[Owasp-leaders] On Project Reboots

Dennis Groves dennis.groves at owasp.org
Tue Apr 10 22:52:05 UTC 2012


[image: Inline image 1]
-- 
Dennis Groves <http://about.me/dennis.groves>, MSc
dennis.groves at owasp.org

 <http://www.owasp.org/>

*This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
View, California, 94041, USA.*



On Tue, Apr 10, 2012 at 19:00, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Nobody is saying that we shouldn't stimulate those projects (of course we
> should)
>
> The question is how?
>
> The key issue that we need to agree and move on (so that we find
> solutions), is that '*Simulating those projects by paying OWASP Leaders
> to work on it , is NOT an option'*
> *
> *
> Once we accept that (and it looks like we haven't reached consensus) , I
> think there are a lot of ideas and things we should do to stimulate these
> projects.
>
> That said, the energy MUST come from the projects (OWASP is an enabler)
>
> Dinis Cruz
>
>
> On 10 April 2012 18:50, Eoin <eoin.keary at owasp.org> wrote:
>
>> Chris,
>> Not sure if your simplifying things to be honest....
>>
>> Can you say the Testing guide is also not important based on this logic?
>>
>> I certainly want the community to pick what is important but there are
>> millions of developers whom are not part of the community, never heard of
>> owasp and don't understand secure app dev.
>>
>> Shall we deny them of such resources, talent and free information because
>> OWASP did not bother to focus, stimulate or drive such projects?
>>
>> -ek
>>
>>
>>
>>
>> On 10 April 2012 18:42, Chris Schmidt <chris.schmidt at owasp.org> wrote:
>>
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> I think that statement is fine and dandy for an organization like
>>> Hibernate (which is one of your examples of this I think) - Hibernate and
>>> SpringSource both have Full-Time Employees that work on their open-source
>>> software for competitive full time wages. This is a totally different
>>> situation. Our funds are much more limited in this scenario and I believe
>>> it is much more worthwhile for the project leaders to come to the
>>> organization with specific proposals about requests for funds and what they
>>> intend to use them for as opposed to the organization determining that
>>> these *n* projects will now be *paid* sub-par rates.
>>>
>>> To John's point, if the Dev Guide is truly an important project, then
>>> why hasn't there been more of a demand for it and why hasn't someone just
>>> picked up and gotten it done by now. We may think it is important, and I
>>> agree that at one point it probably was - but if there is no energy behind
>>> a project, simply throwing money at it doesn't solve the bigger problem. It
>>> may slow the bleeding, it may even result in a new finished product, but
>>> what is our return on that product (not purely financially speaking) -
>>> especially if there is not an industry need for it any more b/c things like
>>> the Cheat Sheets series have basically replaced them.
>>>
>>> There are really an infinite amount of reasons that throwing money at
>>> projects and project leaders is generally a bad idea - I'm sure I don't
>>> need to iterate all of them.
>>>
>>> If we are going to pay developers FT or Contractor wages to work on a
>>> project, that is a completely different story, however that was not what I
>>> got out of the whole thing. We want to pay the existing project teams a
>>> stipend to motivate them to do the work they already signed up for to do as
>>> volunteers and have neglected to do. This in essence, as I already stated,
>>> is rewarding inactive project leaders and members for bad behavior.
>>>
>>>
>>> On 4/10/2012 11:09 AM, Jim Manico wrote:
>>> >> Open source and public domain comes from the spirit and will of
>>> volunteers.
>>> >
>>> > This is not entirely true. Some of the most successful and production
>>> > quality open source projects have major financial backing.
>>> >
>>> > There is nothing in the "mission" of OWASP that prevents us from using
>>> > funds to update core guides that help spread AppSec awareness.
>>> >
>>> > But I think the risk of letting more time go by were our flagship
>>> > projects continue to wane, that's a big problem that is directly
>>> > counter to what we should be doing.
>>> >
>>> > --
>>> > Jim Manico
>>> > (808) 652-3805
>>> >
>>> > On Apr 10, 2012, at 5:30 AM, John Wilander <john.wilander at owasp.org><john.wilander at owasp.org>wrote:
>>> >
>>> >> Open source and public domain comes from the spirit and will of
>>> volunteers.
>>>  -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.14 (MingW32)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>
>>> iQEcBAEBAgAGBQJPhHECAAoJEEOkVJOBy86BZ7UH/jA+pOxElOS7YeibLIDbDXIy
>>> ywnWlIHp3sOGgcmVL4pyQpNgXcoJrEj8+WEMU8bZGxrBvnGVoZYohH6FScG3FkPW
>>> 5OtTCLI6ybgQQh88CWjeB9TXHvaHmtigxtWaZemJ29xLF6/ZI5E01CEby7bhQiAM
>>> TTUhGOGcM3qhL5MY1kL4zwbOrQErmWywA4yF80eBe1tsmgRko9Q9UKyuFwSFLIpx
>>> ElqBY8pf1/hNpeb0ZF7urzQquFCtOO1dg4RvTXxdXULjZvoAXUhzolCElFZ8IhMa
>>> eZeX9IL+L2xcloOUnH+toBx2K50HD5eay3PBH9e0VBU+0U5V5bm6WcbIMIWY3dM=
>>> =oRVx
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member (Vice Chair)
>>
>> https://twitter.com/EoinKeary
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120410/7d2c09cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 569394 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120410/7d2c09cf/attachment-0001.png>


More information about the OWASP-Leaders mailing list