[Owasp-leaders] Why it's ok to pay leaders

eoin keary eoin.keary at owasp.org
Thu Apr 12 12:49:07 UTC 2012


I believe, if this is going to be the case, and agreed by the board, it
should be project leaders only.

-ek


On Thu, Apr 12, 2012 at 1:26 PM, Sherif Koussa <sherif.koussa at owasp.org>wrote:

> Just a quick question. By Leaders, do you guys mean the project leaders or
> anybody on this list?
>
> Sherif
>
>
> On Thu, Apr 12, 2012 at 3:18 AM, John Wilander <john.wilander at owasp.org>wrote:
>
>>  There are many more important questions to address (see Dinis' list).
>>
>> The ones I'm most worried about is (by "paid" I mean "paid by OWASP"):
>>
>> How to handle leaders who've done or do excellent work on A-level
>> projects without pay? Start paying them too or "save" that money?
>>
>> How to handle substandard deliveries on paid projects? That's a whole new
>> problem we face. "One strike and you're out?" QA votes among leaders and
>> demands to return the money? Payment only after some committee accepts the
>> outcome?
>>
>> What does this money do with our meritocracy? It used to be leaders who
>> deliver the most are most highly regarded. That's a proven model in FOSS.
>> But if a fraction of those are paid by the foundation?
>>
>> However, I've been trying to take the projects' perspective instead of
>> the leaders' perspective. Here's my suggestion:
>>
>> We first identify the projects who've proven to not get updated despite
>> serious tries. We briefly interview the leaders who tried to see if it's
>> about project size, lack of admin support, fading interest or what.
>>
>> Once we have a list we do fundraising with a commitment to deliver if we
>> reach a certain level. Here OWASP can actually use its funds to match
>> whatever funds we raise (not that I prefer it).
>>
>> Then leaders can form teams, apply for the job and suggest how their team
>> would like to use the money (hackathon, hourly pay, pay on delivery etc).
>> The GPC decides which teams get green light.
>>
>>    Regards, John
>>
>> --
>> My music http://www.johnwilander.com
>> Twitter https://twitter.com/johnwilander
>> CV or Résumé http://johnwilander.se
>>
>> 12 apr 2012 kl. 08:49 skrev AF <antonio.fontes at owasp.org>:
>>
>>   Hi Jim,
>>
>> From my understanding, he didn't mean that paying someone is in
>> opposition with our values. He meant that paying leaders unequally is, and
>> that this "un-equality situation" is unavoidable once we start paying
>> volunteers with cash, at a worldwide level.
>>
>> We can rephrase otherwise: how equally would you reward two leaders that
>> spent the same time on the same kind of work when they come from countries
>> with very different levels of income? It is not a "values" issue but a
>> "human/psychological issue".
>>
>> Have you found a working model that would solve this?
>>
>> --
>> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>>
>> Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> Dennis,
>>>
>>> Thanks for your comments here.
>>>
>>> May I ask, how is paying experts a fair wage to complete projects in
>>> opposition to transparency and openness, or any other aspect of the OWASP
>>> mission?
>>>
>>> Cheers Dennis,
>>>  --
>>> Jim Manico
>>> (808) 652-3805
>>>
>>> On Apr 11, 2012, at 11:23 PM, Dennis Groves <dennis.groves at owasp.org>
>>> wrote:
>>>
>>>  Jim,
>>>
>>> That is a brilliant opinion and I share your opinion, from a utilitarian
>>> ethical perspective - it couldn't be more true. In a dictatorship or
>>> corporation you are undeniably correct.
>>>
>>> But  we don't live there, OWASP is a democracy, or adhocracy - we value
>>> openness and transparency, things that notoriously kill dictatorships,
>>> corporations and corruption.
>>>
>>> If anything we live in a tragedy of the commons. Thus, I need to
>>> understand what you propose to solve each of  the 15 problems that Dinis so
>>> eloquently outlined, that prevent us from reaching the utilitarian ideal
>>> you propose.
>>>
>>> OWASP is ahead of the curve in this thought, in 23 Things They Don't
>>> Tell You About Capitalism by Ha-Joon Chang<https://www.youtube.com/watch?v=hMqfCA5Nc78>one of the greatest economic thinkers in the world, has published this very
>>> idea as rule #2 of economics. He restates the idea as thus: "Companies
>>> should not be run in the interest of their owners."
>>>
>>> Before you answer be sure to be sure to watch TED: Moral Behavior in
>>> Animals<https://www.ted.com/talks/frans_de_waal_do_animals_have_morals.html>.
>>> How do you propose we pay leaders in Norway less that you will pay the
>>> leaders in London, for the same work?
>>>
>>> As you saw in the TED talk - even a monkey gets royally pissed off and
>>> stops working when paid a cucumber for the same work another monkey is paid
>>> a grape.
>>>
>>>
>>> --
>>> Dennis Groves <http://about.me/dennis.groves>, MSc
>>> dennis.groves at owasp.org
>>>
>>>  <http://www.owasp.org/>
>>>
>>> *This work is licensed under the Creative Commons
>>> Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of
>>> this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/or send a letter to Creative Commons, 444 Castro Street, Suite 900,
>>> Mountain View, California, 94041, USA.*
>>>
>>>
>>>
>>> On Thu, Apr 12, 2012 at 04:25, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> I've been watching the debate about paying leaders. And I for one want
>>>> to state that I feel it's ok to pay leaders to complete key projects.
>>>> "The mission" is way more important than an OWASP "social rule".
>>>>
>>>> I think we have been thinking about this topic, way too much, from an
>>>> OWASP-centric perspective.
>>>>
>>>> You all know, I hope, that I bleed OWASP and care for the
>>>> organization. But this "problem" of OWASP not meeting the obligation
>>>> of its mission around AppSec awareness is NOT ABOUT OWASP. It's about
>>>> the target of our mission; the many folks who are NOT aware of the
>>>> systemic security problems that face web applications and the
>>>> organizations that depend on them.
>>>>
>>>> Think about this from a software manager, corporate supporter, or
>>>> other OWASP •consumer• point of view. Do they really care about some 3
>>>> year old "social rule" that states we cannot pay leaders (aka: web sec
>>>> experts)? Or do they care that that our guides are 5+ years out of
>>>> date, that our "flagship software projects" have 2 year old unfixed
>>>> bugs, that our project management has stagnated, or that our website
>>>> is very complex to navigate successfully?
>>>>
>>>> Eoin has put forth a excellent plan to push funds directly into
>>>> projects, and I support it.
>>>>
>>>> I feel we should stop blacklisting OWASP, it's not helpful to tell us
>>>> what we can't do in support of our mission.
>>>>
>>>> Whitelist! Give us a powerful plan to serve "the mission" and make
>>>> OWASP relevant again. I for one am willing to consider paying serious
>>>> web security experts to help us update key projects, even if they are
>>>> OWASP leaders.
>>>>
>>>> --
>>>> Jim Manico
>>>> OWASP Connections Committee Chair
>>>> (808) 652-3805
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Global Board Member (Vice Chair)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120412/c6347a84/attachment-0001.html>


More information about the OWASP-Leaders mailing list