[Owasp-leaders] Why it's ok to pay leaders

Sherif Koussa sherif.koussa at owasp.org
Thu Apr 12 12:26:07 UTC 2012


Just a quick question. By Leaders, do you guys mean the project leaders or
anybody on this list?

Sherif

On Thu, Apr 12, 2012 at 3:18 AM, John Wilander <john.wilander at owasp.org>wrote:

> There are many more important questions to address (see Dinis' list).
>
> The ones I'm most worried about is (by "paid" I mean "paid by OWASP"):
>
> How to handle leaders who've done or do excellent work on A-level projects
> without pay? Start paying them too or "save" that money?
>
> How to handle substandard deliveries on paid projects? That's a whole new
> problem we face. "One strike and you're out?" QA votes among leaders and
> demands to return the money? Payment only after some committee accepts the
> outcome?
>
> What does this money do with our meritocracy? It used to be leaders who
> deliver the most are most highly regarded. That's a proven model in FOSS.
> But if a fraction of those are paid by the foundation?
>
> However, I've been trying to take the projects' perspective instead of the
> leaders' perspective. Here's my suggestion:
>
> We first identify the projects who've proven to not get updated despite
> serious tries. We briefly interview the leaders who tried to see if it's
> about project size, lack of admin support, fading interest or what.
>
> Once we have a list we do fundraising with a commitment to deliver if we
> reach a certain level. Here OWASP can actually use its funds to match
> whatever funds we raise (not that I prefer it).
>
> Then leaders can form teams, apply for the job and suggest how their team
> would like to use the money (hackathon, hourly pay, pay on delivery etc).
> The GPC decides which teams get green light.
>
>    Regards, John
>
> --
> My music http://www.johnwilander.com
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
>
> 12 apr 2012 kl. 08:49 skrev AF <antonio.fontes at owasp.org>:
>
> Hi Jim,
>
> From my understanding, he didn't mean that paying someone is in opposition
> with our values. He meant that paying leaders unequally is, and that this
> "un-equality situation" is unavoidable once we start paying volunteers with
> cash, at a worldwide level.
>
> We can rephrase otherwise: how equally would you reward two leaders that
> spent the same time on the same kind of work when they come from countries
> with very different levels of income? It is not a "values" issue but a
> "human/psychological issue".
>
> Have you found a working model that would solve this?
>
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>
> Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Dennis,
>>
>> Thanks for your comments here.
>>
>> May I ask, how is paying experts a fair wage to complete projects in
>> opposition to transparency and openness, or any other aspect of the OWASP
>> mission?
>>
>> Cheers Dennis,
>> --
>> Jim Manico
>> (808) 652-3805
>>
>> On Apr 11, 2012, at 11:23 PM, Dennis Groves <dennis.groves at owasp.org>
>> wrote:
>>
>> Jim,
>>
>> That is a brilliant opinion and I share your opinion, from a utilitarian
>> ethical perspective - it couldn't be more true. In a dictatorship or
>> corporation you are undeniably correct.
>>
>> But  we don't live there, OWASP is a democracy, or adhocracy - we value
>> openness and transparency, things that notoriously kill dictatorships,
>> corporations and corruption.
>>
>> If anything we live in a tragedy of the commons. Thus, I need to
>> understand what you propose to solve each of  the 15 problems that Dinis so
>> eloquently outlined, that prevent us from reaching the utilitarian ideal
>> you propose.
>>
>> OWASP is ahead of the curve in this thought, in 23 Things They Don't
>> Tell You About Capitalism by Ha-Joon Chang<https://www.youtube.com/watch?v=hMqfCA5Nc78>one of the greatest economic thinkers in the world, has published this very
>> idea as rule #2 of economics. He restates the idea as thus: "Companies
>> should not be run in the interest of their owners."
>>
>> Before you answer be sure to be sure to watch TED: Moral Behavior in
>> Animals<https://www.ted.com/talks/frans_de_waal_do_animals_have_morals.html>.
>> How do you propose we pay leaders in Norway less that you will pay the
>> leaders in London, for the same work?
>>
>> As you saw in the TED talk - even a monkey gets royally pissed off and
>> stops working when paid a cucumber for the same work another monkey is paid
>> a grape.
>>
>>
>> --
>> Dennis Groves <http://about.me/dennis.groves>, MSc
>> dennis.groves at owasp.org
>>
>>  <http://www.owasp.org/>
>>
>> *This work is licensed under the Creative Commons
>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
>> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
>> send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
>> View, California, 94041, USA.*
>>
>>
>>
>> On Thu, Apr 12, 2012 at 04:25, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> I've been watching the debate about paying leaders. And I for one want
>>> to state that I feel it's ok to pay leaders to complete key projects.
>>> "The mission" is way more important than an OWASP "social rule".
>>>
>>> I think we have been thinking about this topic, way too much, from an
>>> OWASP-centric perspective.
>>>
>>> You all know, I hope, that I bleed OWASP and care for the
>>> organization. But this "problem" of OWASP not meeting the obligation
>>> of its mission around AppSec awareness is NOT ABOUT OWASP. It's about
>>> the target of our mission; the many folks who are NOT aware of the
>>> systemic security problems that face web applications and the
>>> organizations that depend on them.
>>>
>>> Think about this from a software manager, corporate supporter, or
>>> other OWASP •consumer• point of view. Do they really care about some 3
>>> year old "social rule" that states we cannot pay leaders (aka: web sec
>>> experts)? Or do they care that that our guides are 5+ years out of
>>> date, that our "flagship software projects" have 2 year old unfixed
>>> bugs, that our project management has stagnated, or that our website
>>> is very complex to navigate successfully?
>>>
>>> Eoin has put forth a excellent plan to push funds directly into
>>> projects, and I support it.
>>>
>>> I feel we should stop blacklisting OWASP, it's not helpful to tell us
>>> what we can't do in support of our mission.
>>>
>>> Whitelist! Give us a powerful plan to serve "the mission" and make
>>> OWASP relevant again. I for one am willing to consider paying serious
>>> web security experts to help us update key projects, even if they are
>>> OWASP leaders.
>>>
>>> --
>>> Jim Manico
>>> OWASP Connections Committee Chair
>>> (808) 652-3805
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120412/1f4f34fe/attachment.html>


More information about the OWASP-Leaders mailing list