[Owasp-leaders] The myth of the OWASP board

Jeff Williams jeff.williams at owasp.org
Thu Feb 17 17:20:30 EST 2011

Hi everyone,


Before the Summit, Dinis and I had a long conversation where we both agreed
that OWASP was ready for some new leadership. My understanding with him was
that we were going to wait for the upcoming election to announce, but he (as
usual) couldn't wait J


So, for those of you I haven't told already, I won't be running again for
the board.  I'm still just as passionate about OWASP as ever, but I feel
democratic leadership is really important for OWASP. I've thoroughly enjoyed
serving on the board and I can't wait to get back to doing more technical


For those of you that don't really care about OWASP governance - good for
you! Stop reading here. Thanks for all your hard work and I'm looking
forward to working with you in the future.




For the rest, I've read all the email, and I *strongly* urge you to focus on
making OWASP a great platform for anything related to application security,
and not worry too much about establishing a "top-down" board to set
objectives and direction.  To me, the board should have extremely limited
power that is centered around improving and protecting the platform
(independence, brand, core values, ethics, finances, etc.)  The idea that we
need a board to direct OWASP is a myth and a mistake.


The Summit is a great example of what can happen when we let things
self-organize on top of a great platform, where we keep things free and
open, and protected from commercial influence. Please, think hard about how
OWASP works. How can we actually drive change with an army of volunteers?
What can a top-down board really get people to do?  Who should set the
priorities? Also note that we *could* raise a lot of money, but what message
we would send in the process?


A community-driven OWASP ecosystem *can* effect broad change in the software
market. We're only just starting to scratch the surface of what we can
accomplish if we follow the platform strategy.  For a little background on
this way of thinking, I've attached an article that will be coming out in
the next issue of Crosstalk. The article touches on the issues in creating
ecosystems that produce security.  I'm looking forward to your thoughts,






-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/c44963ce/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2010-10 Crosstalk Ecosystems.pdf
Type: application/pdf
Size: 520923 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/c44963ce/attachment-0001.pdf 

More information about the OWASP-Leaders mailing list