[Owasp-leaders] (We need project management) Re: On Project Reboots

Seba seba at owasp.org
Tue Apr 10 18:34:13 UTC 2012

you are right.
who wants to create the job description (based on e.g.
https://www.owasp.org/index.php/User:Paulo_Coimbra) ?


On Tue, Apr 10, 2012 at 8:16 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> What we need is Project Management (the type Paulo was doing).
> In fact, we don't need 1, we need 4 or 5 project managers....
> But I will settle for one in the short term,
> There is a HUGE amount of work that needs to be done by the OWASP
> Operational machine, and THAT is where we (OWASP) needs to be putting our
> resources (i.e. creating the  'OWASP Platform') .
> *At the moment we (OWASP) can't even accept and guide projects that want
> to become OWASP projects!!!* And let's not forget the 'huge' (i.e. none)
> support we give our current projects leaders (Hey !..I'm one of those OWASP
> Leaders that feels quite abandoned at a conner of the OWASP Project's
> landscape...)
> In fact, the other two tragedies (and losses for owasp) are when regular
> OWASP contributors and members of our community:
>    - choose NOT to host their projects at OWASP, because they see no
>    value in doing that!
>    - choose NOT to join an OWASP projects and contribute, because they
>    don't know how, there is nobody on the other side, or the project is a mess
>    and not easy to see where to start!
> And being harsh on us (since we need to), why should they move their
> project to OWASP or Contribute? It's too much hard work, there are two many
> politics, emails don't get answered, etc...
> We (i.e. OWASP) treat our project leader as dirt, we don't know who they
> are, we don't give them any support, we might even (if some OWASP
> conference organizers have their way) ask them to pay an entrance fee at
> our conferences (so that they (the project leaders) become a profit center).
> This needs to change!!!
> *Our leaders* (projects, chapters, conferences, etc...) *are our most
> valuable asset, and we (OWASP) need to hire the resources *(i.e. project
> manager) *required to deal with them in the most professional, cordial,
> quick and focused way* (which is what Paulo was doing (and Kate, Sarah,
> Allison , Kelly do every day))
> Dinis Cruz
> On 10 April 2012 18:42, Chris Schmidt <chris.schmidt at owasp.org> wrote:
>> Hash: SHA1
>> I think that statement is fine and dandy for an organization like
>> Hibernate (which is one of your examples of this I think) - Hibernate and
>> SpringSource both have Full-Time Employees that work on their open-source
>> software for competitive full time wages. This is a totally different
>> situation. Our funds are much more limited in this scenario and I believe
>> it is much more worthwhile for the project leaders to come to the
>> organization with specific proposals about requests for funds and what they
>> intend to use them for as opposed to the organization determining that
>> these *n* projects will now be *paid* sub-par rates.
>> To John's point, if the Dev Guide is truly an important project, then why
>> hasn't there been more of a demand for it and why hasn't someone just
>> picked up and gotten it done by now. We may think it is important, and I
>> agree that at one point it probably was - but if there is no energy behind
>> a project, simply throwing money at it doesn't solve the bigger problem. It
>> may slow the bleeding, it may even result in a new finished product, but
>> what is our return on that product (not purely financially speaking) -
>> especially if there is not an industry need for it any more b/c things like
>> the Cheat Sheets series have basically replaced them.
>> There are really an infinite amount of reasons that throwing money at
>> projects and project leaders is generally a bad idea - I'm sure I don't
>> need to iterate all of them.
>> If we are going to pay developers FT or Contractor wages to work on a
>> project, that is a completely different story, however that was not what I
>> got out of the whole thing. We want to pay the existing project teams a
>> stipend to motivate them to do the work they already signed up for to do as
>> volunteers and have neglected to do. This in essence, as I already stated,
>> is rewarding inactive project leaders and members for bad behavior.
>> On 4/10/2012 11:09 AM, Jim Manico wrote:
>> >> Open source and public domain comes from the spirit and will of
>> volunteers.
>> >
>> > This is not entirely true. Some of the most successful and production
>> > quality open source projects have major financial backing.
>> >
>> > There is nothing in the "mission" of OWASP that prevents us from using
>> > funds to update core guides that help spread AppSec awareness.
>> >
>> > But I think the risk of letting more time go by were our flagship
>> > projects continue to wane, that's a big problem that is directly
>> > counter to what we should be doing.
>> >
>> > --
>> > Jim Manico
>> > (808) 652-3805
>> >
>> > On Apr 10, 2012, at 5:30 AM, John Wilander <john.wilander at owasp.org><john.wilander at owasp.org>wrote:
>> >
>> >> Open source and public domain comes from the spirit and will of
>> volunteers.
>> Version: GnuPG v2.0.14 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> ywnWlIHp3sOGgcmVL4pyQpNgXcoJrEj8+WEMU8bZGxrBvnGVoZYohH6FScG3FkPW
>> 5OtTCLI6ybgQQh88CWjeB9TXHvaHmtigxtWaZemJ29xLF6/ZI5E01CEby7bhQiAM
>> TTUhGOGcM3qhL5MY1kL4zwbOrQErmWywA4yF80eBe1tsmgRko9Q9UKyuFwSFLIpx
>> ElqBY8pf1/hNpeb0ZF7urzQquFCtOO1dg4RvTXxdXULjZvoAXUhzolCElFZ8IhMa
>> eZeX9IL+L2xcloOUnH+toBx2K50HD5eay3PBH9e0VBU+0U5V5bm6WcbIMIWY3dM=
>> =oRVx
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120410/c679bb2a/attachment-0001.html>

More information about the OWASP-Leaders mailing list