[Owasp-leaders] Why it's ok to pay leaders

John Wilander john.wilander at owasp.org
Thu Apr 12 07:18:41 UTC 2012


There are many more important questions to address (see Dinis' list).

The ones I'm most worried about is (by "paid" I mean "paid by OWASP"):

How to handle leaders who've done or do excellent work on A-level projects without pay? Start paying them too or "save" that money?

How to handle substandard deliveries on paid projects? That's a whole new problem we face. "One strike and you're out?" QA votes among leaders and demands to return the money? Payment only after some committee accepts the outcome?

What does this money do with our meritocracy? It used to be leaders who deliver the most are most highly regarded. That's a proven model in FOSS. But if a fraction of those are paid by the foundation?

However, I've been trying to take the projects' perspective instead of the leaders' perspective. Here's my suggestion:

We first identify the projects who've proven to not get updated despite serious tries. We briefly interview the leaders who tried to see if it's about project size, lack of admin support, fading interest or what.

Once we have a list we do fundraising with a commitment to deliver if we reach a certain level. Here OWASP can actually use its funds to match whatever funds we raise (not that I prefer it).

Then leaders can form teams, apply for the job and suggest how their team would like to use the money (hackathon, hourly pay, pay on delivery etc). The GPC decides which teams get green light.

   Regards, John

-- 
My music http://www.johnwilander.com
Twitter https://twitter.com/johnwilander
CV or Résumé http://johnwilander.se

12 apr 2012 kl. 08:49 skrev AF <antonio.fontes at owasp.org>:

> Hi Jim,
> 
> From my understanding, he didn't mean that paying someone is in opposition with our values. He meant that paying leaders unequally is, and that this "un-equality situation" is unavoidable once we start paying volunteers with cash, at a worldwide level.
> 
> We can rephrase otherwise: how equally would you reward two leaders that spent the same time on the same kind of work when they come from countries with very different levels of income? It is not a "values" issue but a "human/psychological issue". 
> 
> Have you found a working model that would solve this?
> 
> -- 
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
> 
> Jim Manico <jim.manico at owasp.org> wrote:
> Dennis,
> 
> Thanks for your comments here.
> 
> May I ask, how is paying experts a fair wage to complete projects in opposition to transparency and openness, or any other aspect of the OWASP mission?
> 
> Cheers Dennis,
> --
> Jim Manico
> (808) 652-3805
> 
> On Apr 11, 2012, at 11:23 PM, Dennis Groves <dennis.groves at owasp.org> wrote:
> 
>> Jim,
>> 
>> That is a brilliant opinion and I share your opinion, from a utilitarian ethical perspective - it couldn't be more true. In a dictatorship or corporation you are undeniably correct. 
>> 
>> But  we don't live there, OWASP is a democracy, or adhocracy - we value openness and transparency, things that notoriously kill dictatorships, corporations and corruption.
>> 
>> If anything we live in a tragedy of the commons. Thus, I need to understand what you propose to solve each of  the 15 problems that Dinis so eloquently outlined, that prevent us from reaching the utilitarian ideal you propose. 
>> 
>> OWASP is ahead of the curve in this thought, in 23 Things They Don't Tell You About Capitalism by Ha-Joon Chang one of the greatest economic thinkers in the world, has published this very idea as rule #2 of economics. He restates the idea as thus: "Companies should not be run in the interest of their owners."
>> 
>> Before you answer be sure to be sure to watch TED: Moral Behavior in Animals. How do you propose we pay leaders in Norway less that you will pay the leaders in London, for the same work? 
>> 
>> As you saw in the TED talk - even a monkey gets royally pissed off and stops working when paid a cucumber for the same work another monkey is paid a grape. 
>> 
>> 
>> -- 
>> Dennis Groves, MSc
>> dennis.groves at owasp.org
>> 
>> 
>> 
>> This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
>> 
>> 
>> 
>> On Thu, Apr 12, 2012 at 04:25, Jim Manico <jim.manico at owasp.org> wrote:
>> I've been watching the debate about paying leaders. And I for one want
>> to state that I feel it's ok to pay leaders to complete key projects.
>> "The mission" is way more important than an OWASP "social rule".
>> 
>> I think we have been thinking about this topic, way too much, from an
>> OWASP-centric perspective.
>> 
>> You all know, I hope, that I bleed OWASP and care for the
>> organization. But this "problem" of OWASP not meeting the obligation
>> of its mission around AppSec awareness is NOT ABOUT OWASP. It's about
>> the target of our mission; the many folks who are NOT aware of the
>> systemic security problems that face web applications and the
>> organizations that depend on them.
>> 
>> Think about this from a software manager, corporate supporter, or
>> other OWASP •consumer• point of view. Do they really care about some 3
>> year old "social rule" that states we cannot pay leaders (aka: web sec
>> experts)? Or do they care that that our guides are 5+ years out of
>> date, that our "flagship software projects" have 2 year old unfixed
>> bugs, that our project management has stagnated, or that our website
>> is very complex to navigate successfully?
>> 
>> Eoin has put forth a excellent plan to push funds directly into
>> projects, and I support it.
>> 
>> I feel we should stop blacklisting OWASP, it's not helpful to tell us
>> what we can't do in support of our mission.
>> 
>> Whitelist! Give us a powerful plan to serve "the mission" and make
>> OWASP relevant again. I for one am willing to consider paying serious
>> web security experts to help us update key projects, even if they are
>> OWASP leaders.
>> 
>> --
>> Jim Manico
>> OWASP Connections Committee Chair
>> (808) 652-3805
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120412/5b5b436b/attachment.html>


More information about the OWASP-Leaders mailing list