as whole and the responsibilities of the committees
>> and project leaders to direct the content of the organization.  It is also a
>> primary responsibility of the committees to present the details of matters
>> being brought to the board in a manner that outlines the details of the
>> matter in a way that is not biased and also is understandable by not only
>> the board but the entire OWASP community. The Board should not have to dive
>> deep into a matter to make a decision – the committees need to be providing
>> the board with the information they need to make those decisions.
>>
>> Basically I equivicate it to this – Having worked in software development
>> for the last 6 years and hardware maintenance prior to that – given the
>> choice, I would much rather have my boss manage the people and let my best
>> developers write the code.
>>
>> I think that the existing board members (and Dinis) have absolutely
>> demonstrated that ability both within and without OWASP – and I think that
>> the same should be expected of any *new* board members. Generally
>> speaking, I think it is a *bad* idea for board members to become so
>> involved in the inner workings of particular projects that it distracts them
>> from their duties as board members.
>>
>> I will have a long and detailed blog posting about my greater feelings
>> about this, as well as detailed examples and thoughts sometime this week.
>>
>>
>>
>>
>> On 2/14/11 1:05 PM, "Martin Knobloch" <martin.knobloch at owasp.org> wrote:
>>
>>    Hi all,
>>
>> I can definitely see where John is coming from and where he is hitting
>> with his wish. Myself, I have been developer quite for some time, before I
>> left that area (not without many times wishing to be back) and went full
>> time into security consultancy.
>>
>> Nevertheless, I have my doubts if we should demand any specific profession
>> a board member has to come from.
>> Of course, all members can and will for sure vote by their best opinion.
>> But I my opinion, the board has more responsibility then representing the
>> OWASP community.
>> You see the same differentiation in the chapters. We have more and less
>> technical chapters. Some with more focus on process, the other more
>> to implementation. Builders and breakers. Developers, tester, auditors. You
>> name it, we got it.  Is the one more OWASP then the other?
>> I can't see how to implement this on a fair manner into the election (or
>> we need quite a big board).
>>
>> Being a board member, as I see this, bring the obligation to the whole
>> community. All board members, no matter where they come from, have to be
>> able to talk and understand all cultures inside and outside OWASP.
>>
>> To be honest, I have my doubts email is the best way of communication in
>> matters like this.
>> Maybe it's time we enable a forum on the OWASP site?
>>
>> We had great thoughts and results in creating an (to be shared and agreed
>> on via the whole OWASP community) what we expect of the board. Hope we can
>> continue that process via the web!
>>
>> Cheers,
>> ~Martin
>>
>> On Mon, Feb 14, 2011 at 6:47 PM, John Wilander <john.wilander at owasp.org>
>> wrote:
>>
>> Andre, I said I wanted *two* board members to write production code
>> weekly. Not all board members.
>>
>> Regarding production code and its definition ... Can you do the work of
>> the developers we try to reach out to? The guys who implement and maintain
>> Twitter, Facebook, GMail, PayPal, Amazon, and YouTube – could you join their
>> team and take on tasks from the backlog? At least at 80% speed? Are you
>> performing such tasks on a weekly basis? Then you fit my frame.
>>
>> OWASP has no shortage on pentesters (proven by raised hands at the summit)
>> so I have full confidence in that we'll find one or two pentesters who can
>> run for the board too. Since pentesters build up a large part of our
>> community I would be happy to have one or two on the board.
>>
>> The main reason I'm stressing the importance of coders on the board is
>> developer outreach. Right now we're failing in one of our core missions. I
>> believe hands-on coding among the board members will help solve this.
>>
>> (If there's a silent majority out there either thinking I'm totally wrong
>> or right – please speak up. Don't let the talkative, myself included, decide
>> for you.)
>>
>>    /John
>>
>> 2011/2/14 Andre Gironda <andreg at gmail.com>
>>
>>  On Mon, Feb 14, 2011 at 10:06 AM, John Wilander <john.wilander at owasp.org>
>> wrote:
>> > Eoin, if you write production code weekly you're on my list of coders
>> for
>> > sure. Did not know that. Cred.
>> >> So you are of the opinion that writing code is of paramount importance
>> >> regardless of if its done right?
>> >
>> > The "done right" addon can be applied to guidelines and policies too =>
>> > redundant rhetorics. I also believe I wrote "production code" which in
>> my
>> > view says something about quality.
>>
>> It says nothing about quality. You seem obsessed with this "production
>> code" thing, but you don't define it. So if I'm a dev-test coder, and
>> only write code that works in integration, then somehow I'm not
>> qualified to be an OWASP board member? What if I write 7 kloc a day
>> and the production coders I work with only change tens of loc's per
>> day? What if all of their success in refactorings are based on my test
>> automation? What if the production coders are constantly making
>> mistakes and a quality-oriented person is covering for them --
>> correcting mistakes and making that shipped code actually work from a
>> user perspective?
>>
>> > I don't believe in non-coders teaching coders how to code better. Many
>> OWASP
>> > outreach attempts fail because we're not on the right level. Web 1.5
>> code
>> > snippets on a Powerpoint slide won't cut it. "Demo or die".
>>
>> I disagree with this point. Customers and users always teach coders
>> how to code better. Quality engineers even moreso.
>>
>> > As I said above, as long as you're writing production code weekly you
>> > understand coders and can take on that role on the board. Good!
>>
>> I think there is room on the board for more than one type of person.
>> This seems to over-favor a certain type of application developer.
>>
>> -Andre
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> Chris Schmidt
>> ESAPI Project Manager (http://www.esapi.org)
>> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
>> Blog: http://yet-another-dev.blogspot.com
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110214/20b63092/attachment-0001.html 


More information about the OWASP-Leaders mailing list