[Owasp-leaders] Why it's ok to pay leaders

Eoin eoin.keary at owasp.org
Fri Apr 13 18:22:49 UTC 2012


Sorry John, what does "important ones" mean? You are not getting paid are you? 

Eoin Keary
BCC Risk Advisory
Owasp Global Board
+353 87 977 2988


On 13 Apr 2012, at 18:02, John Wilander <john.wilander at owasp.org> wrote:

> Only now do I remember -- the fact that "nobody is payed by OWASP except Kate" was one of the arguments that made my former employer decide they would financially support my work as chapter leader and chair of an AppSec conference.
> 
> If I instead would have said "Well some are paid, but only the important ones" the outcome might have been different.
> 
> Any others who've had this discussion with their employers?
> 
> /John
> 
> -- 
> My music http://www.johnwilander.com
> Twitter https://twitter.com/johnwilander
> CV or Résumé http://johnwilander.se
> 
> 13 apr 2012 kl. 16:02 skrev Jeff Williams <jeff.williams at owasp.org>:
> 
>> Hi everyone,
>> 
>> There’s some right on both sides of this argument actually.  The problem is that we’re not clear the desired outcome, and it’s making the right strategy hard to see.
>> 
>> There are those among us who want OWASP to become yet another security organization, deliver a few cool projects and deliverables, have chapters, host conferences, and have a CEO.  We could easily do this.  In fact, we mostly have.  It’s a safe strategy, but it won’t result in any meaningful change in the world.  It’s design by committee.  It will never scale to the size and influence necessary to effect real change.  And frankly, it’s boring.
>> 
>> And then there are those of us (myself included) that are shooting for something extraordinary.  This is not about OWASP.  It’s about changing the way the world creates software.  We know that OWASP can’t fund every good idea – it can’t even know what the good ideas are.  But we can use our time and money to create a platform that will support and encourage a ton of ideas – and maybe if we are lucky one will actually work.
>> 
>> I urge you to abandon the idea of paying leaders.  Invest in the platform and great things will happen.  If projects need funds then they should use the OWASP Project Partnership Model <https://docs.google.com/document/d/1ea4jWVDziLcZMTJUC5qW5psWYROpB-oPlqyl4Ei2xHA/edit?hl=en_US&authkey=CKycuTY> .  I am and it works.  Encourage crazy experiments.  Figure out a way to get appsec to go viral.  Give a little support to a thousand appsec projects to help them bloom and grow, not just a chosen few.
>> 
>> --Jeff
>> 
>> 
>> 
>> On Apr 13, 2012, at 7:44 AM, Eoin <eoin.keary at owasp.org> wrote:
>> 
>>> Hi,
>>>  
>>> The wiki page is here:
>>> https://www.owasp.org/index.php/Projects_Reboot_2012
>>>  
>>> I think we have debated this enough, written blogs and had phone conversations.
>>> I hope for the board to ratify, or not the proposal today.
>>>  
>>>  
>>> Eoin
>>>  
>>>  
>>>  
>>> 
>>> 
>>>  
>>> On 13 April 2012 11:10, John Wilander <john.wilander at owasp.org> wrote:
>>> I would prefer a referendum among leaders preceded by both sides presenting their side of the matter on a wiki tab each. We would also need a info page what is actually proposed. "Pay" is too vague. This is an important question for the foundation. If a majority of leaders vote the community will have a much easier time accepting the outcome than if the board decides.
>>> 
>>> If the board doesn't want a referendum I assume you will not take part in the discussion nor the vote, Eoin, since it's your proposal.
>>> 
>>>    Regards, John
>>> 
>>> -- 
>>> My music http://www.johnwilander.com
>>> Twitter https://twitter.com/johnwilander
>>> CV or Résumé http://johnwilander.se
>>> 
>>> 13 apr 2012 kl. 11:33 skrev Eoin <eoin.keary at owasp.org>:
>>> 
>>>> Im afraid that is not true.....
>>>> The 2008 summer of code, leaders were paid.
>>>> Great projects were delivered.... check the wiki.
>>>>  
>>>> Can we let the board decide this matter? It is what the board is for.
>>>> 
>>>> On 12 April 2012 16:05, Dennis Groves <dennis.groves at owasp.org> wrote:
>>>> Its not open to all, OWASP leaders must not be paid by OWASP. Did you not read Dinis's message? You seem to fail to understand that OWASP has been down this route of paying its leaders at least twice and it failed both times. 
>>>> 
>>>> Once you go down that route you destroy OWASP's meritocracy and cease to be the an open social organization.  
>>>> 
>>>> You create a corporation; and corporations are closed not open. You don't for example share openly the salaries of all the different paid employees with each other. Why? Did you watch the TED talk about morality in animals? Even monkeys refuse to work under such conditions. So, you must start closing OWASP. This is no longer OWASP its CWASP.
>>>> 
>>>> You are right this shouldn't need to be up for discussion, but clearly some of members still fail to understand that this is the very fabric of OWASP and that we not only is paying OWASP leaders verboten; it is tantamount destroying OWASP, and I know you are not advocating this! :-)
>>>> 
>>>> *I have choose just a single problem,that would result - Dinis has identified over 15 in his email that would require resolutions to make it work*
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Dennis Groves, MSc
>>>> dennis.groves at owasp.org
>>>> 
>>>> 
>>>> 
>>>> This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
>>>> 
>>>> 
>>>> 
>>>> On Thu, Apr 12, 2012 at 15:08, Kenneth Van Wyk <ken at krvw.com> wrote:
>>>> OK, gotta chime in. I've followed this thread, and frankly, I can't even imagine why it's up for discussion.
>>>> 
>>>> If OWASP has money to fund a project/event/whatever, AND
>>>> 
>>>> Bidding on that funded effort is open to all, AND
>>>> 
>>>> There is a fair and equitable selection process, with appropriate checks and balances, removal of conflicts of interest, AND
>>>> 
>>>> An OWASP Leader happens to be selected, THEN
>>>> 
>>>> It's a win for everyone.
>>>> 
>>>> OWASP gets the effort from the person(s) selected.
>>>> 
>>>> The selected person(s) gets revenue for his/her efforts.
>>>> 
>>>> I mean, DUH! Why aren't we all doing a face-palm over this non-issue?
>>>> 
>>>> Please explain what I'm missing here.
>>>> 
>>>> Cheers,
>>>> 
>>>> Ken van Wyk
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Eoin Keary
>>>> OWASP Global Board Member (Vice Chair)
>>>> 
>>>> https://twitter.com/EoinKeary
>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> -- 
>>> Eoin Keary
>>> OWASP Global Board Member (Vice Chair)
>>> 
>>> https://twitter.com/EoinKeary
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120413/1ed75ba6/attachment-0001.html>


More information about the OWASP-Leaders mailing list