[Owasp-leaders] The myth of the OWASP board

Mike Boberski mike.boberski at gmail.com
Thu Feb 17 18:00:16 EST 2011


Re ecosystems, I think you'd be better off studying how car crash or
airplane safety standards came about than the galapogus islands. This
stuff only works when there's regulation.

Flame on.

On 2/17/11, Jeff Williams <jeff.williams at owasp.org> wrote:
> Hi everyone,
>
>
>
> Before the Summit, Dinis and I had a long conversation where we both agreed
> that OWASP was ready for some new leadership. My understanding with him was
> that we were going to wait for the upcoming election to announce, but he (as
> usual) couldn't wait J
>
>
>
> So, for those of you I haven't told already, I won't be running again for
> the board.  I'm still just as passionate about OWASP as ever, but I feel
> democratic leadership is really important for OWASP. I've thoroughly enjoyed
> serving on the board and I can't wait to get back to doing more technical
> projects.
>
>
>
> For those of you that don't really care about OWASP governance - good for
> you! Stop reading here. Thanks for all your hard work and I'm looking
> forward to working with you in the future.
>
>
>
> ------
>
>
>
> For the rest, I've read all the email, and I *strongly* urge you to focus on
> making OWASP a great platform for anything related to application security,
> and not worry too much about establishing a "top-down" board to set
> objectives and direction.  To me, the board should have extremely limited
> power that is centered around improving and protecting the platform
> (independence, brand, core values, ethics, finances, etc.)  The idea that we
> need a board to direct OWASP is a myth and a mistake.
>
>
>
> The Summit is a great example of what can happen when we let things
> self-organize on top of a great platform, where we keep things free and
> open, and protected from commercial influence. Please, think hard about how
> OWASP works. How can we actually drive change with an army of volunteers?
> What can a top-down board really get people to do?  Who should set the
> priorities? Also note that we *could* raise a lot of money, but what message
> we would send in the process?
>
>
>
> A community-driven OWASP ecosystem *can* effect broad change in the software
> market. We're only just starting to scratch the surface of what we can
> accomplish if we follow the platform strategy.  For a little background on
> this way of thinking, I've attached an article that will be coming out in
> the next issue of Crosstalk. The article touches on the issues in creating
> ecosystems that produce security.  I'm looking forward to your thoughts,
>
>
>
> --Jeff
>
>
>
>
>
>
>
>


-- 
Mike


More information about the OWASP-Leaders mailing list